X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ssl.c;h=0bb549bff7652bf5fc47753b9d3aa1488a644740;hp=a7bf7096f4e295175e6eb63c2d5a066f80b4d0f8;hb=9c5023572da8d77913f62358f46fc6e053085909;hpb=191e671fa862fbddd20fe2e61e2ef9c7d173ddcf

diff --git a/ssl.c b/ssl.c
index a7bf7096..0bb549bf 100644
--- a/ssl.c
+++ b/ssl.c
@@ -50,6 +50,7 @@
 #include "errlog.h"
 #include "jcc.h"
 #include "ssl.h"
+#include "encode.h"
 
 
 /*
@@ -162,7 +163,10 @@ extern int server_use_ssl(const struct client_state *csp)
  *
  * Function    :  is_ssl_pending
  *
- * Description :  Tests if there are some waiting data on ssl connection
+ * Description :  Tests if there are some waiting data on ssl connection.
+ *                Only considers data that has actually been received
+ *                locally and ignores data that is still on the fly
+ *                or has not yet been sent by the remote end.
  *
  * Parameters  :
  *          1  :  ssl = SSL context to test
@@ -648,7 +652,7 @@ static void free_client_ssl_structures(struct client_state *csp)
 {
    /*
    * We can't use function mbedtls_net_free, because this function
-   * inter alia close TCP connection on setted fd. Instead of this
+   * inter alia close TCP connection on set fd. Instead of this
    * function, we change fd to -1, which is the same what does
    * rest of mbedtls_net_free function.
    */
@@ -908,7 +912,7 @@ static void free_server_ssl_structures(struct client_state *csp)
 {
    /*
    * We can't use function mbedtls_net_free, because this function
-   * inter alia close TCP connection on setted fd. Instead of this
+   * inter alia close TCP connection on set fd. Instead of this
    * function, we change fd to -1, which is the same what does
    * rest of mbedtls_net_free function.
    */
@@ -1993,7 +1997,7 @@ extern void ssl_send_certificate_error(struct client_state *csp)
    int ret = 0;
    struct certs_chain *cert = NULL;
 
-   /* Header of message with certificate informations */
+   /* Header of message with certificate information */
    const char message_begin[] =
       "HTTP/1.1 200 OK\r\n"
       "Content-Type: text/html\r\n"
@@ -2018,7 +2022,7 @@ extern void ssl_send_certificate_error(struct client_state *csp)
    {
       size_t base64_len = 4 * ((strlen(cert->file_buf) + 2) / 3) + 1;
 
-      message_len += strlen(cert->text_buf) + strlen("<pre></pre>\n")
+      message_len += strlen(cert->info_buf) + strlen("<pre></pre>\n")
                      +  base64_len + strlen("<a href=\"data:application"
                         "/x-x509-ca-cert;base64,\">Download certificate</a>");
       cert = cert->next;
@@ -2053,7 +2057,7 @@ extern void ssl_send_certificate_error(struct client_state *csp)
       }
 
       strlcat(message, "<pre>",        message_len);
-      strlcat(message, cert->text_buf, message_len);
+      strlcat(message, cert->info_buf, message_len);
       strlcat(message, "</pre>\n",     message_len);
 
       if (ret == 0)
@@ -2118,7 +2122,7 @@ static int ssl_verify_callback(void *csp_void, mbedtls_x509_crt *crt,
     */
    last->next = malloc_or_die(sizeof(struct certs_chain));
    last->next->next = NULL;
-   memset(last->next->text_buf, 0, sizeof(last->next->text_buf));
+   memset(last->next->info_buf, 0, sizeof(last->next->info_buf));
    memset(last->next->file_buf, 0, sizeof(last->next->file_buf));
 
    /*
@@ -2140,8 +2144,15 @@ static int ssl_verify_callback(void *csp_void, mbedtls_x509_crt *crt,
    /*
     * Saving certificate information into buffer
     */
-   mbedtls_x509_crt_info(last->text_buf, sizeof(last->text_buf) - 1,
-      CERT_INFO_PREFIX, crt);
+   {
+      char buf[CERT_INFO_BUF_SIZE];
+      char *encoded_text;
+
+      mbedtls_x509_crt_info(buf, sizeof(buf), CERT_INFO_PREFIX, crt);
+      encoded_text = html_encode(buf);
+      strlcpy(last->info_buf, encoded_text, sizeof(last->info_buf));
+      freez(encoded_text);
+   }
 
    return 0;
 }
@@ -2152,7 +2163,7 @@ static int ssl_verify_callback(void *csp_void, mbedtls_x509_crt *crt,
  * Function    :  free_certificate_chain
  *
  * Description :  Frees certificates linked list. This linked list is
- *                used to save informations about certificates in
+ *                used to save information about certificates in
  *                trusted chain.
  *
  * Parameters  :
@@ -2166,8 +2177,8 @@ static void free_certificate_chain(struct client_state *csp)
    struct certs_chain *cert = csp->server_certs_chain.next;
 
    /* Cleaning buffers */
-   memset(csp->server_certs_chain.text_buf, 0,
-      sizeof(csp->server_certs_chain.text_buf));
+   memset(csp->server_certs_chain.info_buf, 0,
+      sizeof(csp->server_certs_chain.info_buf));
    memset(csp->server_certs_chain.file_buf, 0,
       sizeof(csp->server_certs_chain.file_buf));
    csp->server_certs_chain.next = NULL;
@@ -2255,7 +2266,7 @@ static int host_to_hash(struct client_state *csp)
  * Function    :  tunnel_established_successfully
  *
  * Description :  Check if parent proxy server response contains
- *                informations about successfully created connection with
+ *                information about successfully created connection with
  *                destination server. (HTTP/... 2xx ...)
  *
  * Parameters  :