From 0998c12a7f6576eee94f018a1580e7717f296623 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Fri, 5 Jun 2020 12:19:09 +0200
Subject: [PATCH] Fix https inspection with HTTP forwarding

Previously Privoxy would not send the CSUCCEED
message to the client so the client would not
send the encrypted request.

Now that we send the CSUCCEED, we don't need to
forward the response from the upstream HTTP proxy
anymore.

Sponsored by: Robert Klemme
---
 jcc.c | 40 ++++++++++------------------------------
 1 file changed, 10 insertions(+), 30 deletions(-)

diff --git a/jcc.c b/jcc.c
index c401fed9..a4a588c9 100644
--- a/jcc.c
+++ b/jcc.c
@@ -3735,24 +3735,18 @@ static void chat(struct client_state *csp)
       {
          int ret;
          /*
-          * Creating an SSL proxy. If forwarding is disabled, we must send
-          * CSUCCEED message to client. Then TLS/SSL connection with client
-          * is created.
+          * Creating a SSL proxy.
+          *
+          * By sending the CSUCCEED message we're lying to the client as
+          * the connection hasn't actually been established yet. We don't
+          * establish the connection until we have seen and parsed the
+          * encrypted client headers.
           */
-
-         if (fwd->forward_host == NULL)
+         if (write_socket_delayed(csp->cfd, CSUCCEED,
+               strlen(CSUCCEED), get_write_delay(csp)) != 0)
          {
-            /*
-             * We're lying to the client as the connection hasn't actually
-             * been established yet. We don't establish the connection until
-             * we have seen and parsed the encrypted client headers.
-             */
-            if (write_socket_delayed(csp->cfd, CSUCCEED,
-                  strlen(CSUCCEED), get_write_delay(csp)) != 0)
-            {
-               log_error(LOG_LEVEL_ERROR, "Sending SUCCEED to client failed");
-               return;
-            }
+            log_error(LOG_LEVEL_ERROR, "Sending SUCCEED to client failed");
+            return;
          }
 
          ret = create_client_ssl_connection(csp);
@@ -3927,20 +3921,6 @@ static void chat(struct client_state *csp)
                }
                return;
             }
-
-            /*
-             * TLS/SSL connection with parent proxy is established, we can
-             * inform client about success.
-             */
-            ret = write_socket(csp->cfd, server_response, (size_t)len);
-            if (ret != 0)
-            {
-               log_error(LOG_LEVEL_ERROR,
-                  "Sending parent proxy response to client failed");
-               mark_server_socket_tainted(csp);
-               close_client_ssl_connection(csp);
-               return;
-            }
          }/* -END- if (fwd->forward_host != NULL) */
          else
          {
-- 
2.39.2