|
|
@ -357,6 +357,23 @@ pxy_log_connect_nonhttp(pxy_conn_ctx_t *ctx)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
unsigned char origfpr[SSL_X509_FPRSZ], newfpr[SSL_X509_FPRSZ];
|
|
|
|
|
|
|
|
ssl_x509_fingerprint_sha1(ctx->origcrt, origfpr);
|
|
|
|
|
|
|
|
ssl_x509_fingerprint_sha1(SSL_get_certificate(ctx->src.ssl), newfpr);
|
|
|
|
|
|
|
|
char *origfprstr, *newfprstr;
|
|
|
|
|
|
|
|
asprintf(&origfprstr," %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X"
|
|
|
|
|
|
|
|
"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
|
|
|
|
|
origfpr[0], origfpr[1], origfpr[2], origfpr[3], origfpr[4],
|
|
|
|
|
|
|
|
origfpr[5], origfpr[6], origfpr[7], origfpr[8], origfpr[9],
|
|
|
|
|
|
|
|
origfpr[10], origfpr[11], origfpr[12], origfpr[13], origfpr[14],
|
|
|
|
|
|
|
|
origfpr[15], origfpr[16], origfpr[17], origfpr[18], origfpr[19]);
|
|
|
|
|
|
|
|
asprintf(&newfprstr," %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X"
|
|
|
|
|
|
|
|
"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
|
|
|
|
|
newfpr[0], newfpr[1], newfpr[2], newfpr[3], newfpr[4],
|
|
|
|
|
|
|
|
newfpr[5], newfpr[6], newfpr[7], newfpr[8], newfpr[9],
|
|
|
|
|
|
|
|
newfpr[10], newfpr[11], newfpr[12], newfpr[13], newfpr[14],
|
|
|
|
|
|
|
|
newfpr[15], newfpr[16], newfpr[17], newfpr[18], newfpr[19]);
|
|
|
|
|
|
|
|
|
|
|
|
if (!ctx->spec->ssl || ctx->passthrough) {
|
|
|
|
if (!ctx->spec->ssl || ctx->passthrough) {
|
|
|
|
rv = asprintf(&msg, "%s %s %s"
|
|
|
|
rv = asprintf(&msg, "%s %s %s"
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
@ -377,7 +394,7 @@ pxy_log_connect_nonhttp(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
" %s"
|
|
|
|
" %s"
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
"\n",
|
|
|
|
"%s%s\n",
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->sni),
|
|
|
|
STRORDASH(ctx->sni),
|
|
|
@ -389,7 +406,9 @@ pxy_log_connect_nonhttp(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
, lpi
|
|
|
|
, lpi
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
);
|
|
|
|
,
|
|
|
|
|
|
|
|
ctx->opts->certgendir ? origfprstr : "",
|
|
|
|
|
|
|
|
ctx->opts->certgendir ? newfprstr : "");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ((rv < 0) || !msg) {
|
|
|
|
if ((rv < 0) || !msg) {
|
|
|
|
ctx->enomem = 1;
|
|
|
|
ctx->enomem = 1;
|
|
|
@ -446,12 +465,29 @@ pxy_log_connect_http(pxy_conn_ctx_t *ctx)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
unsigned char origfpr[SSL_X509_FPRSZ], newfpr[SSL_X509_FPRSZ];
|
|
|
|
|
|
|
|
ssl_x509_fingerprint_sha1(ctx->origcrt, origfpr);
|
|
|
|
|
|
|
|
ssl_x509_fingerprint_sha1(SSL_get_certificate(ctx->src.ssl), newfpr);
|
|
|
|
|
|
|
|
char *origfprstr, *newfprstr;
|
|
|
|
|
|
|
|
asprintf(&origfprstr," %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X"
|
|
|
|
|
|
|
|
"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
|
|
|
|
|
origfpr[0], origfpr[1], origfpr[2], origfpr[3], origfpr[4],
|
|
|
|
|
|
|
|
origfpr[5], origfpr[6], origfpr[7], origfpr[8], origfpr[9],
|
|
|
|
|
|
|
|
origfpr[10], origfpr[11], origfpr[12], origfpr[13], origfpr[14],
|
|
|
|
|
|
|
|
origfpr[15], origfpr[16], origfpr[17], origfpr[18], origfpr[19]);
|
|
|
|
|
|
|
|
asprintf(&newfprstr," %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X"
|
|
|
|
|
|
|
|
"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
|
|
|
|
|
newfpr[0], newfpr[1], newfpr[2], newfpr[3], newfpr[4],
|
|
|
|
|
|
|
|
newfpr[5], newfpr[6], newfpr[7], newfpr[8], newfpr[9],
|
|
|
|
|
|
|
|
newfpr[10], newfpr[11], newfpr[12], newfpr[13], newfpr[14],
|
|
|
|
|
|
|
|
newfpr[15], newfpr[16], newfpr[17], newfpr[18], newfpr[19]);
|
|
|
|
|
|
|
|
|
|
|
|
if (!ctx->spec->ssl) {
|
|
|
|
if (!ctx->spec->ssl) {
|
|
|
|
rv = asprintf(&msg, "http %s %s %s %s %s %s %s"
|
|
|
