X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=project.h;h=39fd39ec6d885009bd7bb040b053690b410fb36b;hp=4c594ff7c5b002ac600fbe9c519aea6d2a38191a;hb=41bcde325feaf65a42fe2c4ab21cee5771ac60ad;hpb=8666662f482bbfbb9c8407af506b5b82e2ef0dae

diff --git a/project.h b/project.h
index 4c594ff7..39fd39ec 100644
--- a/project.h
+++ b/project.h
@@ -45,16 +45,16 @@
 #include "config.h"
 
 #ifdef FEATURE_HTTPS_INSPECTION
-#ifdef FEATURE_PTHREAD
-#  include <pthread.h>
-   typedef pthread_mutex_t privoxy_mutex_t;
-#else
-#  ifdef _WIN32
-#     include <windows.h>
-#  endif
-   typedef CRITICAL_SECTION privoxy_mutex_t;
-#endif
+/*
+* Macros for SSL structures
+*/
+#define CERT_INFO_BUF_SIZE         4096
+#define CERT_FILE_BUF_SIZE         16384
+#define ISSUER_NAME_BUF_SIZE       2048
+#define HASH_OF_HOST_BUF_SIZE      16
+#endif /* FEATURE_HTTPS_INSPECTION */
 
+#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
@@ -62,15 +62,18 @@
 #if defined(MBEDTLS_SSL_CACHE_C)
 #include "mbedtls/ssl_cache.h"
 #endif
+#endif /* FEATURE_HTTPS_INSPECTION_MBEDTLS */
 
-/*
-* Macros for SSL structures
-*/
-#define CERT_INFO_BUF_SIZE         4096
-#define CERT_FILE_BUF_SIZE         16384
-#define ISSUER_NAME_BUF_SIZE       2048
-#define HASH_OF_HOST_BUF_SIZE      16
+#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL
+#ifdef _WIN32
+#include <wincrypt.h>
+#undef X509_NAME
+#undef X509_EXTENSIONS
 #endif
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */
 
 /* Need for struct sockaddr_storage */
 #ifdef HAVE_RFC2553
@@ -287,7 +290,7 @@ struct map
    struct map_entry *last;
 };
 
-#ifdef FEATURE_HTTPS_INSPECTION
+#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS
 /*
  * Struct of attributes necessary for TLS/SSL connection
  */
@@ -298,13 +301,23 @@ typedef struct {
    mbedtls_x509_crt         server_cert;
    mbedtls_x509_crt         ca_cert;
    mbedtls_pk_context       prim_key;
+   int                     *ciphersuites_list;
 
    #if defined(MBEDTLS_SSL_CACHE_C)
       mbedtls_ssl_cache_context cache;
    #endif
 } mbedtls_connection_attr;
-#endif
+#endif /* FEATURE_HTTPS_INSPECTION_MBEDTLS */
 
+#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL
+/*
+ * Struct of attributes necessary for TLS/SSL connection
+ */
+typedef struct {
+   SSL_CTX *ctx;
+   BIO *bio;
+} openssl_connection_attr;
+#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */
 /**
  * A HTTP request.  This includes the method (GET, POST) and
  * the parsed URL.
@@ -471,13 +484,6 @@ struct iob
 };
 
 
-/**
- * Return the number of bytes in the I/O buffer associated with the passed
- * I/O buffer. May be zero.
- */
-#define IOB_PEEK(IOB) ((IOB->cur > IOB->eod) ? (IOB->eod - IOB->cur) : 0)
-
-
 /* Bits for csp->content_type bitmask: */
 #define CT_TEXT    0x0001U /**< Suitable for pcrs filtering. */
 #define CT_GIF     0x0002U /**< Suitable for GIF filtering.  */
@@ -633,8 +639,12 @@ struct iob
 #define ACTION_MULTI_SERVER_HEADER_TAGGER    5
 /** Number of multi-string actions. */
 #define ACTION_MULTI_EXTERNAL_FILTER         6
+/** Index into current_action_spec::multi[] for tags to suppress. */
+#define ACTION_MULTI_SUPPRESS_TAG            7
+/** Index into current_action_spec::multi[] for client body filters to apply. */
+#define ACTION_MULTI_CLIENT_BODY_FILTER      8
 /** Number of multi-string actions. */
-#define ACTION_MULTI_COUNT                   7
+#define ACTION_MULTI_COUNT                   9
 
