X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=jcc.c;h=0ca5b5d45fc81d6cdaca4621a42af0dec9e12307;hp=9daee2ee80398340a737f49da22e3b18b9c0e413;hb=836a87456a11821a642b28563de27c2d202fb60b;hpb=f58281d84941033124c3edeb3cb9211fb2e6766c diff --git a/jcc.c b/jcc.c index 9daee2ee..0ca5b5d4 100644 --- a/jcc.c +++ b/jcc.c @@ -5,7 +5,7 @@ * Purpose : Main file. Contains main() method, main loop, and * the main connection-handling function. * - * Copyright : Written by and Copyright (C) 2001-2019 the + * Copyright : Written by and Copyright (C) 2001-2020 the * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -3948,21 +3948,34 @@ static void chat(struct client_state *csp) * with destination server */ int ret = create_server_ssl_connection(csp); - /* - * If TLS/SSL connection wasn't created and invalid certificate - * wasn't detected, we can interrupt this function. Otherwise, we - * must inform client about invalid server certificate. - */ - if (ret != 0 - && (csp->server_cert_verification_result == SSL_CERT_NOT_VERIFIED - || csp->server_cert_verification_result == SSL_CERT_VALID)) + if (ret != 0) { - rsp = error_response(csp, "connect-failed"); - if (rsp) + if (csp->server_cert_verification_result != SSL_CERT_VALID && + csp->server_cert_verification_result != SSL_CERT_NOT_VERIFIED) { - send_crunch_response(csp, rsp); + /* + * If the server certificate is invalid, we must inform + * the client and then close connection to the client. + */ + ssl_send_certificate_error(csp); + close_client_and_server_ssl_connections(csp); + return; + } + if (csp->server_cert_verification_result == SSL_CERT_NOT_VERIFIED + || csp->server_cert_verification_result == SSL_CERT_VALID) + { + /* + * The TLS/SSL connection wasn't created but an invalid + * certificate wasn't detected. Report it as connection + * failure. + */ + rsp = error_response(csp, "connect-failed"); + if (rsp) + { + send_crunch_response(csp, rsp); + } + return; } - return; } } }/* -END- if (http->ssl) */