X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ssl_common.c;h=a8dd371efa1953aafd6790a65875786ebdcbfa16;hp=486b9aa5bfb71d3bf53c4c9543dca90c6935d518;hb=0ef5eb878212dd921cf08f842215db04506854af;hpb=8758d26b120e91b2ab6598dc5dada5d6a8e9d394

diff --git a/ssl_common.c b/ssl_common.c
index 486b9aa5..a8dd371e 100644
--- a/ssl_common.c
+++ b/ssl_common.c
@@ -7,7 +7,7 @@
  *                not depend on particular TLS/SSL library.
  *
  * Copyright   :  Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT.
- *                Copyright (C) 2018-2020 by Fabian Keil <fk@fabiankeil.de>
+ *                Copyright (C) 2018-2021 by Fabian Keil <fk@fabiankeil.de>
  *
  *                This program is free software; you can redistribute it
  *                and/or modify it under the terms of the GNU General
@@ -328,7 +328,7 @@ extern void ssl_send_certificate_error(struct client_state *csp)
 
    /* Header of message with certificate information */
    const char message_begin[] =
-      "HTTP/1.1 200 OK\r\n"
+      "HTTP/1.1 403 Certificate validation failed\r\n"
       "Content-Type: text/html\r\n"
       "Connection: close\r\n\r\n"
       "<!DOCTYPE html>\n"
@@ -337,7 +337,7 @@ extern void ssl_send_certificate_error(struct client_state *csp)
       "<p><a href=\"https://" CGI_SITE_2_HOST "/\">Privoxy</a> was unable "
       "to securely connect to the destination server.</p>"
       "<p>Reason: ";
-   const char message_end[] = "</body></html>\r\n\r\n";
+   const char message_end[] = "</body></html>\n";
    char reason[INVALID_CERT_INFO_BUF_SIZE];
    memset(reason, 0, sizeof(reason));
 
@@ -405,6 +405,16 @@ extern void ssl_send_certificate_error(struct client_state *csp)
    }
    strlcat(message, message_end, message_len);
 
+   if (0 == strcmpic(csp->http->gpc, "HEAD"))
+   {
+      /* Cut off body */
+      char *header_end = strstr(message, "\r\n\r\n");
+      if (header_end != NULL)
+      {
+         header_end[3] = '\0';
+      }
+   }
+
    /*
     * Sending final message to client
     */
@@ -414,7 +424,7 @@ extern void ssl_send_certificate_error(struct client_state *csp)
 
    log_error(LOG_LEVEL_CRUNCH, "Certificate error: %s: https://%s%s",
       reason, csp->http->hostport, csp->http->path);
-   log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s https://%s%s %s\" 200 %lu",
+   log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s https://%s%s %s\" 403 %lu",
       csp->ip_addr_str, csp->http->gpc, csp->http->hostport, csp->http->path,
       csp->http->version, message_len-head_length);