mirror of https://github.com/omar-polo/gmid.git
allow to disable TLS when proxying requests
This commit is contained in:
parent
294a57275a
commit
593e412b49
1
gmid.h
1
gmid.h
|
@ -100,6 +100,7 @@ extern struct fcgi fcgi[FCGI_MAX];
|
|||
struct proxy {
|
||||
char *host;
|
||||
const char *port;
|
||||
int notls;
|
||||
uint32_t protocols;
|
||||
int noverifyname;
|
||||
uint8_t *cert;
|
||||
|
|
6
parse.y
6
parse.y
|
@ -125,7 +125,7 @@ typedef struct {
|
|||
%token RELAY_TO REQUIRE RETURN ROOT
|
||||
%token SERVER SPAWN STRIP
|
||||
%token TCP TOEXT TYPE
|
||||
%token USER
|
||||
%token USE_TLS USER
|
||||
%token VERIFYNAME
|
||||
|
||||
%token ERROR
|
||||
|
@ -339,6 +339,9 @@ proxy_opt : CERT string {
|
|||
yyerror("proxy port is %s: %s", errstr,
|
||||
p->port);
|
||||
}
|
||||
| USE_TLS bool {
|
||||
host->proxy.notls = !$2;
|
||||
}
|
||||
| VERIFYNAME bool {
|
||||
host->proxy.noverifyname = !$2;
|
||||
}
|
||||
|
@ -482,6 +485,7 @@ static struct keyword {
|
|||
{"tcp", TCP},
|
||||
{"to-ext", TOEXT},
|
||||
{"type", TYPE},
|
||||
{"use-tls", USE_TLS},
|
||||
{"user", USER},
|
||||
{"verifyname", VERIFYNAME},
|
||||
};
|
||||
|
|
81
proxy.c
81
proxy.c
|
@ -230,12 +230,42 @@ proxy_error(struct bufferevent *bev, short error, void *d)
|
|||
client_write(c->bev, c);
|
||||
}
|
||||
|
||||
static void
|
||||
proxy_enqueue_req(struct client *c)
|
||||
{
|
||||
struct proxy *p = &c->host->proxy;
|
||||
struct evbuffer *evb;
|
||||
char iribuf[GEMINI_URL_LEN];
|
||||
|
||||
c->proxybev = bufferevent_new(c->pfd, proxy_read, proxy_write,
|
||||
proxy_error, c);
|
||||
if (c->proxybev == NULL)
|
||||
fatal("can't allocate bufferevent: %s", strerror(errno));
|
||||
|
||||
if (!p->notls) {
|
||||
event_set(&c->proxybev->ev_read, c->pfd, EV_READ,
|
||||
proxy_tls_readcb, c->proxybev);
|
||||
event_set(&c->proxybev->ev_write, c->pfd, EV_WRITE,
|
||||
proxy_tls_writecb, c->proxybev);
|
||||
|
||||
#if HAVE_LIBEVENT2
|
||||
evbuffer_unfreeze(c->proxybev->input, 0);
|
||||
evbuffer_unfreeze(c->proxybev->output, 1);
|
||||
#endif
|
||||
}
|
||||
|
||||
serialize_iri(&c->iri, iribuf, sizeof(iribuf));
|
||||
|
||||
evb = EVBUFFER_OUTPUT(c->proxybev);
|
||||
evbuffer_add_printf(evb, "%s\r\n", iribuf);
|
||||
|
||||
bufferevent_enable(c->proxybev, EV_READ|EV_WRITE);
|
||||
}
|
||||
|
||||
static void
|
||||
proxy_handshake(int fd, short event, void *d)
|
||||
{
|
||||
struct client *c = d;
|
||||
struct evbuffer *evb;
|
||||
char iribuf[GEMINI_URL_LEN];
|
||||
|
||||
if (event == EV_TIMEOUT) {
|
||||
start_reply(c, PROXY_ERROR, "timeout");
|
||||
|
@ -258,37 +288,15 @@ proxy_handshake(int fd, short event, void *d)
|
|||
return;
|
||||
}
|
||||
|
||||
c->proxybev = bufferevent_new(c->pfd, proxy_read, proxy_write,
|
||||
proxy_error, c);
|
||||
if (c->proxybev == NULL)
|
||||
fatal("can't allocate bufferevent: %s", strerror(errno));
|
||||
|
||||
event_set(&c->proxybev->ev_read, c->pfd, EV_READ,
|
||||
proxy_tls_readcb, c->proxybev);
|
||||
event_set(&c->proxybev->ev_write, c->pfd, EV_WRITE,
|
||||
proxy_tls_writecb, c->proxybev);
|
||||
|
||||
#if HAVE_LIBEVENT2
|
||||
evbuffer_unfreeze(c->proxybev->input, 0);
|
||||
evbuffer_unfreeze(c->proxybev->output, 1);
|
||||
#endif
|
||||
|
||||
serialize_iri(&c->iri, iribuf, sizeof(iribuf));
|
||||
|
||||
evb = EVBUFFER_OUTPUT(c->proxybev);
|
||||
evbuffer_add_printf(evb, "%s\r\n", iribuf);
|
||||
|
||||
bufferevent_enable(c->proxybev, EV_READ|EV_WRITE);
|
||||
proxy_enqueue_req(c);
|
||||
}
|
||||
|
||||
int
|
||||
proxy_init(struct client *c)
|
||||
static int
|
||||
proxy_setup_tls(struct client *c)
|
||||
{
|
||||
struct proxy *p = &c->host->proxy;
|
||||
struct tls_config *conf = NULL;
|
||||
|
||||
c->type = REQUEST_PROXY;
|
||||
|
||||
if ((conf = tls_config_new()) == NULL)
|
||||
return -1;
|
||||
|
||||
|
@ -327,7 +335,24 @@ proxy_init(struct client *c)
|
|||
|
||||
err:
|
||||
tls_config_free(conf);
|
||||
if (c->proxyctx != NULL)
|
||||
if (c->proxyctx != NULL) {
|
||||
tls_free(c->proxyctx);
|
||||
c->proxyctx = NULL;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
int
|
||||
proxy_init(struct client *c)
|
||||
{
|
||||
struct proxy *p = &c->host->proxy;
|
||||
|
||||
c->type = REQUEST_PROXY;
|
||||
|
||||
if (p->notls) {
|
||||
proxy_enqueue_req(c);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return proxy_setup_tls(c);
|
||||
}
|
||||
|
|
3
server.c
3
server.c
|
@ -1239,7 +1239,8 @@ client_close(struct client *c)
|
|||
if (event_pending(&c->proxyev, EV_READ|EV_WRITE, NULL))
|
||||
event_del(&c->proxyev);
|
||||
|
||||
if (c->pfd != -1) {
|
||||
if (c->pfd != -1 && c->proxyctx != NULL) {
|
||||
/* shut down the proxy TLS connection */
|
||||
client_proxy_close(c->pfd, 0, c->proxyctx);
|
||||
c->pfd = -1;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue