* creating, using and closing TLS/SSL connections
* using wolfSSL.
*
- * Copyright : Copyright (C) 2018-2021 by Fabian Keil <fk@fabiankeil.de>
+ * Copyright : Copyright (C) 2018-2024 by Fabian Keil <fk@fabiankeil.de>
* Copyright (C) 2020 Maxim Antonov <mantonov@gmail.com>
* Copyright (C) 2017 Vaclav Svec. FIT CVUT.
*
* doesn't matter because we only use it with
* the certificate_mutex locked.
*/
-static RNG wolfssl_rng;
+static WC_RNG wolfssl_rng;
#ifndef WOLFSSL_ALT_CERT_CHAINS
/*
*
* Function : host_to_hash
*
- * Description : Creates MD5 hash from host name. Host name is loaded
- * from structure csp and saved again into it.
+ * Description : Creates a sha256 hash from host name. The host name
+ * is taken from the csp structure and stored into it.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
*********************************************************************/
static int host_to_hash(struct client_state *csp)
{
- Md5 md5;
int ret;
- size_t i;
- ret = wc_InitMd5(&md5);
+ ret = wc_Sha256Hash((const byte *)csp->http->host,
+ (word32)strlen(csp->http->host), (byte *)csp->http->hash_of_host);
if (ret != 0)
{
- return -1;
- }
-
- ret = wc_Md5Update(&md5, (const byte *)csp->http->host,
- (word32)strlen(csp->http->host));
- if (ret != 0)
- {
- return -1;
- }
-
- ret = wc_Md5Final(&md5, csp->http->hash_of_host);
- if (ret != 0)
- {
- return -1;
+ return -1;
}
- wc_Md5Free(&md5);
+ return create_hexadecimal_hash_of_host(csp);
- /* Converting hash into string with hex */
- for (i = 0; i < 16; i++)
- {
- ret = snprintf((char *)csp->http->hash_of_host_hex + 2 * i,
- sizeof(csp->http->hash_of_host_hex) - 2 * i,
- "%02x", csp->http->hash_of_host[i]);
- if (ret < 0)
- {
- log_error(LOG_LEVEL_ERROR, "sprintf() failed. Return value: %d", ret);
- return -1;
- }
- }
-
- return 0;
}
int shutdown_attempts = 0;
int ret;
int fd;
- enum { MAX_SHUTDOWN_ATTEMPTS = 2 };
+ enum { MAX_SHUTDOWN_ATTEMPTS = 5 };
fd = wolfSSL_get_fd(ssl);
return;
}
ret = wolfSSL_shutdown(ssl);
+ shutdown_attempts++;
if (WOLFSSL_SUCCESS != ret)
{
- shutdown_attempts++;
log_error(LOG_LEVEL_CONNECT, "Failed to shutdown %s connection "
"on socket %d. Attempts so far: %d, ret: %d", type, fd,
shutdown_attempts, ret);
{
char buffer[80];
int error = wolfSSL_get_error(ssl, ret);
- log_error(LOG_LEVEL_ERROR, "Failed to shutdown %s connection "
+ log_error(LOG_LEVEL_CONNECT, "Failed to shutdown %s connection "
"on socket %d after %d attempts. ret: %d, error: %d, %s",
type, fd, shutdown_attempts, ret, error,
wolfSSL_ERR_error_string((unsigned long)error, buffer));
}
+ else if (shutdown_attempts > 1)
+ {
+ log_error(LOG_LEVEL_CONNECT, "Succeeded to shutdown %s connection "
+ "on socket %d after %d attempts.", type, fd, shutdown_attempts);
+ }
}
{
long verify_result = wolfSSL_get_error(ssl, connect_ret);
+#if LIBWOLFSSL_VERSION_HEX > 0x05005004
if (verify_result == WOLFSSL_X509_V_OK)
+#else
+ if (verify_result == X509_V_OK)
+#endif
{
ret = 0;
csp->server_cert_verification_result = SSL_CERT_VALID;
projects / privoxy.git / blobdiff