From: Fabian Keil Date: Thu, 28 May 2020 11:54:30 +0000 (+0200) Subject: Don't enable tunnelling if a CGI page is requested X-Git-Tag: v_3_0_29~368 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/developer-manual/man-page/static/@homepage@?a=commitdiff_plain;h=dab826ce388441cb5095a282980da045aceab360;p=privoxy.git Don't enable tunnelling if a CGI page is requested ... even if HTTPS inspection is disabled. This makes sure https://p.p/ and https://config.privoxy.org/ work even if Privoxy is toggled off. Sponsored by: Robert Klemme --- diff --git a/jcc.c b/jcc.c index 3310ca1e..898618aa 100644 --- a/jcc.c +++ b/jcc.c @@ -2403,6 +2403,33 @@ static jb_err process_encrypted_request(struct client_state *csp) return err; } + +/********************************************************************* + * + * Function : cgi_page_requested + * + * Description : Checks if a request is for an internal CGI page. + * + * Parameters : + * 1 : host = The host requested by the client. + * + * Returns : 1 if a CGI page has been requested, 0 otherwise + * + *********************************************************************/ +static int cgi_page_requested(const char *host) +{ + if ((0 == strcmpic(host, CGI_SITE_1_HOST)) + || (0 == strcmpic(host, CGI_SITE_1_HOST ".")) + || (0 == strcmpic(host, CGI_SITE_2_HOST)) + || (0 == strcmpic(host, CGI_SITE_2_HOST "."))) + { + return 1; + } + + return 0; + +} + #endif @@ -3531,7 +3558,8 @@ static void chat(struct client_state *csp) * Setting flags to use old solution with SSL tunnel and to disable * certificates verification. */ - if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION)) + if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION) + && !cgi_page_requested(csp->http->host)) { use_ssl_tunnel = 1; }