mirror of https://github.com/omar-polo/gmid.git
support optional client certificate for proxy rule
This commit is contained in:
parent
da2185f37f
commit
d49093c105
3
gmid.c
3
gmid.c
|
@ -304,6 +304,9 @@ free_config(void)
|
|||
|
||||
free(l->proxy_host);
|
||||
|
||||
tls_unload_file(l->proxy_cert, l->proxy_cert_len);
|
||||
tls_unload_file(l->proxy_key, l->proxy_key_len);
|
||||
|
||||
if (l->dirfd != -1)
|
||||
close(l->dirfd);
|
||||
|
||||
|
|
5
gmid.h
5
gmid.h
|
@ -113,6 +113,10 @@ struct location {
|
|||
|
||||
char *proxy_host;
|
||||
const char *proxy_port;
|
||||
uint8_t *proxy_cert;
|
||||
size_t proxy_cert_len;
|
||||
uint8_t *proxy_key;
|
||||
size_t proxy_key_len;
|
||||
|
||||
const char *dir;
|
||||
int dirfd;
|
||||
|
@ -238,6 +242,7 @@ struct client {
|
|||
struct sockaddr_storage addr;
|
||||
struct vhost *host; /* host they're talking to */
|
||||
size_t loc; /* location matched */
|
||||
struct location *l;
|
||||
|
||||
SPLAY_ENTRY(client) entry;
|
||||
};
|
||||
|
|
16
parse.y
16
parse.y
|
@ -353,7 +353,21 @@ proxy_opts : /* empty */
|
|||
| proxy_opts proxy_opt optnl
|
||||
;
|
||||
|
||||
proxy_opt : RELAY_TO string {
|
||||
proxy_opt : CERT string {
|
||||
only_once(loc->proxy_cert, "proxy cert");
|
||||
ensure_absolute_path($2);
|
||||
loc->proxy_cert = tls_load_file($2, &loc->proxy_cert_len, NULL);
|
||||
if (loc->proxy_cert == NULL)
|
||||
yyerror("can't load cert %s", $2);
|
||||
}
|
||||
| KEY string {
|
||||
only_once(loc->proxy_key, "proxy key");
|
||||
ensure_absolute_path($2);
|
||||
loc->proxy_key = tls_load_file($2, &loc->proxy_key_len, NULL);
|
||||
if (loc->proxy_key == NULL)
|
||||
yyerror("can't load key %s", $2);
|
||||
}
|
||||
| RELAY_TO string {
|
||||
char *at;
|
||||
const char *errstr;
|
||||
|
||||
|
|
15
proxy.c
15
proxy.c
|
@ -292,9 +292,22 @@ proxy_init(struct client *c)
|
|||
return -1;
|
||||
|
||||
/* TODO: tls_config_set_protocols here */
|
||||
/* TODO: optionally load a client keypair here */
|
||||
tls_config_insecure_noverifycert(conf);
|
||||
|
||||
if (c->l->proxy_cert != NULL) {
|
||||
int r;
|
||||
|
||||
r = tls_config_set_cert_mem(conf, c->l->proxy_cert,
|
||||
c->l->proxy_cert_len);
|
||||
if (r == -1)
|
||||
goto err;
|
||||
|
||||
r = tls_config_set_key_mem(conf, c->l->proxy_key,
|
||||
c->l->proxy_key_len);
|
||||
if (r == -1)
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((c->proxyctx = tls_client()) == NULL)
|
||||
goto err;
|
||||
|
||||
|
|
Loading…
Reference in New Issue