 
 /**
@@ -756,6 +766,9 @@ struct reusable_connection
    enum forwarder_type forwarder_type;
    char *gateway_host;
    int  gateway_port;
+   char *auth_username;
+   char *auth_password;
+
    char *forward_host;
    int  forward_port;
 };
@@ -960,6 +973,14 @@ struct reusable_connection
  */
 #define MAX_LISTENING_SOCKETS 10
 
+struct ssl_attr {
+#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS
+   mbedtls_connection_attr  mbedtls_attr; /* Mbed TLS attrs*/
+#endif /* FEATURE_HTTPS_INSPECTION_MBEDTLS */
+#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL
+   openssl_connection_attr  openssl_attr; /* OpenSSL atrrs */
+#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */
+};
 /**
  * The state of a Privoxy processing thread.
  */
@@ -1014,10 +1035,8 @@ struct client_state
    /* XXX: should be renamed to server_iob */
    struct iob iob[1];
 
-#ifdef FEATURE_HTTPS_INSPECTION
-   mbedtls_connection_attr  mbedtls_server_attr; /* attributes for connection to server */
-   mbedtls_connection_attr  mbedtls_client_attr; /* attributes for connection to client */
-#endif
+   struct ssl_attr ssl_server_attr; /* attributes for connection to server */
+   struct ssl_attr ssl_client_attr; /* attributes for connection to client */
 
    /** An I/O buffer used for buffering data read from the client */
    struct iob client_iob[1];
@@ -1088,8 +1107,24 @@ struct client_state
    char *error_message;
 
 #ifdef FEATURE_HTTPS_INSPECTION
-   /* Result of server certificate verification */
+   /* Result of server certificate verification
+    *
+    * Values for flag determining certificate validity
+    * are compatible with return value of function
+    * mbedtls_ssl_get_verify_result() for mbedtls
+    * and SSL_get_verify_result() for openssl.
+    * There are no values for "invalid certificate", they are
+    * set by the functions mentioned above.
+    */
+#define SSL_CERT_VALID          0
+#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS
+#define SSL_CERT_NOT_VERIFIED   0xFFFFFFFF
    uint32_t server_cert_verification_result;
+#endif /* FEATURE_HTTPS_INSPECTION_MBEDTLS */
+#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL
+#define SSL_CERT_NOT_VERIFIED    ~0L
+   long server_cert_verification_result;
+#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */
 
    /* Flag for certificate validity checking */
    int dont_verify_certificate;
@@ -1259,16 +1294,18 @@ enum filter_type
    FT_SERVER_HEADER_FILTER = 2,
    FT_CLIENT_HEADER_TAGGER = 3,
    FT_SERVER_HEADER_TAGGER = 4,
+   FT_SUPPRESS_TAG = 5,
+   FT_CLIENT_BODY_FILTER = 6,
 #ifdef FEATURE_EXTERNAL_FILTERS
-   FT_EXTERNAL_CONTENT_FILTER = 5,
+   FT_EXTERNAL_CONTENT_FILTER = 7,
 #endif
    FT_INVALID_FILTER       = 42,
 };
 
 #ifdef FEATURE_EXTERNAL_FILTERS
-#define MAX_FILTER_TYPES        6
+#define MAX_FILTER_TYPES        8
 #else
-#define MAX_FILTER_TYPES        5
+#define MAX_FILTER_TYPES        7
 #endif
 
 /**
@@ -1548,6 +1585,9 @@ struct configuration_spec
    /** Directory for saving certificates and keys for each webpage **/
    char *certificate_directory;
 
+   /** Cipher list to use **/
+   char *cipher_list;
+
    /** Filename of trusted CAs certificates **/
    char * trusted_cas_file;
 #endif
@@ -1601,8 +1641,13 @@ struct configuration_spec
  * The prefix for CGI pages.  Written out in generated HTML.
  * INCLUDES the trailing slash.
  */
+#ifdef FEATURE_HTTPS_INSPECTION
+#define CGI_PREFIX  "//" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
+#define CGI_PREFIX_HTTPS "https:" CGI_PREFIX
+#else
 #define CGI_PREFIX  "http://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
-#define CGI_PREFIX_HTTPS "https://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
+#endif
+#define CGI_PREFIX_HTTP  "http://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
 
 #endif /* ndef PROJECT_H_INCLUDED */