mirror of
https://github.com/proxytunnel/proxytunnel.git
synced 2026-07-17 16:34:53 +00:00
Apply debian patch: 001_apache_bug_29744_workaround.patch
This commit is contained in:
parent
cb336cab71
commit
8395e7a258
5 changed files with 49 additions and 2 deletions
5
README
5
README
|
|
@ -33,6 +33,11 @@ Standard options:
|
|||
-e, --encrypt SSL encrypt data between local proxy and destination
|
||||
-E, --encrypt-proxy SSL encrypt data between client and local proxy
|
||||
-X, --encrypt-remproxy SSL encrypt data between local and remote proxy
|
||||
-W, --wa-bug-29744 workaround ASF Bugzilla 29744, if SSL is active stop
|
||||
using it after CONNECT (might not work on all setups;
|
||||
see /usr/share/doc/proxytunnel/README.Debian.gz)
|
||||
-B, --buggy-encrypt-proxy Equivalent to -E -W, provided for backwards
|
||||
compatibility
|
||||
-L (legacy) enforce TLSv1 connection
|
||||
-T, --no-ssl3 Do not connect using SSLv3
|
||||
|
||||
|
|
|
|||
26
cmdline.c
26
cmdline.c
|
|
@ -59,6 +59,11 @@ void cmdline_parser_print_help (void) {
|
|||
" -e, --encrypt SSL encrypt data between local proxy and destination\n"
|
||||
" -E, --encrypt-proxy SSL encrypt data between client and local proxy\n"
|
||||
" -X, --encrypt-remproxy SSL encrypt data between local and remote proxy\n"
|
||||
" -W, --wa-bug-29744 Workaround ASF Bugzilla 29744: if SSL is active stop\n"
|
||||
" using it after CONNECT (might not work on all setups; see\n"
|
||||
" /usr/share/doc/proxytunnel/README.Debian.gz)\n"
|
||||
" -B, --buggy-encrypt-proxy Equivalent to -E -W, provided for backwards\n"
|
||||
" compatibility\n"
|
||||
" -L (legacy) enforce TLSv1 connection\n"
|
||||
" -T, --no-ssl3 Do not connect using SSLv3\n"
|
||||
#endif
|
||||
|
|
@ -138,6 +143,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
|
|||
args_info->encrypt_given = 0;
|
||||
args_info->encryptproxy_given = 0;
|
||||
args_info->encryptremproxy_given = 0;
|
||||
args_info->wa_bug_29744_given = 0;
|
||||
args_info->proctitle_given = 0;
|
||||
args_info->enforcetls1_given = 0;
|
||||
args_info->host_given = 0;
|
||||
|
|
@ -166,6 +172,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
|
|||
args_info->encrypt_flag = 0; \
|
||||
args_info->encryptproxy_flag = 0; \
|
||||
args_info->encryptremproxy_flag = 0; \
|
||||
args_info->wa_bug_29744_flag = 0; \
|
||||
args_info->no_ssl3_flag = 0; \
|
||||
args_info->proctitle_arg = NULL; \
|
||||
args_info->enforcetls1_flag = 0; \
|
||||
|
|
@ -215,15 +222,17 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
|
|||
{ "encrypt", 0, NULL, 'e' },
|
||||
{ "encrypt-proxy", 0, NULL, 'E' },
|
||||
{ "encrypt-remproxy",0,NULL, 'X' },
|
||||
{ "wa-bug-29744", 0, NULL, 'W' },
|
||||
{ "buggy-encrypt-proxy", 0, NULL, 'B' },
|
||||
{ "no-ssl3", 0, NULL, 'T' },
|
||||
{ "no-check-certificate",0,NULL,'z' },
|
||||
{ "cacert", 1, NULL, 'C' },
|
||||
{ NULL, 0, NULL, 0 }
|
||||
};
|
||||
|
||||
c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXqLo:TzC:", long_options, &option_index);
|
||||
c = getopt_long (argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXWBqLo:TzC:", long_options, &option_index);
|
||||
#else
|
||||
c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXqLo:TzC:" );
|
||||
c = getopt( argc, argv, "hVia:u:s:t:F:p:P:r:R:d:H:x:nvNeEXWBqLo:TzC:" );
|
||||
#endif
|
||||
|
||||
if (c == -1)
|
||||
|
|
@ -247,6 +256,19 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
|
|||
if( args_info->verbose_flag )
