*
*********************************************************************/
+#include <ctype.h>
#include <string.h>
#include <unistd.h>
static int generate_certificate_valid_date(time_t time_spec, char *buffer,
size_t buffer_size)
{
-#ifdef HAVE_GMTIME_R
struct tm valid_date;
-#endif
struct tm *timeptr;
size_t ret;
-#ifdef HAVE_GMTIME_R
- timeptr = gmtime_r(&time_spec, &valid_date);
-#elif defined(MUTEX_LOCKS_AVAILABLE)
- privoxy_mutex_lock(&gmtime_mutex);
- timeptr = gmtime(&time_spec);
-#else
-#warning Using unlocked gmtime()
- timeptr = gmtime(&time_spec);
-#endif
+ timeptr = privoxy_gmtime_r(&time_spec, &valid_date);
if (NULL == timeptr)
{
-#if !defined(HAVE_GMTIME_R) && defined(MUTEX_LOCKS_AVAILABLE)
- privoxy_mutex_unlock(&gmtime_mutex);
-#endif
return 1;
}
ret = strftime(buffer, buffer_size, "%Y%m%d%H%M%S", timeptr);
-#if !defined(HAVE_GMTIME_R) && defined(MUTEX_LOCKS_AVAILABLE)
- privoxy_mutex_unlock(&gmtime_mutex);
-#endif
if (ret != 14)
{
return 1;
}
+
+/*********************************************************************
+ *
+ * Function : host_is_ip_address
+ *
+ * Description : Checks whether or not a host is specified by
+ * IP address. Does not actually validate the
+ * address.
+ *
+ * Parameters :
+ * 1 : host = The host name to check
+ *
+ * Returns : 1 => Yes
+ * 0 => No
+ *
+ *********************************************************************/
+static int host_is_ip_address(const char *host)
+{
+ const char *p;
+
+ if (NULL != strstr(host, ":"))
+ {
+ /* Assume an IPv6 address. */
+ return 1;
+ }
+
+ for (p = host; *p; p++)
+ {
+ if (*p != '.')
+ {
+ if (!privoxy_isdigit(*p))
+ {
+ /* Not a dot or digit so it can't be an IPv4 address. */
+ return 0;
+ }
+ }
+ }
+
+ /*
+ * Host only consists of dots and digits so
+ * assume that is an IPv4 address.
+ */
+ return 1;
+
+}
+
+
/*********************************************************************
*
* Function : generate_webpage_certificate
}
#endif /* MBEDTLS_SHA1_C */
- if (set_subject_alternative_name(&cert, csp->http->host))
+ if (!host_is_ip_address(csp->http->host) &&
+ set_subject_alternative_name(&cert, csp->http->host))
{
/* Errors are already logged by set_subject_alternative_name() */
ret = -1;
"HTTP/1.1 200 OK\r\n"
"Content-Type: text/html\r\n"
"Connection: close\r\n\r\n"
- "<html><body><h1>Server certificate verification failed</h1><p>Reason: ";
+ "<!DOCTYPE html>\n"
+ "<html><head><title>Server certificate verification failed</title></head>\n"
+ "<body><h1>Server certificate verification failed</h1>\n"
+ "<p><a href=\"https://" CGI_SITE_2_HOST "/\">Privoxy</a> was unable "
+ "to securely connnect to the destination server.</p>"
+ "<p>Reason: ";
const char message_end[] = "</body></html>\r\n\r\n";
char reason[INVALID_CERT_INFO_BUF_SIZE];
memset(reason, 0, sizeof(reason));