X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=jcc.c;h=614c7f188202ce9a900325954abe0683fd9fe055;hb=12c8dc0f934964557294fcee2ea4b5444754e032;hp=2000667ac1f25865af08adaa9579dcabfcfe26e7;hpb=37e87f7b7dbce1ebf3cddd690ce2696b2d0375f6;p=privoxy.git diff --git a/jcc.c b/jcc.c index 2000667a..614c7f18 100644 --- a/jcc.c +++ b/jcc.c @@ -146,7 +146,7 @@ int g_terminate = 0; #if !defined(_WIN32) && !defined(__OS2__) static void sig_handler(int the_signal); #endif -static int client_protocol_is_unsupported(const struct client_state *csp, char *req); +static int client_protocol_is_unsupported(struct client_state *csp, char *req); static jb_err get_request_destination_elsewhere(struct client_state *csp, struct list *headers); static jb_err get_server_headers(struct client_state *csp); static const char *crunch_reason(const struct http_response *rsp); @@ -445,7 +445,7 @@ static unsigned int get_write_delay(const struct client_state *csp) * FALSE if the request doesn't look invalid. * *********************************************************************/ -static int client_protocol_is_unsupported(const struct client_state *csp, char *req) +static int client_protocol_is_unsupported(struct client_state *csp, char *req) { /* * If it's a FTP or gopher request, we don't support it. @@ -481,8 +481,19 @@ static int client_protocol_is_unsupported(const struct client_state *csp, char * log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 400 0", csp->ip_addr_str, req); freez(req); - write_socket_delayed(csp->cfd, response, strlen(response), - get_write_delay(csp)); + +#ifdef FEATURE_HTTPS_INSPECTION + if (client_use_ssl(csp)) + { + ssl_send_data(&(csp->mbedtls_client_attr.ssl), + (const unsigned char *)response, strlen(response)); + } + else +#endif + { + write_socket_delayed(csp->cfd, response, strlen(response), + get_write_delay(csp)); + } return TRUE; } @@ -2244,6 +2255,8 @@ static jb_err process_encrypted_request(struct client_state *csp) if (err != JB_ERR_OK) { /* XXX: Also used for JB_ERR_MEMORY */ + log_error(LOG_LEVEL_ERROR, "Failed to receive encrypted request: %s", + jb_err_to_string(err)); ssl_send_data(&(csp->mbedtls_client_attr.ssl), (const unsigned char *)CHEADER, strlen(CHEADER)); return err; @@ -2253,6 +2266,7 @@ static jb_err process_encrypted_request(struct client_state *csp) request_line = get_header(csp->client_iob); if (request_line == NULL) { + log_error(LOG_LEVEL_ERROR, "Failed to get the encrypted request line"); ssl_send_data(&(csp->mbedtls_client_attr.ssl), (const unsigned char *)CHEADER, strlen(CHEADER)); return JB_ERR_PARSE; @@ -2261,8 +2275,11 @@ static jb_err process_encrypted_request(struct client_state *csp) if (client_protocol_is_unsupported(csp, request_line)) { - ssl_send_data(&(csp->mbedtls_client_attr.ssl), - (const unsigned char *)CHEADER, strlen(CHEADER)); + /* + * If the protocol is unsupported we're done here. + * client_protocol_is_unsupported() took care of sending + * the error response and logging the error message. + */ return JB_ERR_PARSE; } @@ -2316,6 +2333,8 @@ static jb_err process_encrypted_request(struct client_state *csp) * Our attempts to get the request destination * elsewhere failed. */ + log_error(LOG_LEVEL_ERROR, + "Failed to get the encrypted request destination"); ssl_send_data(&(csp->mbedtls_client_attr.ssl), (const unsigned char *)CHEADER, strlen(CHEADER)); return JB_ERR_PARSE; @@ -3757,6 +3776,9 @@ static void chat(struct client_state *csp) * client body in the buffer (if there is one) and to * continue parsing the bytes that follow. */ +#ifdef FEATURE_HTTPS_INSPECTION + close_client_ssl_connection(csp); +#endif drain_and_close_socket(csp->cfd); csp->cfd = JB_INVALID_SOCKET;