|
||||
message("SSL client to proxy enabled\n");
|
||||
break;
|
||||
|
||||
case 'W': /* if SSL is active stop it after CONNECT */
|
||||
args_info->wa_bug_29744_flag = !(args_info->wa_bug_29744_flag);
|
||||
if( args_info->verbose_flag )
|
||||
message("If SSL is active stop it after CONNECT\n");
|
||||
break;
|
||||
|
||||
case 'B': /* do -E -W */
|
||||
args_info->wa_bug_29744_flag = !(args_info->wa_bug_29744_flag);
|
||||
args_info->encryptproxy_flag = !(args_info->encryptproxy_flag);
|
||||
if( args_info->verbose_flag )
|
||||
message("SSL client to proxy enabled, only until CONNECT\n");
|
||||
break;
|
||||
#endif
|
||||
|
||||
case 'i': /* Run from inetd. */
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ struct gengetopt_args_info {
|
|||
int encrypt_flag; /* Turn on SSL encryption (default=off). */
|
||||
int encryptproxy_flag; /* Turn on client to proxy SSL encryption (def=off).*/
|
||||
int encryptremproxy_flag; /* Turn on local to remote proxy SSL encryption (def=off).*/
|
||||
int wa_bug_29744_flag; /* Use SSL encryption only until CONNECT, if at all (def=off).*/
|
||||
int no_ssl3_flag; /* Turn off SSLv3 (default=on) */
|
||||
char *proctitle_arg; /* Override process title (default=off). */
|
||||
int enforcetls1_flag; /* Override default and enforce TLSv1 */
|
||||
|
|
@ -75,6 +76,7 @@ struct gengetopt_args_info {
|
|||
int encrypt_given; /* Whether encrypt was given */
|
||||
int encryptproxy_given; /* Whether encrypt was given */
|
||||
int encryptremproxy_given; /* Whether encrypt was given */
|
||||
int wa_bug_29744_given; /* Whether work around was given */
|
||||
int proctitle_given; /* Whether to override process title */
|
||||
int enforcetls1_given; /* Wheter to enforce TLSv1 */
|
||||
int host_given; /* Wheter we override the Host Header */
|
||||
|
|
|
|||
|
|
@ -46,6 +46,14 @@ also be used for other proxy-traversing purposes like proxy bouncing.
|
|||
*-X*, *--encrypt-remproxy*::
|
||||
SSL encrypt data between local and remote (secondary) proxy
|
||||
|
||||
*-W*, *--wa-bug-29744*::
|
||||
If SSL is in use (by *-e*, *-E*, *-X* options), stop using it
|
||||
immediately after the CONNECT exchange to workaround apache server
|
||||
bugs. (This might not work on all setups; see
|
||||
/usr/share/doc/proxytunnel/README.Debian.gz for more details.)
|
||||
|
||||
*-B*, *--buggy-encrypt-proxy*::
|
||||
Equivalent to *-E -W*. (Provided for backwards compatibility.)
|
||||
|
||||
== ADDITIONAL OPTIONS
|
||||
|
||||
|
|
|
|||
10
http.c
10
http.c
|
|
@ -149,6 +149,11 @@ void proxy_protocol(PTSTREAM *pts) {
|
|||
// if( args_info.verbose_flag )
|
||||
// message( "Data received from local proxy:\n");
|
||||
|
||||
if( args_info.wa_bug_29744_flag && !args_info.encryptremproxy_flag && pts->ssl ) {
|
||||
message( "Switching to non-SSL communication (local proxy)\n");
|
||||
pts->ssl = 0;
|
||||
}
|
||||
|
||||
/* Read the first line of the response and analyze it */
|
||||
analyze_HTTP(pts);
|
||||
|
||||
|
|
@ -191,6 +196,11 @@ void proxy_protocol(PTSTREAM *pts) {
|
|||
// if( args_info.verbose_flag )
|
||||
// message( "Received from remote proxy:\n");
|
||||
|
||||
if( args_info.wa_bug_29744_flag && pts->ssl ) {
|
||||
message( "Switching to non-SSL communication (remote proxy)\n");
|
||||
pts->ssl = 0;
|
||||
}
|
||||
|
||||
/* Read the first line of the response and analyze it */
|
||||
analyze_HTTP(pts);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue