X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=project.h;h=a9fe8946fdc11c1f498e54ae2c2082d6dde70935;hp=1720e76837e4766eff27a65e5c6c1134d0675c4d;hb=900f06d038b3879e4e254b4517b0b6f6ffdb17e4;hpb=662c02e3ab1cab69b67f869aba490c147fc7741e diff --git a/project.h b/project.h index 1720e768..a9fe8946 100644 --- a/project.h +++ b/project.h @@ -45,6 +45,15 @@ #include "config.h" #ifdef FEATURE_HTTPS_INSPECTION +/* +* Macros for SSL structures +*/ +#define CERT_INFO_BUF_SIZE 4096 +#define CERT_FILE_BUF_SIZE 16384 +#define ISSUER_NAME_BUF_SIZE 2048 +#define HASH_OF_HOST_BUF_SIZE 16 +#endif /* FEATURE_HTTPS_INSPECTION */ + #ifdef FEATURE_PTHREAD # include typedef pthread_mutex_t privoxy_mutex_t; @@ -55,6 +64,7 @@ typedef CRITICAL_SECTION privoxy_mutex_t; #endif +#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS #include "mbedtls/net_sockets.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" @@ -62,15 +72,13 @@ #if defined(MBEDTLS_SSL_CACHE_C) #include "mbedtls/ssl_cache.h" #endif +#endif /* FEATURE_HTTPS_INSPECTION_MBEDTLS */ -/* -* Macros for SSL structures -*/ -#define CERT_INFO_BUF_SIZE 4096 -#define CERT_FILE_BUF_SIZE 16384 -#define ISSUER_NAME_BUF_SIZE 2048 -#define HASH_OF_HOST_BUF_SIZE 16 -#endif +#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL +#include +#include +#include +#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */ /* Need for struct sockaddr_storage */ #ifdef HAVE_RFC2553 @@ -175,7 +183,7 @@ typedef enum privoxy_err jb_err; /** * This macro is used to free a pointer that may be NULL. * It also sets the variable to NULL after it's been freed. - * The paramater should be a simple variable without side effects. + * The parameter should be a simple variable without side effects. */ #define freez(X) { if(X) { free((void*)X); X = NULL ; } } @@ -276,7 +284,7 @@ struct map_entry /** * A map from a string to another string. - * This is used for the paramaters passed in a HTTP GET request, and + * This is used for the parameters passed in a HTTP GET request, and * to store the exports when the CGI interface is filling in a template. */ struct map @@ -287,7 +295,7 @@ struct map struct map_entry *last; }; -#ifdef FEATURE_HTTPS_INSPECTION +#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS /* * Struct of attributes necessary for TLS/SSL connection */ @@ -303,8 +311,17 @@ typedef struct { mbedtls_ssl_cache_context cache; #endif } mbedtls_connection_attr; -#endif +#endif /* FEATURE_HTTPS_INSPECTION_MBEDTLS */ +#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL +/* + * Struct of attributes necessary for TLS/SSL connection + */ +typedef struct { + SSL_CTX* ctx; + BIO *bio; +} openssl_connection_attr; +#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */ /** * A HTTP request. This includes the method (GET, POST) and * the parsed URL. @@ -319,7 +336,7 @@ struct http_request char *ocmd; /**< Backup of original cmd for CLF logging */ char *gpc; /**< HTTP method: GET, POST, ... */ char *url; /**< The URL */ - char *ver; /**< Protocol version */ + char *version; /**< Protocol version */ int status; /**< HTTP Status */ char *host; /**< Host part of URL */ @@ -331,15 +348,13 @@ struct http_request char *host_ip_addr_str; /**< String with dotted decimal representation of host's IP. NULL before connect_to() */ -#ifndef FEATURE_EXTENDED_HOST_PATTERNS char *dbuffer; /**< Buffer with '\0'-delimited domain name. */ char **dvec; /**< List of pointers to the strings in dbuffer. */ int dcount; /**< How many parts to this domain? (length of dvec) */ -#endif /* ndef FEATURE_EXTENDED_HOST_PATTERNS */ #ifdef FEATURE_HTTPS_INSPECTION - int client_ssl; /**< Flag if we should comunicate with slient over ssl */ - int server_ssl; /**< Flag if we should comunicate with server over ssl */ + int client_ssl; /**< Flag if we should communicate with client over ssl */ + int server_ssl; /**< Flag if we should communicate with server over ssl */ unsigned char hash_of_host_hex[(HASH_OF_HOST_BUF_SIZE * 2) + 1]; /**< chars for hash in hex string and one for '\0' */ unsigned char hash_of_host[HASH_OF_HOST_BUF_SIZE+1]; /**< chars for bytes of hash and one for '\0' */ #endif @@ -347,16 +362,11 @@ struct http_request #ifdef FEATURE_HTTPS_INSPECTION -/* - * If this macro is defined, mutexes count for generating - * private keys is changed from 65536 to 32. - */ -#define LIMIT_MUTEX_NUMBER /* * Struct for linked list containing certificates */ typedef struct certs_chain { - char text_buf[CERT_INFO_BUF_SIZE]; /* text info about properties of certificate */ + char info_buf[CERT_INFO_BUF_SIZE]; /* text info about properties of certificate */ char file_buf[CERT_FILE_BUF_SIZE]; /* buffer for whole certificate - format to save in file */ struct certs_chain *next; /* next certificate in chain of trust */ } certs_chain_t; @@ -401,14 +411,14 @@ struct http_response struct url_spec { -#ifdef