diff --git a/Makefile b/Makefile index c24e75d..f8dede1 100644 --- a/Makefile +++ b/Makefile @@ -11,9 +11,6 @@ CFLAGS ?= -Wall -O2 -ggdb # Comment on non-gnu systems OPTFLAGS += -DHAVE_GETOPT_LONG -# Comment if you don't have/want ssl -OPTFLAGS += -DUSE_SSL - # MSYS/CYGWIN # The current version of gcc from MSYS defines __MSYS__ and __CYGWIN__, from CYGWIN defines __CYGWIN__. # To avoid to change the code, simply define CYGWIN additionally. diff --git a/cmdline.c b/cmdline.c index 11524d3..2982661 100644 --- a/cmdline.c +++ b/cmdline.c @@ -56,14 +56,11 @@ void cmdline_parser_print_help (void) { " -p, --proxy=STRING Local proxy host:port combination\n" " -r, --remproxy=STRING Remote proxy host:port combination (using 2 proxies)\n" " -d, --dest=STRING Destination host:port combination\n" -#ifdef USE_SSL " -e, --encrypt SSL encrypt data between local proxy and destination\n" " -E, --encrypt-proxy SSL encrypt data between client and local proxy\n" " -X, --encrypt-remproxy SSL encrypt data between local and remote proxy\n" -#endif "\n" "Additional options for specific features:\n" -#ifdef USE_SSL " -W, --wa-bug-29744 Workaround ASF Bugzilla 29744: if SSL is active\n" " stop using it after CONNECT (might not work on all\n" " setups)\n" @@ -73,16 +70,13 @@ void cmdline_parser_print_help (void) { " -T, --no-ssl3 Do not connect using SSLv3 (legacy)\n"*/ " -z, --no-check-certificate Don't verify server SSL certificate\n" " -C, --cacert=STRING Path to trusted CA certificate or directory\n" -#endif " -4, --ipv4 Enforce IPv4 connection to local proxy\n" " -6, --ipv6 Enforce IPv6 connection to local proxy\n" " -F, --passfile=STRING File with credentials for proxy authentication\n" " -P, --proxyauth=STRING Proxy auth credentials user:pass combination\n" " -R, --remproxyauth=STRING Remote proxy auth credentials user:pass combination\n" -#ifdef USE_SSL " -c, --cert=FILENAME client SSL certificate (chain)\n" " -k, --key=FILENAME client SSL key\n" -#endif // " -u, --user=STRING Username for proxy authentication\n" // " -s, --pass=STRING Password for proxy authentication\n" // " -U, --uservar=STRING Environment variable that holds username\n" @@ -90,11 +84,7 @@ void cmdline_parser_print_help (void) { " -N, --ntlm Use NTLM based authentication\n" " -t, --domain=STRING NTLM domain (default: autodetect)\n" " -H, --header=STRING Add additional HTTP headers to send to proxy\n" -#ifdef USE_SSL " -o, --host=STRING Send custom Host Header/SNI\n" -#else -" -o, --host=STRING Send custom Host Header\n" -#endif #ifdef SETPROCTITLE " -x, --proctitle=STRING Use a different process title\n" #endif @@ -270,8 +260,6 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar clear_args (); cmdline_parser_print_help (); exit(0); - -#ifdef USE_SSL case 'e': /* Turn on SSL encryption */ args_info->encrypt_flag = !(args_info->encrypt_flag); if( args_info->verbose_flag ) @@ -316,8 +304,6 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar if( args_info->verbose_flag ) message("SSL client to proxy enabled, only until CONNECT\n"); break; -#endif - case 'i': /* Run from inetd. */ if ( args_info->standalone_arg > 0 ) { fprintf( stderr, "%s: '--inetd' ('-i') conflicts with '--standalone' ('-a')\n", PACKAGE ); diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix index ad3a010..0fcecc8 100644 --- a/nix/proxytunnel.nix +++ b/nix/proxytunnel.nix @@ -3,7 +3,7 @@ set-proc-title ? true, pkgs, }: let - optflags = "-DUSE_SSL ${ + optflags = "${ if gnu-system then "-DHAVE_GETOPT_LONG" else "" diff --git a/proxytunnel.c b/proxytunnel.c index 8c4cc4b..6dd927b 100644 --- a/proxytunnel.c +++ b/proxytunnel.c @@ -357,20 +357,16 @@ void do_daemon() sd = tunnel_connect(); stunnel = stream_open(sd, sd); -#ifdef USE_SSL /* If --encrypt-proxy is specified, connect to the proxy using SSL */ if ( args_info.encryptproxy_flag ) stream_enable_ssl(stunnel, args_info.proxy_arg); -#endif /* USE_SSL */ /* Open the tunnel */ proxy_protocol(stunnel); -#ifdef USE_SSL /* If --encrypt is specified, wrap all traffic after the proxy handoff in SSL */ if( args_info.encrypt_flag ) stream_enable_ssl(stunnel, args_info.dest_arg); -#endif /* USE_SSL */ #ifdef SETPROCTITLE if( ! args_info.proctitle_given ) @@ -483,19 +479,15 @@ int main( int argc, char *argv[] ) { stunnel = stream_open(sd, sd); /* If --encrypt-proxy is specified, connect to the proxy using SSL */ -#ifdef USE_SSL if ( args_info.encryptproxy_flag ) stream_enable_ssl(stunnel, args_info.proxy_arg); -#endif /* USE_SSL */ /* Open the tunnel */ proxy_protocol(stunnel); /* If --encrypt is specified, wrap all traffic after the proxy handoff in SSL */ -#ifdef USE_SSL if( args_info.encrypt_flag ) stream_enable_ssl(stunnel, args_info.dest_arg); -#endif /* USE_SSL */ #ifdef SETPROCTITLE if( ! args_info.proctitle_given ) diff --git a/ptstream.c b/ptstream.c index 23f8fbc..1138e4a 100644 --- a/ptstream.c +++ b/ptstream.c @@ -50,14 +50,12 @@ PTSTREAM *stream_open(int incoming_fd, int outgoing_fd) { /* Close a stream */ int stream_close(PTSTREAM *pts) { -#ifdef USE_SSL /* Destroy the SSL context */ if (pts->ssl) { SSL_shutdown (pts->ssl); SSL_free (pts->ssl); SSL_CTX_free (pts->ctx); } -#endif /* USE_SSL */ /* Close the incoming fd */ close(pts->incoming_fd); @@ -81,13 +79,8 @@ int stream_read(PTSTREAM *pts, void *buf, size_t len) { /* For a non-SSL stream... */ bytes_read = read(pts->incoming_fd, buf, len); } else { -#ifdef USE_SSL /* For an SSL stream... */ bytes_read = SSL_read(pts->ssl, buf, len); -#else - /* No SSL support, so must use a non-SSL stream */ - bytes_read = read(pts->incoming_fd, buf, len); -#endif /* USE_SSL */ } return bytes_read; @@ -107,17 +100,10 @@ int stream_write(PTSTREAM *pts, void *buf, size_t len) { buf + total_bytes_written, len - total_bytes_written); } else { -#ifdef USE_SSL /* For an SSL stream... */ bytes_written = SSL_write(pts->ssl, buf + total_bytes_written, len - total_bytes_written); -#else - /* No SSL support, so must use a non-SSL stream */ - bytes_written = write(pts->outgoing_fd, - buf + total_bytes_written, - len - total_bytes_written); -#endif /* USE_SSL */ } if (bytes_written <= 0) { @@ -186,7 +172,6 @@ int check_cert_names(X509 *cert, char *peer_host) { /* Initiate an SSL handshake on this stream and encrypt all subsequent data */ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) { -#ifdef USE_SSL const SSL_METHOD *meth; SSL *ssl; SSL_CTX *ctx; @@ -315,18 +300,13 @@ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) { /* Store ssl and ctx parameters */ pts->ssl = ssl; pts->ctx = ctx; -#else - message("Warning: stream_open(): SSL stream requested but no SSL support available; using unencrypted connection"); -#endif /* USE_SSL */ return 1; fail: -#ifdef USE_SSL if (cert != NULL) { X509_free(cert); } -#endif /* USE_SSL */ exit(1); } @@ -337,11 +317,7 @@ int stream_get_incoming_fd(PTSTREAM *pts) { if (!pts->ssl) return pts->incoming_fd; else -#ifdef USE_SSL return SSL_get_rfd(pts->ssl); -#else - return pts->incoming_fd; -#endif /* USE_SSL */ } /* Return the outgoing_fd for a given stream */ @@ -349,11 +325,7 @@ int stream_get_outgoing_fd(PTSTREAM *pts) { if (!pts->ssl) return pts->outgoing_fd; else -#ifdef USE_SSL return SSL_get_wfd(pts->ssl); -#else - return pts->outgoing_fd; -#endif /* USE_SSL */ } // vim:noexpandtab:ts=4 diff --git a/ptstream.h b/ptstream.h index ccfd717..6d2fe3b 100644 --- a/ptstream.h +++ b/ptstream.h @@ -20,24 +20,17 @@ /* ptstream.h */ #include -#ifdef USE_SSL #include #include #include #include #include -#endif typedef struct ptstream { int incoming_fd; int outgoing_fd; -#ifdef USE_SSL SSL *ssl; SSL_CTX *ctx; -#else - void *ssl; - void *ctx; -#endif } PTSTREAM;