mirror of
https://github.com/proxytunnel/proxytunnel.git
synced 2026-01-23 02:34:59 +00:00
Merge pull request #23 from stoecker/master
Fix SNI for -e option and cleanups
This commit is contained in:
Mark Janssen
GitHub
commit
5cc9abeba2
7 changed files with 33 additions and 39 deletions
8
Makefile
8
Makefile
|
|
@ -5,17 +5,9 @@
|
|||
name = proxytunnel
|
||||
version = $(shell awk 'BEGIN { FS="\"" } /^\#define VERSION / { print $$2 }' config.h)
|
||||
|
||||
ifneq ($(wildcard .svn),)
|
||||
revision = $(shell svnversion | awk 'BEGIN { RS=":" } { next } END { print $$1 }')
|
||||
else
|
||||
revision = $(shell echo '$$Revision$$' | sed -e 's/\$$Revision: \([0-9]\+\) \$$$$/\1/')
|
||||
endif
|
||||
|
||||
CC ?= cc
|
||||
CFLAGS ?= -Wall -O2 -ggdb
|
||||
|
||||
OPTFLAGS = -DREVISION=\"$(revision)\"
|
||||
|
||||
# Comment on non-gnu systems
|
||||
OPTFLAGS += -DHAVE_GETOPT_LONG
|
||||
|
||||
|
|
|
|||
18
README
18
README
|
|
@ -3,8 +3,6 @@ proxytunnel
|
|||
-----------
|
||||
|
||||
Author: Jos Visser <josv@osp.nl>, Mark Janssen <maniac@maniac.nl>
|
||||
Date: Mon Mar 3 22:49:43 CET 2008
|
||||
Version: 1.9.0
|
||||
|
||||
Hi all,
|
||||
|
||||
|
|
@ -22,27 +20,32 @@ Proxytunnel is very easy to use, when running proxytunnel with the help
|
|||
option it specifies it's command-line options.
|
||||
|
||||
$ ./proxytunnel --help
|
||||
proxytunnel 1.9.0 (rev 224) Copyright 2001-2008 Proxytunnel Project
|
||||
proxytunnel 1.9.9 Copyright 2001-2018 Proxytunnel Project
|
||||
Usage: proxytunnel [OPTIONS]...
|
||||
Build generic tunnels through HTTPS proxies, supports HTTP authorization
|
||||
Build generic tunnels through HTTPS proxies using HTTP authentication
|
||||
|
||||
Standard options:
|
||||
-i, --inetd Run from inetd (default=off)
|
||||
-i, --inetd Run from inetd (default: off)
|
||||
-a, --standalone=INT Run as standalone daemon on specified port
|
||||
-p, --proxy=STRING Local proxy host:port combination
|
||||
-r, --remproxy=STRING Remote proxy host:port combination (using 2 proxies)
|
||||
-d, --dest=STRING Destination host:port combination
|
||||
-e, --encrypt SSL encrypt data between local proxy and destination
|
||||
-E, --encrypt-proxy SSL encrypt data between client and local proxy
|
||||
-X, --encrypt-remproxy Encrypt between 1st and 2nd proxy using SSL
|
||||
-X, --encrypt-remproxy SSL encrypt data between local and remote proxy
|
||||
-L (legacy) enforce TLSv1 connection
|
||||
-T, --no-ssl3 Do not connect using SSLv3
|
||||
|
||||
Additional options for specific features:
|
||||
-z, --no-check-certficate Don't verify server SSL certificate
|
||||
-C, --cacert=STRING Path to trusted CA certificate or directory
|
||||
-F, --passfile=STRING File with credentials for proxy authentication
|
||||
-P, --proxyauth=STRING Proxy auth credentials user:pass combination
|
||||
-R, --remproxyauth=STRING Remote proxy auth credentials user:pass combination
|
||||
-R, --remproxyauth=STRING Remote proxy auth credentials user:pass combination
|
||||
-N, --ntlm Use NTLM based authentication
|
||||
-t, --domain=STRING NTLM domain (default: autodetect)
|
||||
-H, --header=STRING Add additional HTTP headers to send to proxy
|
||||
-o STRING send custom Host Header
|
||||
-x, --proctitle=STRING Use a different process title
|
||||
|
||||
Miscellaneous options:
|
||||
|
|
@ -51,7 +54,6 @@ Miscellaneous options:
|
|||
-h, --help Print help and exit
|
||||
-V, --version Print version and exit
|
||||
|
||||
|
||||
To use this program with OpenSSH to connect to a host somewhere, create
|
||||
a $HOME/.ssh/config file with the following content:
|
||||
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ extern char * optarg;
|
|||
static char *getCredentialsFromFile( const char* filename, char **user, char **pass, char **rem_user, char **rem_pass);
|
||||
|
||||
void cmdline_parser_print_version (void) {
|
||||
printf ("%s %s (rev %s) Copyright 2001-2008 Proxytunnel Project\n", PACKAGE, VERSION, REVISION);
|
||||
printf ("%s %s Copyright 2001-2018 Proxytunnel Project\n", PACKAGE, VERSION);
|
||||
}
|
||||
|
||||
void cmdline_parser_print_help (void) {
|
||||
|
|
|
|||
2
config.h
2
config.h
|
|
@ -17,7 +17,7 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
#define VERSION "1.9.0"
|
||||
#define VERSION "1.9.9"
|
||||
#define PACKAGE "proxytunnel"
|
||||
#define PURPOSE "Build generic tunnels through HTTPS proxies"
|
||||
#define AUTHORS "Jos Visser (Muppet) <josv@osp.nl>, Mark Janssen (Maniac) <maniac@maniac.nl>"
|
||||
|
|
|
|||
6
http.c
6
http.c
|
|
@ -157,9 +157,9 @@ void proxy_protocol(PTSTREAM *pts) {
|
|||
while ( strcmp( buf, "\r\n" ) != 0 )
|
||||
readline(pts);
|
||||
|
||||
/* If --encrypt-remproxy is specified, connect to the remote proxy using SSL */
|
||||
if ( args_info.encryptremproxy_flag )
|
||||
stream_enable_ssl(stunnel, args_info.remproxy_arg);
|
||||
/* If --encrypt-remproxy is specified, connect to the remote proxy using SSL */
|
||||
if ( args_info.encryptremproxy_flag )
|
||||
stream_enable_ssl(stunnel, args_info.remproxy_arg);
|
||||
|
||||
if( args_info.verbose_flag )
|
||||
message( "\nTunneling to %s (destination)\n", args_info.dest_arg );
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ void message( char *s, ... );
|
|||
void my_perror( char *msg );
|
||||
void signal_handler( int signal );
|
||||
int tunnel_connect();
|
||||
void analyze_HTTP();
|
||||
void proxy_protocol();
|
||||
void analyze_HTTP(PTSTREAM *pts);
|
||||
void proxy_protocol(PTSTREAM *pts);
|
||||
void closeall();
|
||||
void do_daemon();
|
||||
void initsetproctitle(int argc, char *argv[]);
|
||||
|
|
|
|||
32
ptstream.c
32
ptstream.c
|
|
@ -290,14 +290,25 @@ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) {
|
|||
SSL_set_rfd (ssl, stream_get_incoming_fd(pts));
|
||||
SSL_set_wfd (ssl, stream_get_outgoing_fd(pts));
|
||||
|
||||
/* Determine the host name we are connecting to */
|
||||
proxy_arg_len = strlen(proxy_arg);
|
||||
if ((peer_host = malloc(proxy_arg_len + 1)) == NULL) {
|
||||
message("Out of memory\n");
|
||||
goto fail;
|
||||
}
|
||||
snprintf( proxy_arg_fmt, sizeof(proxy_arg_fmt), proxy_arg[0] == '[' ? "[%%%zu[^]]]" : "%%%zu[^:]", proxy_arg_len - 1 );
|
||||
if ( sscanf( proxy_arg, proxy_arg_fmt, peer_host ) != 1 ) {
|
||||
goto fail;
|
||||
}
|
||||
|
||||
/* SNI support */
|
||||
if ( args_info.verbose_flag ) {
|
||||
message( "Set SNI hostname to %s\n", args_info.proxyhost_arg );
|
||||
}
|
||||
res = SSL_set_tlsext_host_name(ssl,args_info.proxyhost_arg);
|
||||
message( "Set SNI hostname to %s\n", peer_host);
|
||||
}
|
||||
res = SSL_set_tlsext_host_name(ssl, peer_host);
|
||||
if (res < 0) {
|
||||
message( "TLS SNI error, giving up: SSL_set_tlsext_host_name returned error message:\n %u\n", res );
|
||||
exit( 1 );
|
||||
message( "TLS SNI error, giving up: SSL_set_tlsext_host_name returned error message:\n %u\n", res );
|
||||
exit( 1 );
|
||||
}
|
||||
|
||||
SSL_connect (ssl);
|
||||
|
|
@ -318,17 +329,6 @@ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) {
|
|||
goto fail;
|
||||
}
|
||||
|
||||
/* Determine the host name we are connecting to */
|
||||
proxy_arg_len = strlen(proxy_arg);
|
||||
if ((peer_host = malloc(proxy_arg_len + 1)) == NULL) {
|
||||
message("Out of memory\n");
|
||||
goto fail;
|
||||
}
|
||||
snprintf( proxy_arg_fmt, sizeof(proxy_arg_fmt), proxy_arg[0] == '[' ? "[%%%zu[^]]]" : "%%%zu[^:]", proxy_arg_len - 1 );
|
||||
if ( sscanf( proxy_arg, proxy_arg_fmt, peer_host ) != 1 ) {
|
||||
goto fail;
|
||||
}
|
||||
|
||||
/* Verify the certificate name matches the host we are connecting to */
|
||||
if (!check_cert_names(cert, peer_host)) {
|
||||
goto fail;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue