diff --git a/Makefile b/Makefile index a925a89..f68cde9 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ OPTFLAGS += -DUSE_SSL # MSYS # The current version of gcc from MSYS defines __MSYS__ and __CYGWIN__. # To avoid to change the code, simply define CYGWIN additionally. -ifneq ($(filter $(MSYSTEM),MSYS MINGW32 MINGW64 UCRT64),) +ifneq ($(filter $(shell uname -o),Msys Cygwin),) CFLAGS += -DCYGWIN else # Most systems, MSYS definitely not diff --git a/cmdline.c b/cmdline.c index 7e5db30..bc89020 100644 --- a/cmdline.c +++ b/cmdline.c @@ -98,6 +98,7 @@ void cmdline_parser_print_help (void) { #ifdef SETPROCTITLE " -x, --proctitle=STRING Use a different process title\n" #endif +" -I, --no-sni Disable SNI\n" "\n" "Miscellaneous options:\n" " -v, --verbose Turn on verbosity\n" @@ -164,6 +165,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar /* args_info->enforcetls1_given = 0; */ args_info->host_given = 0; args_info->cacert_given = 0; + args_info->no_sni_flag = 0; /* No... we can't make this a function... -- Maniac */ #define clear_args() \ @@ -202,6 +204,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar args_info->cacert_arg = NULL; \ args_info->enforceipv4_flag = 0; \ args_info->enforceipv6_flag = 0; \ + args_info->no_sni_flag = 0; \ } clear_args(); @@ -250,12 +253,13 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar { "cacert", 1, NULL, 'C' }, { "ipv4", 0, NULL, '4' }, { "ipv6", 0, NULL, '6' }, + { "no-sni", 0, NULL, 'I' }, { NULL, 0, NULL, 0 } }; - c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:c:k:vNeEXWBqLo:TzC:46", long_options, &option_index); + c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:c:k:vNeEXWBqLo:TzC:46I", long_options, &option_index); #else - c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:c:k:vNeEXWBqLo:TzC:46" ); + c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:c:k:vNeEXWBqLo:TzC:46I" ); #endif if (c == -1) @@ -524,6 +528,12 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar message("IPv6 enforced\n"); break; + case 'I': /* Disable SNI */ + args_info->no_sni_flag = 1; + if( args_info->verbose_flag ) + message("Disable SNI\n"); + break; + case 0: /* Long option with no short option */ case '?': /* Invalid option. */ diff --git a/cmdline.h b/cmdline.h index 93cf460..1ad3eb1 100644 --- a/cmdline.h +++ b/cmdline.h @@ -93,6 +93,7 @@ struct gengetopt_args_info { /* int enforcetls1_given; Wheter to enforce TLSv1 */ int host_given; /* Wheter we override the Host Header */ int cacert_given; /* Whether cacert was given */ + int no_sni_flag; /* Disable SNI */ }; int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *args_info ); diff --git a/docs/proxytunnel.1.adoc b/docs/proxytunnel.1.adoc index 0e8e6b5..169987f 100644 --- a/docs/proxytunnel.1.adoc +++ b/docs/proxytunnel.1.adoc @@ -135,6 +135,9 @@ also be used for other proxy-traversing purposes like proxy bouncing. *-x*, *--proctitle*=_STRING_:: Use a different process title. +*-I*, *--no-sni*:: + Disable SNI. + == MISCELLANEOUS OPTIONS diff --git a/io.c b/io.c index 56d516e..49e76d2 100644 --- a/io.c +++ b/io.c @@ -57,10 +57,11 @@ int readline(PTSTREAM *pts) { if( args_info.verbose_flag ) { /* Copy line of data into dstr without trailing newline */ - char *dstr = calloc(1, strlen(buf) + 1); - strncpy( dstr, buf, strlen(buf)); - if (strcmp(dstr, "")) - message( " <- %s\n", dstr ); + int len = strlen(buf); + buf[len - 2] = 0; + if (strcmp(buf, "")) + message( " <- %s\n", buf ); + buf[len - 2] = '\r'; } return strlen( buf ); } diff --git a/ptstream.c b/ptstream.c index d7c6424..a43498f 100644 --- a/ptstream.c +++ b/ptstream.c @@ -340,17 +340,19 @@ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) { goto fail; } - /* SNI support */ - if ( args_info.verbose_flag ) { - message( "Set SNI hostname to %s\n", peer_host); + if(!args_info.no_sni_flag) { + /* SNI support */ + if ( args_info.verbose_flag ) { + message( "Set SNI hostname to %s\n", peer_host); + } + res = SSL_set_tlsext_host_name(ssl, peer_host); + if ( res != 1 ) { + message( "SSL_set_tlsext_host_name() failed for host name '%s'. " + "TLS SNI error, giving up\n", peer_host); + goto fail; + } } - res = SSL_set_tlsext_host_name(ssl, peer_host); - if ( res != 1 ) { - message( "SSL_set_tlsext_host_name() failed for host name '%s'. " - "TLS SNI error, giving up\n", peer_host); - goto fail; - } - + if ( SSL_connect (ssl) <= 0) { message( "SSL_connect failed\n"); goto fail;