X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ssl_common.c;h=18817137f1e38265ffc4ec3e8828fa7818341e04;hp=486b9aa5bfb71d3bf53c4c9543dca90c6935d518;hb=6d67d8973b484f5a781fd46a04dc2410b769f970;hpb=8758d26b120e91b2ab6598dc5dada5d6a8e9d394 diff --git a/ssl_common.c b/ssl_common.c index 486b9aa5..18817137 100644 --- a/ssl_common.c +++ b/ssl_common.c @@ -7,7 +7,7 @@ * not depend on particular TLS/SSL library. * * Copyright : Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT. - * Copyright (C) 2018-2020 by Fabian Keil + * Copyright (C) 2018-2021 by Fabian Keil * * This program is free software; you can redistribute it * and/or modify it under the terms of the GNU General @@ -290,8 +290,8 @@ extern void free_certificate_chain(struct client_state *csp) /* Cleaning buffers */ memset(csp->server_certs_chain.info_buf, 0, sizeof(csp->server_certs_chain.info_buf)); - memset(csp->server_certs_chain.file_buf, 0, - sizeof(csp->server_certs_chain.file_buf)); + freez(csp->server_certs_chain.file_buf); + csp->server_certs_chain.next = NULL; /* Freeing memory in whole linked list */ @@ -299,6 +299,11 @@ extern void free_certificate_chain(struct client_state *csp) { struct certs_chain *cert_for_free = cert; cert = cert->next; + + /* Cleaning buffers */ + memset(cert_for_free->info_buf, 0, sizeof(cert_for_free->info_buf)); + freez(cert_for_free->file_buf); + freez(cert_for_free); } } @@ -328,7 +333,7 @@ extern void ssl_send_certificate_error(struct client_state *csp) /* Header of message with certificate information */ const char message_begin[] = - "HTTP/1.1 200 OK\r\n" + "HTTP/1.1 403 Certificate validation failed\r\n" "Content-Type: text/html\r\n" "Connection: close\r\n\r\n" "\n" @@ -337,7 +342,7 @@ extern void ssl_send_certificate_error(struct client_state *csp) "

Privoxy was unable " "to securely connect to the destination server.

" "

Reason: "; - const char message_end[] = "\r\n\r\n"; + const char message_end[] = "\n"; char reason[INVALID_CERT_INFO_BUF_SIZE]; memset(reason, 0, sizeof(reason)); @@ -405,6 +410,16 @@ extern void ssl_send_certificate_error(struct client_state *csp) } strlcat(message, message_end, message_len); + if (0 == strcmpic(csp->http->gpc, "HEAD")) + { + /* Cut off body */ + char *header_end = strstr(message, "\r\n\r\n"); + if (header_end != NULL) + { + header_end[3] = '\0'; + } + } + /* * Sending final message to client */ @@ -414,7 +429,7 @@ extern void ssl_send_certificate_error(struct client_state *csp) log_error(LOG_LEVEL_CRUNCH, "Certificate error: %s: https://%s%s", reason, csp->http->hostport, csp->http->path); - log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s https://%s%s %s\" 200 %lu", + log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s https://%s%s %s\" 403 %lu", csp->ip_addr_str, csp->http->gpc, csp->http->hostport, csp->http->path, csp->http->version, message_len-head_length); @@ -658,49 +673,6 @@ extern int get_certificate_valid_to_date(char *buffer, size_t buffer_size, const } -/********************************************************************* - * - * Function : host_is_ip_address - * - * Description : Checks whether or not a host is specified by - * IP address. Does not actually validate the - * address. - * - * Parameters : - * 1 : host = The host name to check - * - * Returns : 1 => Yes - * 0 => No - * - *********************************************************************/ -extern int host_is_ip_address(const char *host) -{ - const char *p; - - if (NULL != strstr(host, ":")) - { - /* Assume an IPv6 address. */ - return 1; - } - - for (p = host; *p; p++) - { - if ((*p != '.') && !privoxy_isdigit(*p)) - { - /* Not a dot or digit so it can't be an IPv4 address. */ - return 0; - } - } - - /* - * Host only consists of dots and digits so - * assume that is an IPv4 address. - */ - return 1; - -} - - /********************************************************************* * * Function : enforce_sane_certificate_state