X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=project.h;h=cd545b7abe94088f5b744608330b5a29ab48acbb;hp=78d53ce3dca5a2e6cb4dfe9e152cc362c948e4ca;hb=144ed390b637d609d4544eca8e99f56043192928;hpb=9fd58c0d3a56323ce94837f217e6609e9c7b2402 diff --git a/project.h b/project.h index 78d53ce3..cd545b7a 100644 --- a/project.h +++ b/project.h @@ -44,6 +44,34 @@ /* Needed for pcre choice */ #include "config.h" +#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_PTHREAD +# include + typedef pthread_mutex_t privoxy_mutex_t; +#else +# ifdef _WIN32 +# include +# endif + typedef CRITICAL_SECTION privoxy_mutex_t; +#endif + +#include "mbedtls/net_sockets.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + +#if defined(MBEDTLS_SSL_CACHE_C) +#include "mbedtls/ssl_cache.h" +#endif + +/* +* Macros for SSL structures +*/ +#define CERT_INFO_BUF_SIZE 4096 +#define CERT_FILE_BUF_SIZE 16384 +#define ISSUER_NAME_BUF_SIZE 2048 +#define HASH_OF_HOST_BUF_SIZE 16 +#endif + /* Need for struct sockaddr_storage */ #ifdef HAVE_RFC2553 # ifndef _WIN32 @@ -259,6 +287,23 @@ struct map struct map_entry *last; }; +#ifdef FEATURE_HTTPS_FILTERING +/* + * Struct of attributes necessary for TLS/SSL connection + */ +typedef struct { + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_net_context socket_fd; + mbedtls_x509_crt server_cert; + mbedtls_x509_crt ca_cert; + mbedtls_pk_context prim_key; + + #if defined(MBEDTLS_SSL_CACHE_C) + mbedtls_ssl_cache_context cache; + #endif +} mbedtls_connection_attr; +#endif /** * A HTTP request. This includes the method (GET, POST) and @@ -291,8 +336,27 @@ struct http_request char **dvec; /**< List of pointers to the strings in dbuffer. */ int dcount; /**< How many parts to this domain? (length of dvec) */ #endif /* ndef FEATURE_EXTENDED_HOST_PATTERNS */ + +#ifdef FEATURE_HTTPS_FILTERING + int client_ssl; /**< Flag if we should comunicate with slient over ssl */ + int server_ssl; /**< Flag if we should comunicate with server over ssl */ + unsigned char hash_of_host_hex[(HASH_OF_HOST_BUF_SIZE * 2) + 1]; /**< chars for hash in hex string and one for '\0' */ + unsigned char hash_of_host[HASH_OF_HOST_BUF_SIZE+1]; /**< chars for bytes of hash and one for '\0' */ +#endif }; + +#ifdef FEATURE_HTTPS_FILTERING +/* + * Struct for linked list containing certificates + */ +typedef struct certs_chain { + char text_buf[CERT_INFO_BUF_SIZE]; /* text info about properties of certificate */ + char file_buf[CERT_FILE_BUF_SIZE]; /* buffer for whole certificate - format to save in file */ + struct certs_chain *next; /* next certificate in chain of trust */ +}certs_chain_t; +#endif + /** * Reasons for generating a http_response instead of delivering * the requested resource. Mostly ordered the way they are checked @@ -503,7 +567,10 @@ struct iob #define ACTION_LIMIT_COOKIE_LIFETIME 0x08000000UL /** Action bitmap: Delay writes */ #define ACTION_DELAY_RESPONSE 0x10000000UL - +/** Action bitmap: Turn https filtering on */ +#define ACTION_ENABLE_HTTPS_FILTER 0x20000000UL +/** Action bitmap: Turn certificates verification off */ +#define ACTION_IGNORE_CERTIFICATE_ERRORS 0x40000000UL /** Action string index: How to deanimate GIFs */ #define ACTION_STRING_DEANIMATE 0 @@ -886,7 +953,7 @@ struct reusable_connection * Maximum number of actions/filter files. This limit is arbitrary - it's just used * to size an array. */ -#define MAX_AF_FILES 30 +#define MAX_AF_FILES 100 /** * Maximum number of sockets to listen to. This limit is arbitrary - it's just used @@ -948,6 +1015,11 @@ struct client_state /* XXX: should be renamed to server_iob */ struct iob iob[1]; +#ifdef FEATURE_HTTPS_FILTERING + mbedtls_connection_attr mbedtls_server_attr; /* attributes for connection to server */ + mbedtls_connection_attr mbedtls_client_attr; /* attributes for connection to client */ +#endif + /** An I/O buffer used for buffering data read from the client */ struct iob client_iob[1]; @@ -960,6 +1032,11 @@ struct client_state /** List of all headers for this request */ struct list headers[1]; +#ifdef FEATURE_HTTPS_FILTERING + /** List of all encrypted headers for this request */ + struct list https_headers[1]; +#endif + /** List of all tags that apply to this request */ struct list tags[1]; @@ -1010,6 +1087,28 @@ struct client_state * or NULL. Currently only used for socks errors. */ char *error_message; + +#ifdef FEATURE_HTTPS_FILTERING + /* Result of server certificate verification */ + uint32_t server_cert_verification_result; + + /* Flag for certificate validity checking */ + int dont_verify_certificate; + + /* + * Flags if SSL connection with server or client is opened. + * Thanks to this flags, we can call function to close both connections + * and we don't have to care about more details. + */ + int ssl_with_server_is_opened; + int ssl_with_client_is_opened; + + /* + * Server certificate chain of trust including strings with certificates + * informations and string with whole certificate file + */ + struct certs_chain server_certs_chain; +#endif }; /** @@ -1136,6 +1235,12 @@ struct forward_spec /** SOCKS server port. */ int gateway_port; + /** SOCKS5 username. */ + char *auth_username; + + /** SOCKS5 password. */ + char *auth_password; + /** Parent HTTP proxy hostname, or NULL for none. */ char *forward_host; @@ -1427,6 +1532,26 @@ struct configuration_spec /** Nonzero if we need to bind() to the new port. */ int need_bind; + +#ifdef FEATURE_HTTPS_FILTERING + /** Password for proxy ca file **/ + char * ca_password; + + /** Directory with files of ca **/ + char *ca_directory; + + /** Filename of ca certificate **/ + char * ca_cert_file; + + /** Filename of ca key **/ + char * ca_key_file; + + /** Directory for saving certificates and keys for each webpage **/ + char *certificate_directory; + + /** Filename of trusted CAs certificates **/ + char * trusted_cas_file; +#endif }; /** Calculates the number of elements in an array, using sizeof. */