Add support for Websockets with https inspection enabled

[privoxy.git] / ssl.c

diff --git a/ssl.c b/ssl.c
index 30b6f58..7334fb9 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -170,7 +170,8 @@ extern int ssl_send_data(struct ssl_attr *ssl_attr, const unsigned char *buf, si
          send_len = (int)max_fragment_size;
       }
 
-      log_error(LOG_LEVEL_WRITING, "TLS: %N", send_len, buf+pos);
+      log_error(LOG_LEVEL_WRITING, "TLS on socket %d: %N",
+         ssl_attr->mbedtls_attr.socket_fd.fd, send_len, buf+pos);
 
       /*
        * Sending one part of the buffer
@@ -186,7 +187,8 @@ extern int ssl_send_data(struct ssl_attr *ssl_attr, const unsigned char *buf, si
 
             mbedtls_strerror(ret, err_buf, sizeof(err_buf));
             log_error(LOG_LEVEL_ERROR,
-               "Sending data over TLS/SSL failed: %s", err_buf);
+               "Sending data on socket %d over TLS/SSL failed: %s",
+               ssl_attr->mbedtls_attr.socket_fd.fd, err_buf);
             return -1;
          }
       }
@@ -235,51 +237,26 @@ extern int ssl_recv_data(struct ssl_attr *ssl_attr, unsigned char *buf, size_t m
 
       if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
       {
-         log_error(LOG_LEVEL_CONNECT,
-            "The peer notified us that the connection is going to be closed");
+         log_error(LOG_LEVEL_CONNECT, "The peer notified us that "
+            "the connection on socket %d is going to be closed",
+            ssl_attr->mbedtls_attr.socket_fd.fd);
          return 0;
       }
       mbedtls_strerror(ret, err_buf, sizeof(err_buf));
       log_error(LOG_LEVEL_ERROR,
-         "Receiving data over TLS/SSL failed: %s", err_buf);
+         "Receiving data on socket %d over TLS/SSL failed: %s",
+         ssl_attr->mbedtls_attr.socket_fd.fd, err_buf);
 
       return -1;
    }
 
-   log_error(LOG_LEVEL_RECEIVED, "TLS: %N", ret, buf);
+   log_error(LOG_LEVEL_RECEIVED, "TLS from socket %d: %N",
+      ssl_attr->mbedtls_attr.socket_fd.fd, ret, buf);
 
    return ret;
 }
 
 
-/*********************************************************************
- *
- * Function    :  ssl_debug_callback
- *
- * Description :  Debug callback function for mbedtls library.
- *                Prints info into log file.
- *
- * Parameters  :
- *          1  :  ctx   = File to save log in
- *          2  :  level = Debug level
- *          3  :  file  = File calling debug message
- *          4  :  line  = Line calling debug message
- *          5  :  str   = Debug message
- *
- * Returns     :  N/A
- *
- *********************************************************************/
-static void ssl_debug_callback(void *ctx, int level, const char *file, int line, const char *str)
-{
-   /*
-   ((void)level);
-   fprintf((FILE *)ctx, "%s:%04d: %s", file, line, str);
-   fflush((FILE *)ctx);
-   log_error(LOG_LEVEL_INFO, "SSL debug message: %s:%04d: %s", file, line, str);
-   */
-}
-
-
 /*********************************************************************
  *
  * Function    :  create_client_ssl_connection
@@ -422,8 +399,6 @@ extern int create_client_ssl_connection(struct client_state *csp)
 
    mbedtls_ssl_conf_rng(&(ssl_attr->mbedtls_attr.conf),
       mbedtls_ctr_drbg_random, &ctr_drbg);
-   mbedtls_ssl_conf_dbg(&(ssl_attr->mbedtls_attr.conf),
-      ssl_debug_callback, stdout);
 
 #if defined(MBEDTLS_SSL_CACHE_C)
    mbedtls_ssl_conf_session_cache(&(ssl_attr->mbedtls_attr.conf),
@@ -677,8 +652,6 @@ extern int create_server_ssl_connection(struct client_state *csp)
 
    mbedtls_ssl_conf_rng(&(ssl_attr->mbedtls_attr.conf),
       mbedtls_ctr_drbg_random, &ctr_drbg);
-   mbedtls_ssl_conf_dbg(&(ssl_attr->mbedtls_attr.conf),
-      ssl_debug_callback, stdout);
 
    ret = mbedtls_ssl_setup(&(ssl_attr->mbedtls_attr.ssl),
       &(ssl_attr->mbedtls_attr.conf));
@@ -1726,6 +1699,12 @@ static int ssl_verify_callback(void *csp_void, mbedtls_x509_crt *crt,
 
       mbedtls_x509_crt_info(buf, sizeof(buf), CERT_INFO_PREFIX, crt);
       encoded_text = html_encode(buf);
+      if (encoded_text == NULL)
+      {
+         log_error(LOG_LEVEL_ERROR,
+            "Failed to HTML-encode the certificate information");
+         return -1;
+      }
       strlcpy(last->info_buf, encoded_text, sizeof(last->info_buf));
       freez(encoded_text);
    }