commit c743c9a1be8679fd89d9305c6a422540568efa01 from: Omar Polo date: Fri Sep 23 15:18:23 2022 UTC allow to speak "TLS-less Gemini" useful for e.g. to save some CPU cycles when the Gemini server is sitting on the same box as Galileo; disabled by default. commit - 02e6ed011475bd4d69409cc1505bd3ee2963f67c commit + c743c9a1be8679fd89d9305c6a422540568efa01 blob - bf98d629cc4c0d09bc31b340d5c7eef05b2dbb67 blob + f7298bebee189f38809b4fb14e44fbeeb291e5dd --- galileo.h +++ galileo.h @@ -119,6 +119,7 @@ struct proxy_config { char proxy_addr[HOST_NAME_MAX + 1]; char proxy_name[HOST_NAME_MAX + 1]; char proxy_port[6]; + int no_tls; }; struct proxy { blob - 45d51ea323ebd85865266aa41e0a22b44896320c blob + 469d5c76f7453d9418c18161b00f017ca376738f --- parse.y +++ parse.y @@ -102,7 +102,7 @@ typedef struct { %} %token INCLUDE ERROR -%token CHROOT HOSTNAME PORT PREFORK PROXY SOURCE STYLESHEET +%token CHROOT HOSTNAME NO PORT PREFORK PROXY SOURCE STYLESHEET TLS %token NUMBER %token STRING %type port @@ -244,6 +244,9 @@ proxyoptsl : SOURCE STRING proxyport { yyerror("stylesheet path too long!"); free($2); } + | NO TLS { + pr->pr_conf.no_tls = 1; + } ; proxyport : /* empty */ { @@ -333,11 +336,13 @@ lookup(char *s) { "chroot", CHROOT }, { "hostname", HOSTNAME }, { "include", INCLUDE }, + { "no", NO }, { "port", PORT }, { "prefork", PREFORK }, { "proxy", PROXY }, { "source", SOURCE }, { "stylesheet", STYLESHEET}, + { "tls", TLS }, }; const struct keywords *p; blob - 24ddb43bf40a4b79eca2a12a62f3d17b56285be0 blob + 61503dc94af8e3b198014316acb48bf2e3b47d4e --- proxy.c +++ proxy.c @@ -479,51 +479,53 @@ done: freeaddrinfo(clt->clt_addrinfo); clt->clt_addrinfo = clt->clt_p = NULL; - /* initialize TLS for Gemini */ - if ((conf = tls_config_new()) == NULL) { - log_warn("tls_config_new failed"); + clt->clt_bev = bufferevent_new(clt->clt_fd, proxy_read, proxy_write, + proxy_error, clt); + if (clt->clt_bev == NULL) { + log_warn("bufferevent_new"); goto err; } - - tls_config_insecure_noverifycert(conf); - if ((clt->clt_ctx = tls_client()) == NULL) { - log_warnx("tls_client failed"); - tls_config_free(conf); - goto err; - } + if (!clt->clt_pc->no_tls) { + /* initialize TLS for Gemini */ + if ((conf = tls_config_new()) == NULL) { + log_warn("tls_config_new failed"); + goto err; + } - if (tls_configure(clt->clt_ctx, conf) == -1) { - log_warnx("tls_configure failed"); - tls_config_free(conf); - goto err; - } + tls_config_insecure_noverifycert(conf); - tls_config_free(conf); + if ((clt->clt_ctx = tls_client()) == NULL) { + log_warnx("tls_client failed"); + tls_config_free(conf); + goto err; + } + + if (tls_configure(clt->clt_ctx, conf) == -1) { + log_warnx("tls_configure failed"); + tls_config_free(conf); + goto err; + } - if (tls_connect_socket(clt->clt_ctx, clt->clt_fd, - clt->clt_pc->proxy_name) == -1) { - log_warnx("tls_connect_socket failed"); - goto err; - } + tls_config_free(conf); - clt->clt_bev = bufferevent_new(clt->clt_fd, proxy_read, proxy_write, - proxy_error, clt); - if (clt->clt_bev == NULL) { - log_warn("bufferevent_new"); - goto err; - } - out = EVBUFFER_OUTPUT(clt->clt_bev); + if (tls_connect_socket(clt->clt_ctx, clt->clt_fd, + clt->clt_pc->proxy_name) == -1) { + log_warnx("tls_connect_socket failed"); + goto err; + } - event_set(&clt->clt_bev->ev_read, clt->clt_fd, EV_READ, - proxy_tls_readcb, clt->clt_bev); - event_set(&clt->clt_bev->ev_write, clt->clt_fd, EV_WRITE, - proxy_tls_writecb, clt->clt_bev); + event_set(&clt->clt_bev->ev_read, clt->clt_fd, EV_READ, + proxy_tls_readcb, clt->clt_bev); + event_set(&clt->clt_bev->ev_write, clt->clt_fd, EV_WRITE, + proxy_tls_writecb, clt->clt_bev); + } /* bufferevent_settimeout(); */ bufferevent_enable(clt->clt_bev, EV_READ|EV_WRITE); /* TODO: compute the URL */ + out = EVBUFFER_OUTPUT(clt->clt_bev); if (evbuffer_add_printf(out, "gemini://%s/%s", clt->clt_pc->proxy_name, clt->clt_path_info) == -1) { log_warn("bufferevent_printf failed");