bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2026-04-13 00:10:11 +08:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Compare commits

base: bughz:d3116a4e7fdbc2954b3493f75c643ccf7b31c20c
Branches Tags
bughz:master
bughz:unix_socket
bughz:test-ci
bughz:devel
bughz:0.8
bughz:0.7
bughz:0.9.6
bughz:0.9.5
bughz:0.9.4
bughz:0.9.3
bughz:0.9.2
bughz:0.9.1
bughz:0.9.0
bughz:0.9.0-rc
bughz:0.8.13
bughz:0.8.12
bughz:0.8.11
bughz:0.8.10
bughz:0.8.9
bughz:3proxy-0.8.8
bughz:0.8.8
bughz:3proxy-0.8.7
bughz:3proxy-0.8.6
bughz:3proxy-0.8.5
bughz:3proxy-0.8.4
bughz:3proxy-0.8.3
bughz:3proxy-0.8.2
bughz:3proxy-0.7.1.4
bughz:3proxy-0.8.1
bughz:3proxy-0.8.0
bughz:3proxy-0.8-pre
bughz:3proxy-0.7.1.3
bughz:3proxy-0.7.1.2
bughz:v0.7.1.2
bughz:v0.7.1.1
bughz:v0.7.1
bughz:v0.7
..
compare: bughz:8c8ad7be6d6d6e9ed4d35905f520ae7df74670e1
Branches Tags
bughz:master
bughz:unix_socket
bughz:test-ci
bughz:devel
bughz:0.8
bughz:0.7
bughz:0.9.6
bughz:0.9.5
bughz:0.9.4
bughz:0.9.3
bughz:0.9.2
bughz:0.9.1
bughz:0.9.0
bughz:0.9.0-rc
bughz:0.8.13
bughz:0.8.12
bughz:0.8.11
bughz:0.8.10
bughz:0.8.9
bughz:3proxy-0.8.8
bughz:0.8.8
bughz:3proxy-0.8.7
bughz:3proxy-0.8.6
bughz:3proxy-0.8.5
bughz:3proxy-0.8.4
bughz:3proxy-0.8.3
bughz:3proxy-0.8.2
bughz:3proxy-0.7.1.4
bughz:3proxy-0.8.1
bughz:3proxy-0.8.0
bughz:3proxy-0.8-pre
bughz:3proxy-0.7.1.3
bughz:3proxy-0.7.1.2
bughz:v0.7.1.2
bughz:v0.7.1.1
bughz:v0.7.1
bughz:v0.7

No commits in common. "d3116a4e7fdbc2954b3493f75c643ccf7b31c20c" and "8c8ad7be6d6d6e9ed4d35905f520ae7df74670e1" have entirely different histories.
d3116a4e7f ... 8c8ad7be6d

7 changed files with 162 additions and 158 deletions
Show Stats Expand all files Collapse all files

17
.github/workflows/c-cpp.yml vendored
View File

@ -77,17 +77,6 @@ jobs:
set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include" set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include"
nmake /F Makefile.msvc64 nmake /F Makefile.msvc64
nmake /F Makefile.msvc64 clean nmake /F Makefile.msvc64 clean
- name: make with CMake POSIX - name: make Windows MSVC
if: ${{ ! startsWith(matrix.target, 'windows') }} run: mkdir build && cd build && cmake .. && make
run: mkdir build && cd build && cmake .. && cmake --build .
- name: make with CMake Win
if: ${{ startsWith(matrix.target, 'windows') }}
shell: cmd
run: |
mkdir build
cd build
set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib"
set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include"
cmake ..
dir
cmake --build .

2
src/auth.c
View File

@ -1248,7 +1248,7 @@ unsigned long udpresolve(int af, unsigned char * name, unsigned char * value, un
*sinsr = nservers[i].addr; *sinsr = nservers[i].addr;
} }
if(usetcp){ if(usetcp){
if(connectwithpoll(NULL, sock,(struct sockaddr *)sinsr,SASIZE(sinsr),conf.timeouts[CONNECT_TO])) { if(connectwithpoll(NULL, sock,(struct sockaddr *)sinsr,SASIZE(sinsr),CONNECT_TO)) {
so._shutdown(so.state, sock, SHUT_RDWR); so._shutdown(so.state, sock, SHUT_RDWR);
so._closesocket(so.state, sock); so._closesocket(so.state, sock);
break; break;

