commit 593e412b4988ca8b72bb7ef9b1cc663cb1184215 from: Omar Polo date: Sat Jan 01 20:16:14 2022 UTC allow to disable TLS when proxying requests commit - 294a57275af3dafa948119e60a8db979be25e1f7 commit + 593e412b4988ca8b72bb7ef9b1cc663cb1184215 blob - d02811520afc65b1f7e15aecd289f6608fd2daed blob + 96c67fbbaaa6377d3255fba78c0049b1036a045c --- gmid.h +++ gmid.h @@ -100,6 +100,7 @@ extern struct fcgi fcgi[FCGI_MAX]; struct proxy { char *host; const char *port; + int notls; uint32_t protocols; int noverifyname; uint8_t *cert; blob - 82debbf44e321746681e00c26525c9330dc350c0 blob + e17fd0601887b9c4597144ab0c44fcb00ff480ad --- parse.y +++ parse.y @@ -125,7 +125,7 @@ typedef struct { %token RELAY_TO REQUIRE RETURN ROOT %token SERVER SPAWN STRIP %token TCP TOEXT TYPE -%token USER +%token USE_TLS USER %token VERIFYNAME %token ERROR @@ -338,6 +338,9 @@ proxy_opt : CERT string { if (errstr != NULL) yyerror("proxy port is %s: %s", errstr, p->port); + } + | USE_TLS bool { + host->proxy.notls = !$2; } | VERIFYNAME bool { host->proxy.noverifyname = !$2; @@ -482,6 +485,7 @@ static struct keyword { {"tcp", TCP}, {"to-ext", TOEXT}, {"type", TYPE}, + {"use-tls", USE_TLS}, {"user", USER}, {"verifyname", VERIFYNAME}, }; blob - 7face977e4f7d69f0ea49079d7f6c56fe28fa017 blob + 3c55ca2a65cc25c68f599d6ff74d554fa3813fef --- proxy.c +++ proxy.c @@ -231,12 +231,42 @@ proxy_error(struct bufferevent *bev, short error, void } static void -proxy_handshake(int fd, short event, void *d) +proxy_enqueue_req(struct client *c) { - struct client *c = d; + struct proxy *p = &c->host->proxy; struct evbuffer *evb; char iribuf[GEMINI_URL_LEN]; + + c->proxybev = bufferevent_new(c->pfd, proxy_read, proxy_write, + proxy_error, c); + if (c->proxybev == NULL) + fatal("can't allocate bufferevent: %s", strerror(errno)); + + if (!p->notls) { + event_set(&c->proxybev->ev_read, c->pfd, EV_READ, + proxy_tls_readcb, c->proxybev); + event_set(&c->proxybev->ev_write, c->pfd, EV_WRITE, + proxy_tls_writecb, c->proxybev); + +#if HAVE_LIBEVENT2 + evbuffer_unfreeze(c->proxybev->input, 0); + evbuffer_unfreeze(c->proxybev->output, 1); +#endif + } + serialize_iri(&c->iri, iribuf, sizeof(iribuf)); + + evb = EVBUFFER_OUTPUT(c->proxybev); + evbuffer_add_printf(evb, "%s\r\n", iribuf); + + bufferevent_enable(c->proxybev, EV_READ|EV_WRITE); +} + +static void +proxy_handshake(int fd, short event, void *d) +{ + struct client *c = d; + if (event == EV_TIMEOUT) { start_reply(c, PROXY_ERROR, "timeout"); return; @@ -258,37 +288,15 @@ proxy_handshake(int fd, short event, void *d) return; } - c->proxybev = bufferevent_new(c->pfd, proxy_read, proxy_write, - proxy_error, c); - if (c->proxybev == NULL) - fatal("can't allocate bufferevent: %s", strerror(errno)); - - event_set(&c->proxybev->ev_read, c->pfd, EV_READ, - proxy_tls_readcb, c->proxybev); - event_set(&c->proxybev->ev_write, c->pfd, EV_WRITE, - proxy_tls_writecb, c->proxybev); - -#if HAVE_LIBEVENT2 - evbuffer_unfreeze(c->proxybev->input, 0); - evbuffer_unfreeze(c->proxybev->output, 1); -#endif - - serialize_iri(&c->iri, iribuf, sizeof(iribuf)); - - evb = EVBUFFER_OUTPUT(c->proxybev); - evbuffer_add_printf(evb, "%s\r\n", iribuf); - - bufferevent_enable(c->proxybev, EV_READ|EV_WRITE); + proxy_enqueue_req(c); } -int -proxy_init(struct client *c) +static int +proxy_setup_tls(struct client *c) { struct proxy *p = &c->host->proxy; struct tls_config *conf = NULL; - c->type = REQUEST_PROXY; - if ((conf = tls_config_new()) == NULL) return -1; @@ -327,7 +335,24 @@ proxy_init(struct client *c) err: tls_config_free(conf); - if (c->proxyctx != NULL) + if (c->proxyctx != NULL) { tls_free(c->proxyctx); + c->proxyctx = NULL; + } return -1; } + +int +proxy_init(struct client *c) +{ + struct proxy *p = &c->host->proxy; + + c->type = REQUEST_PROXY; + + if (p->notls) { + proxy_enqueue_req(c); + return 0; + } + + return proxy_setup_tls(c); +} blob - a0edd85b8b5bdecb779307d2e4aff2b76031cca6 blob + 2a4ed662878234d8ee4f88064cfb74988a5a4da8 --- server.c +++ server.c @@ -1239,7 +1239,8 @@ client_close(struct client *c) if (event_pending(&c->proxyev, EV_READ|EV_WRITE, NULL)) event_del(&c->proxyev); - if (c->pfd != -1) { + if (c->pfd != -1 && c->proxyctx != NULL) { + /* shut down the proxy TLS connection */ client_proxy_close(c->pfd, 0, c->proxyctx); c->pfd = -1; }