mirror of
https://github.com/proxytunnel/proxytunnel.git
synced 2026-07-17 16:34:53 +00:00
Remove USE_SSL switch, change code to always build with SSL support.
Building without SSL support was not possible anyway, due to NTLM requiring it.
This commit is contained in:
parent
bc74c7ef46
commit
4078a9fe72
6 changed files with 1 additions and 61 deletions
3
Makefile
3
Makefile
|
|
@ -11,9 +11,6 @@ CFLAGS ?= -Wall -O2 -ggdb
|
|||
# Comment on non-gnu systems
|
||||
OPTFLAGS += -DHAVE_GETOPT_LONG
|
||||
|
||||
# Comment if you don't have/want ssl
|
||||
OPTFLAGS += -DUSE_SSL
|
||||
|
||||
# MSYS/CYGWIN
|
||||
# The current version of gcc from MSYS defines __MSYS__ and __CYGWIN__, from CYGWIN defines __CYGWIN__.
|
||||
# To avoid to change the code, simply define CYGWIN additionally.
|
||||
|
|
|
|||
14
cmdline.c
14
cmdline.c
|
|
@ -56,14 +56,11 @@ void cmdline_parser_print_help (void) {
|
|||
" -p, --proxy=STRING Local proxy host:port combination\n"
|
||||
" -r, --remproxy=STRING Remote proxy host:port combination (using 2 proxies)\n"
|
||||
" -d, --dest=STRING Destination host:port combination\n"
|
||||
#ifdef USE_SSL
|
||||
" -e, --encrypt SSL encrypt data between local proxy and destination\n"
|
||||
" -E, --encrypt-proxy SSL encrypt data between client and local proxy\n"
|
||||
" -X, --encrypt-remproxy SSL encrypt data between local and remote proxy\n"
|
||||
#endif
|
||||
"\n"
|
||||
"Additional options for specific features:\n"
|
||||
#ifdef USE_SSL
|
||||
" -W, --wa-bug-29744 Workaround ASF Bugzilla 29744: if SSL is active\n"
|
||||
" stop using it after CONNECT (might not work on all\n"
|
||||
" setups)\n"
|
||||
|
|
@ -73,16 +70,13 @@ void cmdline_parser_print_help (void) {
|
|||
" -T, --no-ssl3 Do not connect using SSLv3 (legacy)\n"*/
|
||||
" -z, --no-check-certificate Don't verify server SSL certificate\n"
|
||||
" -C, --cacert=STRING Path to trusted CA certificate or directory\n"
|
||||
#endif
|
||||
" -4, --ipv4 Enforce IPv4 connection to local proxy\n"
|
||||
" -6, --ipv6 Enforce IPv6 connection to local proxy\n"
|
||||
" -F, --passfile=STRING File with credentials for proxy authentication\n"
|
||||
" -P, --proxyauth=STRING Proxy auth credentials user:pass combination\n"
|
||||
" -R, --remproxyauth=STRING Remote proxy auth credentials user:pass combination\n"
|
||||
#ifdef USE_SSL
|
||||
" -c, --cert=FILENAME client SSL certificate (chain)\n"
|
||||
" -k, --key=FILENAME client SSL key\n"
|
||||
#endif
|
||||
// " -u, --user=STRING Username for proxy authentication\n"
|
||||
// " -s, --pass=STRING Password for proxy authentication\n"
|
||||
// " -U, --uservar=STRING Environment variable that holds username\n"
|
||||
|
|
@ -90,11 +84,7 @@ void cmdline_parser_print_help (void) {
|
|||
" -N, --ntlm Use NTLM based authentication\n"
|
||||
" -t, --domain=STRING NTLM domain (default: autodetect)\n"
|
||||
" -H, --header=STRING Add additional HTTP headers to send to proxy\n"
|
||||
#ifdef USE_SSL
|
||||
" -o, --host=STRING Send custom Host Header/SNI\n"
|
||||
#else
|
||||
" -o, --host=STRING Send custom Host Header\n"
|
||||
#endif
|
||||
#ifdef SETPROCTITLE
|
||||
" -x, --proctitle=STRING Use a different process title\n"
|
||||
#endif
|
||||
|
|
@ -270,8 +260,6 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
|
|||
clear_args ();
|
||||
cmdline_parser_print_help ();
|
||||
exit(0);
|
||||
|
||||
#ifdef USE_SSL
|
||||
case 'e': /* Turn on SSL encryption */
|
||||
args_info->encrypt_flag = !(args_info->encrypt_flag);
|
||||
if( args_info->verbose_flag )
|
||||
|
|
@ -316,8 +304,6 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
|
|||
if( args_info->verbose_flag )
|
||||
message("SSL client to proxy enabled, only until CONNECT\n");
|
||||
break;
|
||||
#endif
|
||||
|
||||
case 'i': /* Run from inetd. */
|
||||
if ( args_info->standalone_arg > 0 ) {
|
||||
fprintf( stderr, "%s: '--inetd' ('-i') conflicts with '--standalone' ('-a')\n", PACKAGE );
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
set-proc-title ? true,
|
||||
pkgs,
|
||||
}: let
|
||||
optflags = "-DUSE_SSL ${
|
||||
optflags = "${
|
||||
if gnu-system
|
||||
then "-DHAVE_GETOPT_LONG"
|
||||
else ""
|
||||
|
|
|
|||
|
|
@ -357,20 +357,16 @@ void do_daemon()
|
|||
sd = tunnel_connect();
|
||||
stunnel = stream_open(sd, sd);
|
||||
|
||||
#ifdef USE_SSL
|
||||
/* If --encrypt-proxy is specified, connect to the proxy using SSL */
|
||||
if ( args_info.encryptproxy_flag )
|
||||
stream_enable_ssl(stunnel, args_info.proxy_arg);
|
||||
#endif /* USE_SSL */
|
||||
|
||||
/* Open the tunnel */
|
||||
proxy_protocol(stunnel);
|
||||
|
||||
#ifdef USE_SSL
|
||||
/* If --encrypt is specified, wrap all traffic after the proxy handoff in SSL */
|
||||
if( args_info.encrypt_flag )
|
||||
stream_enable_ssl(stunnel, args_info.dest_arg);
|
||||
#endif /* USE_SSL */
|
||||
|
||||
#ifdef SETPROCTITLE
|
||||
if( ! args_info.proctitle_given )
|
||||
|
|
@ -483,19 +479,15 @@ int main( int argc, char *argv[] ) {
|
|||
stunnel = stream_open(sd, sd);
|
||||
|
||||
/* If --encrypt-proxy is specified, connect to the proxy using SSL */
|
||||
#ifdef USE_SSL
|
||||
if ( args_info.encryptproxy_flag )
|
||||
stream_enable_ssl(stunnel, args_info.proxy_arg);
|
||||
#endif /* USE_SSL */
|
||||
|
||||
/* Open the tunnel */
|
||||
proxy_protocol(stunnel);
|
||||
|
||||
/* If --encrypt is specified, wrap all traffic after the proxy handoff in SSL */
|
||||
#ifdef USE_SSL
|
||||
if( args_info.encrypt_flag )
|
||||
stream_enable_ssl(stunnel, args_info.dest_arg);
|
||||
#endif /* USE_SSL */
|
||||
|
||||
#ifdef SETPROCTITLE
|
||||
if( ! args_info.proctitle_given )
|
||||
|
|
|
|||
28
ptstream.c
28
ptstream.c
|
|
@ -50,14 +50,12 @@ PTSTREAM *stream_open(int incoming_fd, int outgoing_fd) {
|
|||
|
||||
/* Close a stream */
|
||||
int stream_close(PTSTREAM *pts) {
|
||||
#ifdef USE_SSL
|
||||
/* Destroy the SSL context */
|
||||
if (pts->ssl) {
|
||||
SSL_shutdown (pts->ssl);
|
||||
SSL_free (pts->ssl);
|
||||
SSL_CTX_free (pts->ctx);
|
||||
}
|
||||
#endif /* USE_SSL */
|
||||
|
||||
/* Close the incoming fd */
|
||||
close(pts->incoming_fd);
|
||||
|
|
