* Purpose : Main file. Contains main() method, main loop, and
* the main connection-handling function.
*
- * Copyright : Written by and Copyright (C) 2001-2020 the
+ * Copyright : Written by and Copyright (C) 2001-2021 the
* Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
log_error(LOG_LEVEL_ERROR, "Couldn't parse rewritten request: %s.",
jb_err_to_string(err));
}
+ if (http->ssl && strcmpic(csp->http->gpc, "CONNECT"))
+ {
+ /*
+ * A client header filter changed the request URL from
+ * http:// to https:// which we currently don't support.
+ */
+ log_error(LOG_LEVEL_ERROR, "Changing the request destination from http "
+ "to https behind the client's back currently isn't supported.");
+ return JB_ERR_PARSE;
+ }
return err;
}
* elsewhere failed or Privoxy is configured
* to only accept proxy requests.
*
- * An error response has already been send
+ * An error response has already been sent
* and we're done here.
*/
return JB_ERR_PARSE;
strlen(MESSED_UP_REQUEST_RESPONSE), get_write_delay(csp));
/* XXX: Use correct size */
log_error(LOG_LEVEL_CLF,
- "%s - - [%T] \"Invalid request generated\" 500 0", csp->ip_addr_str);
+ "%s - - [%T] \"Invalid request generated\" 400 0", csp->ip_addr_str);
log_error(LOG_LEVEL_ERROR,
"Invalid request line after applying header filters.");
free_http_request(http);
{
jb_err err;
char *original_host = csp->http->host;
+ int original_port = csp->http->port;
log_error(LOG_LEVEL_REDIRECTS, "Rewrite detected: %s",
csp->https_headers->first->str);
{
log_error(LOG_LEVEL_ERROR, "Couldn't parse rewritten request: %s.",
jb_err_to_string(err));
+ freez(original_host);
return err;
}
if (csp->http->host == NULL)
{
+ char port_string[10];
/*
* The rewritten request line did not specify a host
* which means we can use the original host specified
* by the client.
*/
csp->http->host = original_host;
+ csp->http->port = original_port;
log_error(LOG_LEVEL_REDIRECTS, "Keeping the original host: %s",
csp->http->host);
/*
* If the rewritten request line didn't contain a host
* it also didn't contain a port so we can reuse the host
- * and set the port to 443.
+ * port.
*/
freez(csp->http->hostport);
csp->http->hostport = strdup_or_die(csp->http->host);
- csp->http->port = 443;
+ snprintf(port_string, sizeof(port_string), ":%d", original_port);
+ err = string_append(&csp->http->hostport, port_string);
+ if (err != JB_ERR_OK)
+ {
+ log_error(LOG_LEVEL_ERROR, "Failed to rebuild hostport: %s.",
+ jb_err_to_string(err));
+ return err;
+ }
+
/*
* While the request line didn't mention it,
* we're https-inspecting and want to speak TLS
|| (strcmp(csp->http->cmd, csp->https_headers->first->str) &&
(JB_ERR_OK != change_encrypted_request_destination(csp))))
{
- log_error(LOG_LEVEL_ERROR,
- "Failed to get the request destination in the rewritten headers");
ssl_send_data_delayed(&(csp->ssl_client_attr),
- (const unsigned char *)CHEADER, strlen(CHEADER), get_write_delay(csp));
+ (const unsigned char *)MESSED_UP_REQUEST_RESPONSE,
+ strlen(MESSED_UP_REQUEST_RESPONSE), get_write_delay(csp));
+ log_error(LOG_LEVEL_ERROR,
+ "Invalid request line after applying header filters.");
+ /* XXX: Use correct size */
+ log_error(LOG_LEVEL_CLF,
+ "%s - - [%T] \"Invalid request generated\" 400 0", csp->ip_addr_str);
+
return JB_ERR_PARSE;
}
}
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
#ifdef FEATURE_HTTPS_INSPECTION
- if (http->ssl && !use_ssl_tunnel)
+ if (client_use_ssl(csp) && !use_ssl_tunnel)
{
int ret;
/*
#ifdef FEATURE_GRACEFUL_TERMINATION
- log_error(LOG_LEVEL_INFO, "Graceful termination requested");
+ log_error(LOG_LEVEL_INFO, "Graceful termination requested.");
unload_current_config_file();
unload_current_actions_file();
freez(basedir);
#endif
+ log_error(LOG_LEVEL_INFO, "Exiting gracefully.");
+
#if defined(_WIN32) && !defined(_WIN_CONSOLE)
/* Cleanup - remove taskbar icon etc. */
TermLogWindow();
projects / privoxy.git / blobdiff