X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ssl.c;h=afd9af450c193689b22b7cdf87c0be559f513782;hp=4f187c24070b94328802cfe4ef3d2b7e59883f65;hb=c48d1d6d08996116cbcea55cd3fc6c2a558e499a;hpb=e1027d1e0c44440e654652cf5e24d24426fbf594 diff --git a/ssl.c b/ssl.c index 4f187c24..afd9af45 100644 --- a/ssl.c +++ b/ssl.c @@ -3,10 +3,11 @@ * File : $Source: /cvsroot/ijbswa/current/ssl.c,v $ * * Purpose : File with TLS/SSL extension. Contains methods for - * creating, using and closing TLS/SSL connections. + * creating, using and closing TLS/SSL connections + * using mbedTLS. * * Copyright : Written by and Copyright (c) 2017-2020 Vaclav Svec. FIT CVUT. - * Copyright (C) 2018-2020 by Fabian Keil + * Copyright (C) 2018-2021 by Fabian Keil * * This program is free software; you can redistribute it * and/or modify it under the terms of the GNU General @@ -479,7 +480,10 @@ extern int create_client_ssl_connection(struct client_state *csp) } } - log_error(LOG_LEVEL_CONNECT, "Client successfully connected over TLS/SSL"); + log_error(LOG_LEVEL_CONNECT, "Client successfully connected over %s (%s).", + mbedtls_ssl_get_version(&(ssl_attr->mbedtls_attr.ssl)), + mbedtls_ssl_get_ciphersuite(&(ssl_attr->mbedtls_attr.ssl))); + csp->ssl_with_client_is_opened = 1; exit: @@ -754,7 +758,9 @@ extern int create_server_ssl_connection(struct client_state *csp) } } - log_error(LOG_LEVEL_CONNECT, "Server successfully connected over TLS/SSL"); + log_error(LOG_LEVEL_CONNECT, "Server successfully connected over %s (%s).", + mbedtls_ssl_get_version(&(ssl_attr->mbedtls_attr.ssl)), + mbedtls_ssl_get_ciphersuite(&(ssl_attr->mbedtls_attr.ssl))); /* * Server certificate chain is valid, so we can clean @@ -1701,6 +1707,7 @@ static int ssl_verify_callback(void *csp_void, mbedtls_x509_crt *crt, struct certs_chain *last = &(csp->server_certs_chain); size_t olen = 0; int ret = 0; + size_t pem_buffer_length; /* * Searching for last item in certificates linked list @@ -1716,14 +1723,33 @@ static int ssl_verify_callback(void *csp_void, mbedtls_x509_crt *crt, last->next = malloc_or_die(sizeof(struct certs_chain)); last->next->next = NULL; memset(last->next->info_buf, 0, sizeof(last->next->info_buf)); - memset(last->next->file_buf, 0, sizeof(last->next->file_buf)); + last->next->file_buf = NULL; + + ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, crt->raw.p, + crt->raw.len, NULL, 0, &olen); + if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != ret) + { + log_error(LOG_LEVEL_ERROR, + "Failed to figure out the required X509 PEM certificate buffer size"); + return -1; + } + pem_buffer_length = olen; + + last->file_buf = malloc(pem_buffer_length); + if (last->file_buf == NULL) + { + log_error(LOG_LEVEL_ERROR, + "Failed to allocate %lu bytes to store the X509 PEM certificate", + pem_buffer_length); + return -1; + } /* * Saving certificate file into buffer */ if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, crt->raw.p, crt->raw.len, (unsigned char *)last->file_buf, - sizeof(last->file_buf)-1, &olen)) != 0) + pem_buffer_length, &olen)) != 0) { char err_buf[ERROR_BUF_SIZE]; @@ -1902,6 +1928,7 @@ extern void ssl_crt_verify_info(char *buf, size_t size, struct client_state *csp } +#ifdef FEATURE_GRACEFUL_TERMINATION /********************************************************************* * * Function : ssl_release @@ -1921,6 +1948,7 @@ extern void ssl_release(void) mbedtls_entropy_free(&entropy); } } +#endif /* def FEATURE_GRACEFUL_TERMINATION */ /********************************************************************* @@ -1949,7 +1977,7 @@ static int *get_ciphersuites_from_string(const char *parameter_string) size_t parameter_len = strlen(parameter_string); ciphersuites_string = zalloc_or_die(parameter_len + 1); - strncpy(ciphersuites_string, parameter_string, parameter_len); + strlcpy(ciphersuites_string, parameter_string, parameter_len + 1); ciphersuites_index = ciphersuites_string; while (*ciphersuites_index)