2
src/common.c
View File

@ -608,7 +608,7 @@ int doconnect(struct clientparam * param){
} }
if(param->operation >= 256 || (param->operation & CONNECT)){ if(param->operation >= 256 || (param->operation & CONNECT)){
if(connectwithpoll(param, param->remsock,(struct sockaddr *)&param->sinsr,SASIZE(&param->sinsr),conf.timeouts[CONNECT_TO])) { if(connectwithpoll(param, param->remsock,(struct sockaddr *)&param->sinsr,SASIZE(&param->sinsr),CONNECT_TO)) {
return 13; return 13;
} }
} }

2
src/dnspr.c
View File

@ -140,7 +140,7 @@ void * dnsprchild(struct clientparam* param) {
} }
param->sinsr = nservers[0].addr; param->sinsr = nservers[0].addr;
if(nservers[0].usetcp) { if(nservers[0].usetcp) {
if(connectwithpoll(param, param->remsock,(struct sockaddr *)&param->sinsr,SASIZE(&param->sinsr),conf.timeouts[CONNECT_TO])) RETURN(830); if(connectwithpoll(param, param->remsock,(struct sockaddr *)&param->sinsr,SASIZE(&param->sinsr),CONNECT_TO)) RETURN(830);
buf-=2; buf-=2;
*(unsigned short*)buf = htons(i); *(unsigned short*)buf = htons(i);
i+=2; i+=2;

2
src/ftppr.c
View File

@ -153,7 +153,7 @@ void * ftpprchild(struct clientparam* param) {
if(sscanf((char *)buf+5, "%lu,%lu,%lu,%lu,%hu,%hu", &b1, &b2, &b3, &b4, &b5, &b6)!=6) {RETURN(828);} if(sscanf((char *)buf+5, "%lu,%lu,%lu,%lu,%hu,%hu", &b1, &b2, &b3, &b4, &b5, &b6)!=6) {RETURN(828);}
*SAPORT(&param->sincr) = htons((unsigned short)((b5<<8)^b6)); *SAPORT(&param->sincr) = htons((unsigned short)((b5<<8)^b6));
if(connectwithpoll(param, clidatasock, (struct sockaddr *)&param->sincr, SASIZE(&param->sincr),conf.timeouts[CONNECT_TO])) { if(connectwithpoll(param, clidatasock, (struct sockaddr *)&param->sincr, SASIZE(&param->sincr),CONNECT_TO)) {
param->srv->so._closesocket(param->sostate, clidatasock); param->srv->so._closesocket(param->sostate, clidatasock);
clidatasock = INVALID_SOCKET; clidatasock = INVALID_SOCKET;
RETURN(826); RETURN(826);

