|
|
@ -167,6 +167,8 @@ typedef struct pxy_conn_ctx {
|
|
|
|
socklen_t addrlen;
|
|
|
|
socklen_t addrlen;
|
|
|
|
int af;
|
|
|
|
int af;
|
|
|
|
X509 *origcrt;
|
|
|
|
X509 *origcrt;
|
|
|
|
|
|
|
|
char *origfpr[SSL_X509_FPRSZ*2+1];
|
|
|
|
|
|
|
|
char *newfpr[SSL_X509_FPRSZ*2+1];
|
|
|
|
|
|
|
|
|
|
|
|
/* references to event base and configuration */
|
|
|
|
/* references to event base and configuration */
|
|
|
|
struct event_base *evbase;
|
|
|
|
struct event_base *evbase;
|
|
|
@ -377,7 +379,7 @@ pxy_log_connect_nonhttp(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
" %s"
|
|
|
|
" %s"
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
"\n",
|
|
|
|
" %s %s\n",
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->sni),
|
|
|
|
STRORDASH(ctx->sni),
|
|
|
@ -389,7 +391,9 @@ pxy_log_connect_nonhttp(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
, lpi
|
|
|
|
, lpi
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
);
|
|
|
|
,
|
|
|
|
|
|
|
|
*ctx->origfpr,
|
|
|
|
|
|
|
|
*ctx->newfpr);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ((rv < 0) || !msg) {
|
|
|
|
if ((rv < 0) || !msg) {
|
|
|
|
ctx->enomem = 1;
|
|
|
|
ctx->enomem = 1;
|
|
|
@ -451,7 +455,7 @@ pxy_log_connect_http(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
" %s"
|
|
|
|
" %s"
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
"%s\n",
|
|
|
|
"%s %s %s\n",
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->http_host),
|
|
|
|
STRORDASH(ctx->http_host),
|
|
|
@ -462,7 +466,9 @@ pxy_log_connect_http(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
lpi,
|
|
|
|
lpi,
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
ctx->ocsp_denied ? " ocsp:denied" : "");
|
|
|
|
ctx->ocsp_denied ? " ocsp:denied" : "",
|
|
|
|
|
|
|
|
*ctx->origfpr,
|
|
|
|
|
|
|
|
*ctx->newfpr);
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
rv = asprintf(&msg, "https %s %s %s %s %s %s %s "
|
|
|
|
rv = asprintf(&msg, "https %s %s %s %s %s %s %s "
|
|
|
|
"sni:%s names:%s "
|
|
|
|
"sni:%s names:%s "
|
|
|
@ -470,7 +476,7 @@ pxy_log_connect_http(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
" %s"
|
|
|
|
" %s"
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
"%s\n",
|
|
|
|
"%s %s %s\n",
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->http_host),
|
|
|
|
STRORDASH(ctx->http_host),
|
|
|
@ -487,7 +493,9 @@ pxy_log_connect_http(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
lpi,
|
|
|
|
lpi,
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
ctx->ocsp_denied ? " ocsp:denied" : "");
|
|
|
|
ctx->ocsp_denied ? " ocsp:denied" : "",
|
|
|
|
|
|
|
|
*ctx->origfpr,
|
|
|
|
|
|
|
|
*ctx->newfpr);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ((rv < 0 ) || !msg) {
|
|
|
|
if ((rv < 0 ) || !msg) {
|
|
|
|
ctx->enomem = 1;
|
|
|
|
ctx->enomem = 1;
|
|
|
@ -798,6 +806,48 @@ pxy_srccert_create(pxy_conn_ctx_t *ctx)
|
|
|
|
cert_set_chain(cert, ctx->opts->chain);
|
|
|
|
cert_set_chain(cert, ctx->opts->chain);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
unsigned char origfpr[SSL_X509_FPRSZ], newfpr[SSL_X509_FPRSZ];
|
|
|
|
|
|
|
|
ssl_x509_fingerprint_sha1(ctx->origcrt, origfpr);
|
|
|
|
|
|
|
|
ssl_x509_fingerprint_sha1(cert->crt, newfpr);
|
|
|
|
|
|
|
|
asprintf(ctx->origfpr,"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X"
|
|
|
|
|
|
|
|
"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
|
|
|
|
|
origfpr[0], origfpr[1], origfpr[2], origfpr[3], origfpr[4],
|
|
|
|
|
|
|
|
origfpr[5], origfpr[6], origfpr[7], origfpr[8], origfpr[9],
|
|
|
|
|
|
|
|
origfpr[10], origfpr[11], origfpr[12], origfpr[13], origfpr[14],
|
|
|
|
|
|
|
|
origfpr[15], origfpr[16], origfpr[17], origfpr[18], origfpr[19]);
|
|
|
|
|
|
|
|
asprintf(ctx->newfpr,"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X"
|
|
|
|
|
|
|
|
"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
|
|
|
|
|
newfpr[0], newfpr[1], newfpr[2], newfpr[3], newfpr[4],
|
|
|
|
|
|
|
|
newfpr[5], newfpr[6], newfpr[7], newfpr[8], newfpr[9],
|
|
|
|
|
|
|
|
newfpr[10], newfpr[11], newfpr[12], newfpr[13], newfpr[14],
|
|
|
|
|
|
|
|
newfpr[15], newfpr[16], newfpr[17], newfpr[18], newfpr[19]);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (ctx->opts->certgendir) {
|
|
|
|
|
|
|
|
char *crtfn;
|
|
|
|
|
|
|
|
asprintf(&crtfn, "%s/%s-%s.crt", ctx->opts->certgendir, *ctx->origfpr, *ctx->newfpr);
|
|
|
|
|
|
|
|
FILE *crtfd;
|
|
|
|
|
|
|
|
crtfd = fopen(crtfn, "w");
|
|
|
|
|
|
|
|
if (crtfd) {
|
|
|
|
|
|
|
|
PEM_write_X509(crtfd, cert->crt);
|
|
|
|
|
|
|
|
fclose(crtfd);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
log_err_printf("Failed to open '%s' for writing: %s\n",
|
|
|
|
|
|
|
|
crtfn, strerror(errno));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ctx->opts->writeorig) {
|
|
|
|
|
|
|
|
char *origfn;
|
|
|
|
|
|
|
|
asprintf(&origfn, "%s/%s.crt", ctx->opts->certgendir, *ctx->origfpr);
|
|
|
|
|
|
|
|
FILE *origfd = fopen(origfn, "w");
|
|
|
|
|
|
|
|
if (origfd) {
|
|
|
|
|
|
|
|
PEM_write_X509(origfd, ctx->origcrt);
|
|
|
|
|
|
|
|
fclose(origfd);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
log_err_printf("Failed to open '%s' for writing: %s\n",
|
|
|
|
|
|
|
|
origfn, strerror(errno));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return cert;
|
|
|
|
return cert;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|