From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 28 May 2020 11:54:30 +0000 (+0200)
Subject: Don't enable tunnelling if a CGI page is requested
X-Git-Tag: v_3_0_29~368
X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=dab826ce388441cb5095a282980da045aceab360

Don't enable tunnelling if a CGI page is requested

... even if HTTPS inspection is disabled.

This makes sure https://p.p/ and https://config.privoxy.org/
work even if Privoxy is toggled off.

Sponsored by: Robert Klemme
---

diff --git a/jcc.c b/jcc.c
index 3310ca1e..898618aa 100644
--- a/jcc.c
+++ b/jcc.c
@@ -2403,6 +2403,33 @@ static jb_err process_encrypted_request(struct client_state *csp)
    return err;
 
 }
+
+/*********************************************************************
+ *
+ * Function    :  cgi_page_requested
+ *
+ * Description :  Checks if a request is for an internal CGI page.
+ *
+ * Parameters  :
+ *          1  :  host = The host requested by the client.
+ *
+ * Returns     :  1 if a CGI page has been requested, 0 otherwise
+ *
+ *********************************************************************/
+static int cgi_page_requested(const char *host)
+{
+   if ((0 == strcmpic(host, CGI_SITE_1_HOST))
+    || (0 == strcmpic(host, CGI_SITE_1_HOST "."))
+    || (0 == strcmpic(host, CGI_SITE_2_HOST))
+    || (0 == strcmpic(host, CGI_SITE_2_HOST ".")))
+   {
+      return 1;
+   }
+
+   return 0;
+
+}
+
 #endif
 
 
@@ -3531,7 +3558,8 @@ static void chat(struct client_state *csp)
     * Setting flags to use old solution with SSL tunnel and to disable
     * certificates verification.
     */
-   if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION))
+   if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION)
+      && !cgi_page_requested(csp->http->host))
    {
       use_ssl_tunnel = 1;
    }