141
src/plugins/SSLPlugin/my_ssl.c
View File

@ -187,6 +187,147 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
return dst_cert; return dst_cert;
} }
SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CONFIG *config, SSL_CERT *server_cert, char **errSSL)
{
int err = 0;
ssl_conn *conn;
unsigned long ul;
*errSSL = NULL;
conn = (ssl_conn *)malloc(sizeof(ssl_conn));
if ( conn == NULL ){
return NULL;
}
conn->ctx = NULL;
conn->ssl = SSL_new(config->srv_ctx);
if ( conn->ssl == NULL ) {
free(conn);
return NULL;
}
if(hostname && *hostname && config->client_verify){
X509_VERIFY_PARAM *param;
param = SSL_get0_param(conn->ssl);
X509_VERIFY_PARAM_set1_host(param, hostname, strlen(hostname));
}
if(!SSL_set_fd(conn->ssl, s)){
ssl_conn_free(conn);
*errSSL = getSSLErr();
return NULL;
}
if(hostname && *hostname)SSL_set_tlsext_host_name(conn->ssl, hostname);
do {
struct pollfd fds[1] = {{}};
int sslerr;
err = SSL_connect(conn->ssl);
if (err != -1) break;
sslerr = SSL_get_error(conn->ssl, err);
if(sslerr == SSL_ERROR_WANT_READ){
fds[0].fd = s;
fds[0].events = POLLIN;
}
else if(sslerr == SSL_ERROR_WANT_WRITE){
fds[0].fd = s;
fds[0].events = POLLOUT;
}
else break;
if(sso._poll(sso.state, fds, 1, CONNECT_TO*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break;
} while (err == -1);
if ( err != 1 ) {
*errSSL = getSSLErr();
ssl_conn_free(conn);
return NULL;
}
if(server_cert){
X509 *cert;
cert = SSL_get_peer_certificate(conn->ssl);
if(!cert) {
ssl_conn_free(conn);
return NULL;
}
*server_cert = cert;
}
return conn;
}
SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_key, char** errSSL){
int err = 0;
X509 *cert;
ssl_conn *conn;
unsigned long ul;
*errSSL = NULL;
conn = (ssl_conn *)malloc(sizeof(ssl_conn));
if ( conn == NULL )
return NULL;
conn->ctx = NULL;
conn->ssl = NULL;
if(!config->cli_ctx){
conn->ctx = ssl_cli_ctx(config, server_cert, server_key, errSSL);
if(!conn->ctx){
ssl_conn_free(conn);
return NULL;
}
}
conn->ssl = SSL_new(config->cli_ctx?config->cli_ctx : conn->ctx);
if ( conn->ssl == NULL ) {
*errSSL = getSSLErr();
if(conn->ctx)SSL_CTX_free(conn->ctx);
free(conn);
return NULL;
}
SSL_set_fd(conn->ssl, s);
do {
struct pollfd fds[1] = {{}};
int sslerr;
err = SSL_accept(conn->ssl);
if (err != -1) break;
sslerr = SSL_get_error(conn->ssl, err);
if(sslerr == SSL_ERROR_WANT_READ){
fds[0].fd = s;
fds[0].events = POLLIN;
}
else if(sslerr == SSL_ERROR_WANT_WRITE){
fds[0].fd = s;
fds[0].events = POLLOUT;
}
else break;
if(sso._poll(sso.state, fds, 1, CONNECT_TO*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break;
} while (err == -1);
if ( err != 1 ) {
*errSSL = getSSLErr();
ssl_conn_free(conn);
return NULL;
}
cert = SSL_get_peer_certificate(conn->ssl);
if ( cert != NULL )
X509_free(cert);
return conn;
}
int ssl_read(SSL_CONN connection, void * buf, int bufsize) int ssl_read(SSL_CONN connection, void * buf, int bufsize)
{ {
ssl_conn *conn = (ssl_conn *) connection; ssl_conn *conn = (ssl_conn *) connection;