@ -81,13 +79,8 @@ int stream_read(PTSTREAM *pts, void *buf, size_t len) {
|
|||
/* For a non-SSL stream... */
|
||||
bytes_read = read(pts->incoming_fd, buf, len);
|
||||
} else {
|
||||
#ifdef USE_SSL
|
||||
/* For an SSL stream... */
|
||||
bytes_read = SSL_read(pts->ssl, buf, len);
|
||||
#else
|
||||
/* No SSL support, so must use a non-SSL stream */
|
||||
bytes_read = read(pts->incoming_fd, buf, len);
|
||||
#endif /* USE_SSL */
|
||||
}
|
||||
|
||||
return bytes_read;
|
||||
|
|
@ -107,17 +100,10 @@ int stream_write(PTSTREAM *pts, void *buf, size_t len) {
|
|||
buf + total_bytes_written,
|
||||
len - total_bytes_written);
|
||||
} else {
|
||||
#ifdef USE_SSL
|
||||
/* For an SSL stream... */
|
||||
bytes_written = SSL_write(pts->ssl,
|
||||
buf + total_bytes_written,
|
||||
len - total_bytes_written);
|
||||
#else
|
||||
/* No SSL support, so must use a non-SSL stream */
|
||||
bytes_written = write(pts->outgoing_fd,
|
||||
buf + total_bytes_written,
|
||||
len - total_bytes_written);
|
||||
#endif /* USE_SSL */
|
||||
}
|
||||
|
||||
if (bytes_written <= 0) {
|
||||
|
|
@ -186,7 +172,6 @@ int check_cert_names(X509 *cert, char *peer_host) {
|
|||
|
||||
/* Initiate an SSL handshake on this stream and encrypt all subsequent data */
|
||||
int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) {
|
||||
#ifdef USE_SSL
|
||||
const SSL_METHOD *meth;
|
||||
SSL *ssl;
|
||||
SSL_CTX *ctx;
|
||||
|
|
@ -315,18 +300,13 @@ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) {
|
|||
/* Store ssl and ctx parameters */
|
||||
pts->ssl = ssl;
|
||||
pts->ctx = ctx;
|
||||
#else
|
||||
message("Warning: stream_open(): SSL stream requested but no SSL support available; using unencrypted connection");
|
||||
#endif /* USE_SSL */
|
||||
|
||||
return 1;
|
||||
|
||||
fail:
|
||||
#ifdef USE_SSL
|
||||
if (cert != NULL) {
|
||||
X509_free(cert);
|
||||
}
|
||||
#endif /* USE_SSL */
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
|
@ -337,11 +317,7 @@ int stream_get_incoming_fd(PTSTREAM *pts) {
|
|||
if (!pts->ssl)
|
||||
return pts->incoming_fd;
|
||||
else
|
||||
#ifdef USE_SSL
|
||||
return SSL_get_rfd(pts->ssl);
|
||||
#else
|
||||
return pts->incoming_fd;
|
||||
#endif /* USE_SSL */
|
||||
}
|
||||
|
||||
/* Return the outgoing_fd for a given stream */
|
||||
|
|
@ -349,11 +325,7 @@ int stream_get_outgoing_fd(PTSTREAM *pts) {
|
|||
if (!pts->ssl)
|
||||
return pts->outgoing_fd;
|
||||
else
|
||||
#ifdef USE_SSL
|
||||
return SSL_get_wfd(pts->ssl);
|
||||
#else
|
||||
return pts->outgoing_fd;
|
||||
#endif /* USE_SSL */
|
||||
}
|
||||
|
||||
// vim:noexpandtab:ts=4
|
||||
|
|
|
|||
|
|
@ -20,24 +20,17 @@
|
|||
/* ptstream.h */
|
||||
|
||||
#include <stddef.h>
|
||||
#ifdef USE_SSL
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/ssl.h>
|
||||
#endif
|
||||
|
||||
typedef struct ptstream {
|
||||
int incoming_fd;
|
||||
int outgoing_fd;
|
||||
#ifdef USE_SSL
|
||||
SSL *ssl;
|
||||
SSL_CTX *ctx;
|
||||
#else
|
||||
void *ssl;
|
||||
void *ctx;
|
||||
#endif
|
||||
} PTSTREAM;
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue