X-Git-Url: http://www.privoxy.org/gitweb/show-status?a=blobdiff_plain;f=ssl_common.c;h=45f1e761236c2e5baf896d730640f2ed26a595d9;hb=662426360b8d10202feabdcd3515d64ea8833798;hp=1aa13365f4dc61622074f2df8908314ed37b1cf3;hpb=f9b953ed3f2bc2de510352e56dfbf91efd19ac7e;p=privoxy.git
diff --git a/ssl_common.c b/ssl_common.c
index 1aa13365..45f1e761 100644
--- a/ssl_common.c
+++ b/ssl_common.c
@@ -1,13 +1,13 @@
/*********************************************************************
*
- * File : $Source: /cvsroot/ijbswa/current/ssl.c,v $
+ * File : $Source: /cvsroot/ijbswa/current/ssl_common.c,v $
*
* Purpose : File with TLS/SSL extension. Contains methods for
* creating, using and closing TLS/SSL connections that do
* not depend on particular TLS/SSL library.
*
* Copyright : Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT.
- * Copyright (C) 2018-2020 by Fabian Keil
+ * Copyright (C) 2018-2021 by Fabian Keil
*
* This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
@@ -31,6 +31,7 @@
#include
#include
+#include
#include "config.h"
#include "project.h"
#include "miscutil.h"
@@ -91,7 +92,7 @@ extern int server_use_ssl(const struct client_state *csp)
* connection, optionally delaying the operation.
*
* Parameters :
- * 1 : ssl = SSL context to send data to
+ * 1 : ssl_attr = SSL context to send data to
* 2 : buf = Pointer to data to be sent
* 3 : len = Length of data to be sent to the SSL context
* 4 : delay = Delay in milliseconds.
@@ -154,7 +155,7 @@ extern int ssl_send_data_delayed(struct ssl_attr* ssl_attr,
* SSL connection. Alternative to function flush_socket.
*
* Parameters :
- * 1 : ssl = SSL context to send buffer to
+ * 1 : ssl_attr = SSL context to send buffer to
* 2 : iob = The I/O buffer to flush, usually csp->iob.
*
* Returns : On success, the number of bytes send are returned (zero
@@ -289,8 +290,8 @@ extern void free_certificate_chain(struct client_state *csp)
/* Cleaning buffers */
memset(csp->server_certs_chain.info_buf, 0,
sizeof(csp->server_certs_chain.info_buf));
- memset(csp->server_certs_chain.file_buf, 0,
- sizeof(csp->server_certs_chain.file_buf));
+ freez(csp->server_certs_chain.file_buf);
+
csp->server_certs_chain.next = NULL;
/* Freeing memory in whole linked list */
@@ -298,6 +299,11 @@ extern void free_certificate_chain(struct client_state *csp)
{
struct certs_chain *cert_for_free = cert;
cert = cert->next;
+
+ /* Cleaning buffers */
+ memset(cert_for_free->info_buf, 0, sizeof(cert_for_free->info_buf));
+ freez(cert_for_free->file_buf);
+
freez(cert_for_free);
}
}
@@ -323,19 +329,20 @@ extern void ssl_send_certificate_error(struct client_state *csp)
size_t message_len = 0;
int ret = 0;
struct certs_chain *cert = NULL;
+ const size_t head_length = 63;
/* Header of message with certificate information */
const char message_begin[] =
- "HTTP/1.1 200 OK\r\n"
+ "HTTP/1.1 403 Certificate validation failed\r\n"
"Content-Type: text/html\r\n"
"Connection: close\r\n\r\n"
"\n"
"Server certificate verification failed\n"
"Server certificate verification failed
\n"
"Privoxy was unable "
- "to securely connnect to the destination server.
"
+ "to securely connect to the destination server.
"
"Reason: ";
- const char message_end[] = "\r\n\r\n";
+ const char message_end[] = "