FEATURE_EXTENDED_HOST_PATTERNS +#ifdef FEATURE_PCRE_HOST_PATTERNS regex_t *host_regex;/**< Regex for host matching */ -#else + enum host_regex_type { VANILLA_HOST_PATTERN, PCRE_HOST_PATTERN } host_regex_type; +#endif /* defined FEATURE_PCRE_HOST_PATTERNS */ char *dbuffer; /**< Buffer with '\0'-delimited domain name, or NULL to match all hosts. */ char **dvec; /**< List of pointers to the strings in dbuffer. */ int dcount; /**< How many parts to this domain? (length of dvec) */ int unanchored; /**< Bitmap - flags are ANCHOR_LEFT and ANCHOR_RIGHT. */ -#endif /* defined FEATURE_EXTENDED_HOST_PATTERNS */ char *port_list; /**< List of acceptable ports, or NULL to match all ports */ @@ -478,13 +488,6 @@ struct iob }; -/** - * Return the number of bytes in the I/O buffer associated with the passed - * I/O buffer. May be zero. - */ -#define IOB_PEEK(IOB) ((IOB->cur > IOB->eod) ? (IOB->eod - IOB->cur) : 0) - - /* Bits for csp->content_type bitmask: */ #define CT_TEXT 0x0001U /**< Suitable for pcrs filtering. */ #define CT_GIF 0x0002U /**< Suitable for GIF filtering. */ @@ -496,13 +499,14 @@ struct iob */ #define CT_GZIP 0x0010U /**< gzip-compressed data. */ #define CT_DEFLATE 0x0020U /**< zlib-compressed data. */ +#define CT_BROTLI 0x0040U /**< Brotli-compressed data. */ /** * Flag to signal that the server declared the content type, * so we can differentiate between unknown and undeclared * content types. */ -#define CT_DECLARED 0x0040U +#define CT_DECLARED 0x0080U /** * The mask which includes all actions. @@ -655,7 +659,7 @@ struct current_action_spec unsigned long flags; /** - * Paramaters for those actions that require them. + * Parameters for those actions that require them. * Each entry is valid if & only if the corresponding entry in "flags" is * set. */ @@ -762,6 +766,9 @@ struct reusable_connection enum forwarder_type forwarder_type; char *gateway_host; int gateway_port; + char *auth_username; + char *auth_password; + char *forward_host; int forward_port; }; @@ -927,7 +934,7 @@ struct reusable_connection #define CSP_FLAG_UNSUPPORTED_CLIENT_EXPECTATION 0x02000000U /** - * Flag for csp->flags: Set if we answered the request ourselve. + * Flag for csp->flags: Set if we answered the request ourselves. */ #define CSP_FLAG_CRUNCHED 0x04000000U @@ -966,6 +973,14 @@ struct reusable_connection */ #define MAX_LISTENING_SOCKETS 10 +struct ssl_attr { +#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS + mbedtls_connection_attr mbedtls_attr; /* Mbed TLS attrs*/ +#endif /* FEATURE_HTTPS_INSPECTION_MBEDTLS */ +#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL + openssl_connection_attr openssl_attr; /* OpenSSL atrrs */ +#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */ +}; /** * The state of a Privoxy processing thread. */ @@ -1020,10 +1035,8 @@ struct client_state /* XXX: should be renamed to server_iob */ struct iob iob[1]; -#ifdef FEATURE_HTTPS_INSPECTION - mbedtls_connection_attr mbedtls_server_attr; /* attributes for connection to server */ - mbedtls_connection_attr mbedtls_client_attr; /* attributes for connection to client */ -#endif + struct ssl_attr ssl_server_attr; /* attributes for connection to server */ + struct ssl_attr ssl_client_attr; /* attributes for connection to client */ /** An I/O buffer used for buffering data read from the client */ struct iob client_iob[1]; @@ -1094,8 +1107,24 @@ struct client_state char *error_message; #ifdef FEATURE_HTTPS_INSPECTION - /* Result of server certificate verification */ + /* Result of server certificate verification + * + * Values for flag determining certificate validity + * are compatible with return value of function + * mbedtls_ssl_get_verify_result() for mbedtls + * and SSL_get_verify_result() for openssl. + * There are no values for "invalid certificate", they are + * set by the functions mentioned above. + */ +#define SSL_CERT_VALID 0 +#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS +#define SSL_CERT_NOT_VERIFIED 0xFFFFFFFF uint32_t server_cert_verification_result; +#endif /* FEATURE_HTTPS_INSPECTION_MBEDTLS */ +#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL +#define SSL_CERT_NOT_VERIFIED ~0L + long server_cert_verification_result; +#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */ /* Flag for certificate validity checking */ int dont_verify_certificate; @@ -1110,7 +1139,7 @@ struct client_state /* * Server certificate chain of trust including strings with certificates - * informations and string with whole certificate file + * information and string with whole certificate file */ struct certs_chain server_certs_chain; #endif @@ -1608,6 +1637,7 @@ struct configuration_spec * INCLUDES the trailing slash. */ #define CGI_PREFIX "http://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/" +#define CGI_PREFIX_HTTPS "https://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/" #endif /* ndef PROJECT_H_INCLUDED */