154
src/plugins/SSLPlugin/ssl_plugin.c
View File

@ -33,6 +33,7 @@ static struct pluginlink * pl;
static struct alpn client_alpn_protos; static struct alpn client_alpn_protos;
static int ssl_loaded = 0; static int ssl_loaded = 0;
static int ssl_connect_timeout = 0;
static char *certcache = NULL; static char *certcache = NULL;
static char *srvcert = NULL; static char *srvcert = NULL;
static char *srvkey = NULL; static char *srvkey = NULL;
@ -63,8 +64,8 @@ static char * client_sni = NULL;
static int client_mode = 0; static int client_mode = 0;
typedef struct _ssl_conn { typedef struct _ssl_conn {
SSL_CTX *ctx; struct SSL_CTX *ctx;
SSL *ssl; struct SSL *ssl;
} ssl_conn; } ssl_conn;
@ -245,150 +246,19 @@ static int ssl_poll(void *state, struct pollfd *fds, nfds_t nfds, int timeout){
return ret; return ret;
} }
SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CONFIG *config, SSL_CERT *server_cert, char **errSSL)
{
int err = 0;
ssl_conn *conn;
*errSSL = NULL;
conn = (ssl_conn *)malloc(sizeof(ssl_conn));
if ( conn == NULL ){
return NULL;
}
conn->ctx = NULL;
conn->ssl = SSL_new(config->srv_ctx);
if ( conn->ssl == NULL ) {
free(conn);
return NULL;
}
if(hostname && *hostname && config->client_verify){
X509_VERIFY_PARAM *param;
param = SSL_get0_param(conn->ssl);
X509_VERIFY_PARAM_set1_host(param, hostname, strlen(hostname));
}
if(!SSL_set_fd(conn->ssl, s)){
ssl_conn_free(conn);
*errSSL = getSSLErr();
return NULL;
}
if(hostname && *hostname)SSL_set_tlsext_host_name(conn->ssl, hostname);
do {
struct pollfd fds[1] = {{}};
int sslerr;
err = SSL_connect(conn->ssl);
if (err != -1) break;
sslerr = SSL_get_error(conn->ssl, err);
if(sslerr == SSL_ERROR_WANT_READ){
fds[0].fd = s;
fds[0].events = POLLIN;
}
else if(sslerr == SSL_ERROR_WANT_WRITE){
fds[0].fd = s;
fds[0].events = POLLOUT;
}
else break;
if(sso._poll(sso.state, fds, 1, pl->conf->timeouts[CONNECT_TO]*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break;
} while (err == -1);
if ( err != 1 ) {
*errSSL = getSSLErr();
ssl_conn_free(conn);
return NULL;
}
if(server_cert){
X509 *cert;
cert = SSL_get_peer_certificate(conn->ssl);
if(!cert) {
ssl_conn_free(conn);
return NULL;
}
*server_cert = cert;
}
return conn;
}
SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_key, char** errSSL){
int err = 0;
X509 *cert;
ssl_conn *conn;
*errSSL = NULL;
conn = (ssl_conn *)malloc(sizeof(ssl_conn));
if ( conn == NULL )
return NULL;
conn->ctx = NULL;
conn->ssl = NULL;
if(!config->cli_ctx){
conn->ctx = ssl_cli_ctx(config, server_cert, server_key, errSSL);
if(!conn->ctx){
ssl_conn_free(conn);
return NULL;
}
}
conn->ssl = SSL_new(config->cli_ctx?config->cli_ctx : conn->ctx);
if ( conn->ssl == NULL ) {
*errSSL = getSSLErr();
if(conn->ctx)SSL_CTX_free(conn->ctx);
free(conn);
return NULL;
}
SSL_set_fd(conn->ssl, s);
do {
struct pollfd fds[1] = {{}};
int sslerr;
err = SSL_accept(conn->ssl);
if (err != -1) break;
sslerr = SSL_get_error(conn->ssl, err);
if(sslerr == SSL_ERROR_WANT_READ){
fds[0].fd = s;
fds[0].events = POLLIN;
}
else if(sslerr == SSL_ERROR_WANT_WRITE){
fds[0].fd = s;
fds[0].events = POLLOUT;
}
else break;
if(sso._poll(sso.state, fds, 1, pl->conf->timeouts[CONNECT_TO]*1000) <= 0 || !(fds[0].revents & (POLLOUT|POLLIN))) break;
} while (err == -1);
if ( err != 1 ) {
*errSSL = getSSLErr();
ssl_conn_free(conn);
return NULL;
}
cert = SSL_get_peer_certificate(conn->ssl);
if ( cert != NULL )
X509_free(cert);
return conn;
}
#define PCONF (((struct SSLstate *)param->sostate)->config) #define PCONF (((struct SSLstate *)param->sostate)->config)
SSL_CONN dosrvcon(struct clientparam* param, SSL_CERT* cert){ SSL_CONN dosrvcon(struct clientparam* param, SSL_CERT* cert){
SSL_CONN ServerConn; SSL_CONN ServerConn;
char *errSSL=NULL; char *errSSL=NULL;
unsigned long ul;
if(ssl_connect_timeout){
ul = ((unsigned long)ssl_connect_timeout)*1000;
setsockopt(param->remsock, SOL_SOCKET, SO_RCVTIMEO, (char *)&ul, 4);
ul = ((unsigned long)ssl_connect_timeout)*1000;
setsockopt(param->remsock, SOL_SOCKET, SO_SNDTIMEO, (char *)&ul, 4);
}
ServerConn = ssl_handshake_to_server(param->remsock, (char *)param->hostname, PCONF, cert, &errSSL); ServerConn = ssl_handshake_to_server(param->remsock, (char *)param->hostname, PCONF, cert, &errSSL);
if ( ServerConn == NULL) { if ( ServerConn == NULL) {
if(ServerConn) ssl_conn_free(ServerConn); if(ServerConn) ssl_conn_free(ServerConn);
@ -1064,7 +934,9 @@ struct vermap{
}; };
int string_to_version(unsigned char *ver){ int string_to_version(unsigned char *ver){
struct vermap *v;
int i; int i;
int res;
for (i=0; versions[i].sver; i++){ for (i=0; versions[i].sver; i++){
if(!strcasecmp(versions[i].sver, (char *)ver)) return versions[i].iver; if(!strcasecmp(versions[i].sver, (char *)ver)) return versions[i].iver;
} }
@ -1175,6 +1047,8 @@ PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink,
pl = pluginlink; pl = pluginlink;
ssl_connect_timeout = 0;
free(certcache); free(certcache);
certcache = NULL; certcache = NULL;
free(srvcert); free(srvcert);