X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ssl_common.c;h=18817137f1e38265ffc4ec3e8828fa7818341e04;hp=20c1b24fc5310de0030c104e49733840fee971c0;hb=4cedd5b95a23a92715dcc666bc46f84981f8788f;hpb=07d3ffdfb75d55d07fa8fc9e79f7829d9e8e476f
diff --git a/ssl_common.c b/ssl_common.c
index 20c1b24f..18817137 100644
--- a/ssl_common.c
+++ b/ssl_common.c
@@ -7,7 +7,7 @@
* not depend on particular TLS/SSL library.
*
* Copyright : Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT.
- * Copyright (C) 2018-2020 by Fabian Keil
+ * Copyright (C) 2018-2021 by Fabian Keil
*
* This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
@@ -31,6 +31,7 @@
#include
#include
+#include
#include "config.h"
#include "project.h"
#include "miscutil.h"
@@ -289,8 +290,8 @@ extern void free_certificate_chain(struct client_state *csp)
/* Cleaning buffers */
memset(csp->server_certs_chain.info_buf, 0,
sizeof(csp->server_certs_chain.info_buf));
- memset(csp->server_certs_chain.file_buf, 0,
- sizeof(csp->server_certs_chain.file_buf));
+ freez(csp->server_certs_chain.file_buf);
+
csp->server_certs_chain.next = NULL;
/* Freeing memory in whole linked list */
@@ -298,6 +299,11 @@ extern void free_certificate_chain(struct client_state *csp)
{
struct certs_chain *cert_for_free = cert;
cert = cert->next;
+
+ /* Cleaning buffers */
+ memset(cert_for_free->info_buf, 0, sizeof(cert_for_free->info_buf));
+ freez(cert_for_free->file_buf);
+
freez(cert_for_free);
}
}
@@ -323,19 +329,20 @@ extern void ssl_send_certificate_error(struct client_state *csp)
size_t message_len = 0;
int ret = 0;
struct certs_chain *cert = NULL;
+ const size_t head_length = 63;
/* Header of message with certificate information */
const char message_begin[] =
- "HTTP/1.1 200 OK\r\n"
+ "HTTP/1.1 403 Certificate validation failed\r\n"
"Content-Type: text/html\r\n"
"Connection: close\r\n\r\n"
"\n"
"Server certificate verification failed\n"
"Server certificate verification failed
\n"
"Privoxy was unable "
- "to securely connnect to the destination server.
"
+ "to securely connect to the destination server.
"
"Reason: ";
- const char message_end[] = "\r\n\r\n";
+ const char message_end[] = "