From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 12 Mar 2020 11:39:07 +0000 (+0100)
Subject: Deduplicate some https inspection code in chat()
X-Git-Tag: v_3_0_29~322
X-Git-Url: http://www.privoxy.org/gitweb/@default-cgi@/faq/%22https:/%22javascript:back()/@default-cgi@edit-actions-add-url-form?a=commitdiff_plain;h=6ef3171f6930c7c375a5667221d554c6f1d21729;p=privoxy.git
Deduplicate some https inspection code in chat()
Once the connection to a HTTP proxy has been
established we can treat the connection the
same way as a direct one.
Sponsored by: Robert Klemme
---
diff --git a/jcc.c b/jcc.c
index 6963acf0..a76851ca 100644
--- a/jcc.c
+++ b/jcc.c
@@ -3898,67 +3898,41 @@ static void chat(struct client_state *csp)
close_client_ssl_connection(csp);
return;
}
+ } /* -END- if (fwd->forward_host != NULL) */
- /*
- * Parent proxy has established connection with destination server.
- * Now we must create TLS/SSL connection with parent proxy.
- */
- ret = create_server_ssl_connection(csp);
-
- /*
- * If TLS/SSL connection wasn't created and invalid certificate
- * wasn't detected, we can interrupt this function. Otherwise, we
- * must inform the client about invalid server certificate.
- */
- if (ret != 0
- && (csp->server_cert_verification_result == SSL_CERT_NOT_VERIFIED
- || csp->server_cert_verification_result == SSL_CERT_VALID))
+ /*
+ * We can now create the TLS/SSL connection with the destination server.
+ */
+ int ret = create_server_ssl_connection(csp);
+ if (ret != 0)
+ {
+ if (csp->server_cert_verification_result != SSL_CERT_VALID &&
+ csp->server_cert_verification_result != SSL_CERT_NOT_VERIFIED)
+ {
+ /*
+ * If the server certificate is invalid, we must inform
+ * the client and then close connection to the client.
+ */
+ ssl_send_certificate_error(csp);
+ close_client_and_server_ssl_connections(csp);
+ return;
+ }
+ if (csp->server_cert_verification_result == SSL_CERT_NOT_VERIFIED
+ || csp->server_cert_verification_result == SSL_CERT_VALID)
{
+ /*
+ * The TLS/SSL connection wasn't created but an invalid
+ * certificate wasn't detected. Report it as connection
+ * failure.
+ */
rsp = error_response(csp, "connect-failed");
if (rsp)
{
send_crunch_response(csp, rsp);
}
+ close_client_and_server_ssl_connections(csp);
return;
}
- }/* -END- if (fwd->forward_host != NULL) */
- else
- {
- /*
- * Parent proxy is not used, we can just create TLS/SSL connection
- * with destination server
- */
- int ret = create_server_ssl_connection(csp);
- if (ret != 0)
- {
- if (csp->server_cert_verification_result != SSL_CERT_VALID &&
- csp->server_cert_verification_result != SSL_CERT_NOT_VERIFIED)
- {
- /*
- * If the server certificate is invalid, we must inform
- * the client and then close connection to the client.
- */
- ssl_send_certificate_error(csp);
- close_client_and_server_ssl_connections(csp);
- return;
- }
- if (csp->server_cert_verification_result == SSL_CERT_NOT_VERIFIED
- || csp->server_cert_verification_result == SSL_CERT_VALID)
- {
- /*
- * The TLS/SSL connection wasn't created but an invalid
- * certificate wasn't detected. Report it as connection
- * failure.
- */
- rsp = error_response(csp, "connect-failed");
- if (rsp)
- {
- send_crunch_response(csp, rsp);
- }
- close_client_and_server_ssl_connections(csp);
- return;
- }
- }
}
}/* -END- if (http->ssl) */
#endif /* def FEATURE_HTTPS_INSPECTION */