|
rv = asprintf(&msg, "http %s %s %s %s %s %s %s"
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
" %s"
|
|
|
|
" %s"
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
"%s\n",
|
|
|
|
"%s%s%s\n",
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->http_host),
|
|
|
|
STRORDASH(ctx->http_host),
|
|
|
@ -462,7 +498,9 @@ pxy_log_connect_http(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
lpi,
|
|
|
|
lpi,
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
ctx->ocsp_denied ? " ocsp:denied" : "");
|
|
|
|
ctx->ocsp_denied ? " ocsp:denied" : "",
|
|
|
|
|
|
|
|
ctx->opts->certgendir ? origfprstr : "",
|
|
|
|
|
|
|
|
ctx->opts->certgendir ? newfprstr : "");
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
rv = asprintf(&msg, "https %s %s %s %s %s %s %s "
|
|
|
|
rv = asprintf(&msg, "https %s %s %s %s %s %s %s "
|
|
|
|
"sni:%s names:%s "
|
|
|
|
"sni:%s names:%s "
|
|
|
@ -470,7 +508,7 @@ pxy_log_connect_http(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
" %s"
|
|
|
|
" %s"
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
"%s\n",
|
|
|
|
"%s%s%s\n",
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->src_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->dst_str),
|
|
|
|
STRORDASH(ctx->http_host),
|
|
|
|
STRORDASH(ctx->http_host),
|
|
|
@ -487,7 +525,9 @@ pxy_log_connect_http(pxy_conn_ctx_t *ctx)
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
|
|
lpi,
|
|
|
|
lpi,
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
|
|
ctx->ocsp_denied ? " ocsp:denied" : "");
|
|
|
|
ctx->ocsp_denied ? " ocsp:denied" : "",
|
|
|
|
|
|
|
|
ctx->opts->certgendir ? origfprstr : "",
|
|
|
|
|
|
|
|
ctx->opts->certgendir ? newfprstr : "");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ((rv < 0 ) || !msg) {
|
|
|
|
if ((rv < 0 ) || !msg) {
|
|
|
|
ctx->enomem = 1;
|
|
|
|
ctx->enomem = 1;
|
|
|
@ -803,14 +843,14 @@ pxy_srccert_create(pxy_conn_ctx_t *ctx)
|
|
|
|
ssl_x509_fingerprint_sha1(ctx->origcrt, origfpr);
|
|
|
|
ssl_x509_fingerprint_sha1(ctx->origcrt, origfpr);
|
|
|
|
ssl_x509_fingerprint_sha1(cert->crt, newfpr);
|
|
|
|
ssl_x509_fingerprint_sha1(cert->crt, newfpr);
|
|
|
|
char *origfprstr, *newfprstr;
|
|
|
|
char *origfprstr, *newfprstr;
|
|
|
|
asprintf(&origfprstr,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
|
|
|
|
asprintf(&origfprstr,"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X"
|
|
|
|
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
|
|
|
"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
|
origfpr[0], origfpr[1], origfpr[2], origfpr[3], origfpr[4],
|
|
|
|
origfpr[0], origfpr[1], origfpr[2], origfpr[3], origfpr[4],
|
|
|
|
origfpr[5], origfpr[6], origfpr[7], origfpr[8], origfpr[9],
|
|
|
|
origfpr[5], origfpr[6], origfpr[7], origfpr[8], origfpr[9],
|
|
|
|
origfpr[10], origfpr[11], origfpr[12], origfpr[13], origfpr[14],
|
|
|
|
origfpr[10], origfpr[11], origfpr[12], origfpr[13], origfpr[14],
|
|
|
|
origfpr[15], origfpr[16], origfpr[17], origfpr[18], origfpr[19]);
|
|
|
|
origfpr[15], origfpr[16], origfpr[17], origfpr[18], origfpr[19]);
|
|
|
|
asprintf(&newfprstr,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
|
|
|
|
asprintf(&newfprstr,"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X"
|
|
|
|
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
|
|
|
|
"%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
|
|
|
|
newfpr[0], newfpr[1], newfpr[2], newfpr[3], newfpr[4],
|
|
|
|
newfpr[0], newfpr[1], newfpr[2], newfpr[3], newfpr[4],
|
|
|
|
newfpr[5], newfpr[6], newfpr[7], newfpr[8], newfpr[9],
|
|
|
|
newfpr[5], newfpr[6], newfpr[7], newfpr[8], newfpr[9],
|
|
|
|
newfpr[10], newfpr[11], newfpr[12], newfpr[13], newfpr[14],
|
|
|
|
newfpr[10], newfpr[11], newfpr[12], newfpr[13], newfpr[14],
|
|
|
|