Commit Diff
Diff:
294a57275af3dafa948119e60a8db979be25e1f7
593e412b4988ca8b72bb7ef9b1cc663cb1184215
Commit:
593e412b4988ca8b72bb7ef9b1cc663cb1184215
Tree:
55599fb76ec918b214af8b5fd7e4e1af1d51aaca
Author:
Omar Polo <op@omarpolo.com>
Date:
Sat Jan 1 20:16:14 2022 UTC
Message:
allow to disable TLS when proxying requests
commit - 294a57275af3dafa948119e60a8db979be25e1f7
commit + 593e412b4988ca8b72bb7ef9b1cc663cb1184215
blob - d02811520afc65b1f7e15aecd289f6608fd2daed
blob + 96c67fbbaaa6377d3255fba78c0049b1036a045c
--- gmid.h
+++ gmid.h
@@ -100,6 +100,7 @@ struct proxy {
struct proxy {
char *host;
const char *port;
+ int notls;
uint32_t protocols;
int noverifyname;
uint8_t *cert;
blob - 82debbf44e321746681e00c26525c9330dc350c0
blob + e17fd0601887b9c4597144ab0c44fcb00ff480ad
--- parse.y
+++ parse.y
@@ -125,7 +125,7 @@ typedef struct {
%token RELAY_TO REQUIRE RETURN ROOT
%token SERVER SPAWN STRIP
%token TCP TOEXT TYPE
-%token USER
+%token USE_TLS USER
%token VERIFYNAME
%token ERROR
@@ -338,6 +338,9 @@ proxy_opt : CERT string {
if (errstr != NULL)
yyerror("proxy port is %s: %s", errstr,
p->port);
+ }
+ | USE_TLS bool {
+ host->proxy.notls = !$2;
}
| VERIFYNAME bool {
host->proxy.noverifyname = !$2;
@@ -482,6 +485,7 @@ static struct keyword {
{"tcp", TCP},
{"to-ext", TOEXT},
{"type", TYPE},
+ {"use-tls", USE_TLS},
{"user", USER},
{"verifyname", VERIFYNAME},
};
blob - 7face977e4f7d69f0ea49079d7f6c56fe28fa017
blob + 3c55ca2a65cc25c68f599d6ff74d554fa3813fef
--- proxy.c
+++ proxy.c
@@ -231,12 +231,42 @@ proxy_handshake(int fd, short event, void *d)
}
static void
-proxy_handshake(int fd, short event, void *d)
+proxy_enqueue_req(struct client *c)
{
- struct client *c = d;
+ struct proxy *p = &c->host->proxy;
struct evbuffer *evb;
char iribuf[GEMINI_URL_LEN];
+
+ c->proxybev = bufferevent_new(c->pfd, proxy_read, proxy_write,
+ proxy_error, c);
+ if (c->proxybev == NULL)
+ fatal("can't allocate bufferevent: %s", strerror(errno));
+
+ if (!p->notls) {
+ event_set(&c->proxybev->ev_read, c->pfd, EV_READ,
+ proxy_tls_readcb, c->proxybev);
+ event_set(&c->proxybev->ev_write, c->pfd, EV_WRITE,
+ proxy_tls_writecb, c->proxybev);
+
+#if HAVE_LIBEVENT2
+ evbuffer_unfreeze(c->proxybev->input, 0);
+ evbuffer_unfreeze(c->proxybev->output, 1);
+#endif
+ }
+ serialize_iri(&c->iri, iribuf, sizeof(iribuf));
+
+ evb = EVBUFFER_OUTPUT(c->proxybev);
+ evbuffer_add_printf(evb, "%s\r\n", iribuf);
+
+ bufferevent_enable(c->proxybev, EV_READ|EV_WRITE);
+}
+
+static void
+proxy_handshake(int fd, short event, void *d)
+{
+ struct client *c = d;
+
if (event == EV_TIMEOUT) {
start_reply(c, PROXY_ERROR, "timeout");
return;
@@ -258,37 +288,15 @@ proxy_handshake(int fd, short event, void *d)
return;
}
- c->proxybev = bufferevent_new(c->pfd, proxy_read, proxy_write,
- proxy_error, c);
- if (c->proxybev == NULL)
- fatal("can't allocate bufferevent: %s", strerror(errno));
-
- event_set(&c->proxybev->ev_read, c->pfd, EV_READ,
- proxy_tls_readcb, c->proxybev);
- event_set(&c->proxybev->ev_write, c->pfd, EV_WRITE,
- proxy_tls_writecb, c->proxybev);
-
-#if HAVE_LIBEVENT2
- evbuffer_unfreeze(c->proxybev->input, 0);
- evbuffer_unfreeze(c->proxybev->output, 1);
-#endif
-
- serialize_iri(&c->iri, iribuf, sizeof(iribuf));
-
- evb = EVBUFFER_OUTPUT(c->proxybev);
- evbuffer_add_printf(evb, "%s\r\n", iribuf);
-
- bufferevent_enable(c->proxybev, EV_READ|EV_WRITE);
+ proxy_enqueue_req(c);
}
-int
-proxy_init(struct client *c)
+static int
+proxy_setup_tls(struct client *c)
{
struct proxy *p = &c->host->proxy;
struct tls_config *conf = NULL;
- c->type = REQUEST_PROXY;
-
if ((conf = tls_config_new()) == NULL)
return -1;
@@ -327,7 +335,24 @@ err:
err:
tls_config_free(conf);
- if (c->proxyctx != NULL)
+ if (c->proxyctx != NULL) {
tls_free(c->proxyctx);
+ c->proxyctx = NULL;
+ }
return -1;
}
+
+int
+proxy_init(struct client *c)
+{
+ struct proxy *p = &c->host->proxy;
+
+ c->type = REQUEST_PROXY;
+
+ if (p->notls) {
+ proxy_enqueue_req(c);
+ return 0;
+ }
+
+ return proxy_setup_tls(c);
+}
blob - a0edd85b8b5bdecb779307d2e4aff2b76031cca6
blob + 2a4ed662878234d8ee4f88064cfb74988a5a4da8
--- server.c
+++ server.c
@@ -1239,7 +1239,8 @@ client_close(struct client *c)
if (event_pending(&c->proxyev, EV_READ|EV_WRITE, NULL))
event_del(&c->proxyev);
- if (c->pfd != -1) {
+ if (c->pfd != -1 && c->proxyctx != NULL) {
+ /* shut down the proxy TLS connection */
client_proxy_close(c->pfd, 0, c->proxyctx);
c->pfd = -1;
}
Omar Polo