From 6ef3171f6930c7c375a5667221d554c6f1d21729 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Thu, 12 Mar 2020 12:39:07 +0100 Subject: [PATCH] Deduplicate some https inspection code in chat() Once the connection to a HTTP proxy has been established we can treat the connection the same way as a direct one. Sponsored by: Robert Klemme --- jcc.c | 78 ++++++++++++++++++++--------------------------------------- 1 file changed, 26 insertions(+), 52 deletions(-) diff --git a/jcc.c b/jcc.c index 6963acf0..a76851ca 100644 --- a/jcc.c +++ b/jcc.c @@ -3898,67 +3898,41 @@ static void chat(struct client_state *csp) close_client_ssl_connection(csp); return; } + } /* -END- if (fwd->forward_host != NULL) */ - /* - * Parent proxy has established connection with destination server. - * Now we must create TLS/SSL connection with parent proxy. - */ - ret = create_server_ssl_connection(csp); - - /* - * If TLS/SSL connection wasn't created and invalid certificate - * wasn't detected, we can interrupt this function. Otherwise, we - * must inform the client about invalid server certificate. - */ - if (ret != 0 - && (csp->server_cert_verification_result == SSL_CERT_NOT_VERIFIED - || csp->server_cert_verification_result == SSL_CERT_VALID)) + /* + * We can now create the TLS/SSL connection with the destination server. + */ + int ret = create_server_ssl_connection(csp); + if (ret != 0) + { + if (csp->server_cert_verification_result != SSL_CERT_VALID && + csp->server_cert_verification_result != SSL_CERT_NOT_VERIFIED) + { + /* + * If the server certificate is invalid, we must inform + * the client and then close connection to the client. + */ + ssl_send_certificate_error(csp); + close_client_and_server_ssl_connections(csp); + return; + } + if (csp->server_cert_verification_result == SSL_CERT_NOT_VERIFIED + || csp->server_cert_verification_result == SSL_CERT_VALID) { + /* + * The TLS/SSL connection wasn't created but an invalid + * certificate wasn't detected. Report it as connection + * failure. + */ rsp = error_response(csp, "connect-failed"); if (rsp) { send_crunch_response(csp, rsp); } + close_client_and_server_ssl_connections(csp); return; } - }/* -END- if (fwd->forward_host != NULL) */ - else - { - /* - * Parent proxy is not used, we can just create TLS/SSL connection - * with destination server - */ - int ret = create_server_ssl_connection(csp); - if (ret != 0) - { - if (csp->server_cert_verification_result != SSL_CERT_VALID && - csp->server_cert_verification_result != SSL_CERT_NOT_VERIFIED) - { - /* - * If the server certificate is invalid, we must inform - * the client and then close connection to the client. - */ - ssl_send_certificate_error(csp); - close_client_and_server_ssl_connections(csp); - return; - } - if (csp->server_cert_verification_result == SSL_CERT_NOT_VERIFIED - || csp->server_cert_verification_result == SSL_CERT_VALID) - { - /* - * The TLS/SSL connection wasn't created but an invalid - * certificate wasn't detected. Report it as connection - * failure. - */ - rsp = error_response(csp, "connect-failed"); - if (rsp) - { - send_crunch_response(csp, rsp); - } - close_client_and_server_ssl_connections(csp); - return; - } - } } }/* -END- if (http->ssl) */ #endif /* def FEATURE_HTTPS_INSPECTION */ -- 2.39.2