Blame ssltunnel.c

Packit 3adb1e
/* ====================================================================
Packit 3adb1e
 *    Licensed to the Apache Software Foundation (ASF) under one
Packit 3adb1e
 *    or more contributor license agreements.  See the NOTICE file
Packit 3adb1e
 *    distributed with this work for additional information
Packit 3adb1e
 *    regarding copyright ownership.  The ASF licenses this file
Packit 3adb1e
 *    to you under the Apache License, Version 2.0 (the
Packit 3adb1e
 *    "License"); you may not use this file except in compliance
Packit 3adb1e
 *    with the License.  You may obtain a copy of the License at
Packit 3adb1e
 *
Packit 3adb1e
 *      http://www.apache.org/licenses/LICENSE-2.0
Packit 3adb1e
 *
Packit 3adb1e
 *    Unless required by applicable law or agreed to in writing,
Packit 3adb1e
 *    software distributed under the License is distributed on an
Packit 3adb1e
 *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
Packit 3adb1e
 *    KIND, either express or implied.  See the License for the
Packit 3adb1e
 *    specific language governing permissions and limitations
Packit 3adb1e
 *    under the License.
Packit 3adb1e
 * ====================================================================
Packit 3adb1e
 */
Packit 3adb1e
Packit 3adb1e
/*** Setup a SSL tunnel over a HTTP proxy, according to RFC 2817. ***/
Packit 3adb1e
Packit 3adb1e
#include <apr_pools.h>
Packit 3adb1e
#include <apr_strings.h>
Packit 3adb1e
Packit 3adb1e
#include "serf.h"
Packit 3adb1e
#include "serf_private.h"
Packit 3adb1e
Packit 3adb1e
Packit 3adb1e
/* Structure passed around as baton for the CONNECT request and respone. */
Packit 3adb1e
typedef struct {
Packit 3adb1e
    apr_pool_t *pool;
Packit 3adb1e
    const char *uri;
Packit 3adb1e
} req_ctx_t;
Packit 3adb1e
Packit 3adb1e
/* forward declaration. */
Packit 3adb1e
static apr_status_t setup_request(serf_request_t *request,
Packit 3adb1e
                                  void *setup_baton,
Packit 3adb1e
                                  serf_bucket_t **req_bkt,
Packit 3adb1e
                                  serf_response_acceptor_t *acceptor,
Packit 3adb1e
                                  void **acceptor_baton,
Packit 3adb1e
                                  serf_response_handler_t *handler,
Packit 3adb1e
                                  void **handler_baton,
Packit 3adb1e
                                  apr_pool_t *pool);
Packit 3adb1e
Packit 3adb1e
static serf_bucket_t* accept_response(serf_request_t *request,
Packit 3adb1e
                                      serf_bucket_t *stream,
Packit 3adb1e
                                      void *acceptor_baton,
Packit 3adb1e
                                      apr_pool_t *pool)
Packit 3adb1e
{
Packit 3adb1e
    serf_bucket_t *c;
Packit 3adb1e
    serf_bucket_alloc_t *bkt_alloc;
Packit 3adb1e
#if 0
Packit 3adb1e
    req_ctx_t *ctx = acceptor_baton;
Packit 3adb1e
#endif
Packit 3adb1e
Packit 3adb1e
    /* get the per-request bucket allocator */
Packit 3adb1e
    bkt_alloc = serf_request_get_alloc(request);
Packit 3adb1e
Packit 3adb1e
    /* Create a barrier so the response doesn't eat us! */
Packit 3adb1e
    c = serf_bucket_barrier_create(stream, bkt_alloc);
Packit 3adb1e
Packit 3adb1e
    return serf_bucket_response_create(c, bkt_alloc);
Packit 3adb1e
}
Packit 3adb1e
Packit 3adb1e
/* If a 200 OK was received for the CONNECT request, consider the connection
Packit 3adb1e
   as ready for use. */
Packit 3adb1e
static apr_status_t handle_response(serf_request_t *request,
Packit 3adb1e
                                    serf_bucket_t *response,
Packit 3adb1e
                                    void *handler_baton,
Packit 3adb1e
                                    apr_pool_t *pool)
Packit 3adb1e
{
Packit 3adb1e
    apr_status_t status;
Packit 3adb1e
    serf_status_line sl;
Packit 3adb1e
    req_ctx_t *ctx = handler_baton;
Packit 3adb1e
    serf_connection_t *conn = request->conn;
Packit 3adb1e
Packit 3adb1e
    /* CONNECT request was cancelled. Assuming that this is during connection
Packit 3adb1e
       reset, we can safely discard the request as a new one will be created
Packit 3adb1e
       when setting up the next connection. */
Packit 3adb1e
    if (!response)
Packit 3adb1e
        return APR_SUCCESS;
Packit 3adb1e
Packit 3adb1e
    status = serf_bucket_response_status(response, &sl);
Packit 3adb1e
    if (SERF_BUCKET_READ_ERROR(status)) {
Packit 3adb1e
        return status;
Packit 3adb1e
    }
Packit 3adb1e
    if (!sl.version && (APR_STATUS_IS_EOF(status) ||
Packit 3adb1e
                      APR_STATUS_IS_EAGAIN(status)))
Packit 3adb1e
    {
Packit 3adb1e
        return status;
Packit 3adb1e
    }
Packit 3adb1e
Packit 3adb1e
    status = serf_bucket_response_wait_for_headers(response);
Packit 3adb1e
    if (status && !APR_STATUS_IS_EOF(status)) {
Packit 3adb1e
        return status;
Packit 3adb1e
    }
Packit 3adb1e
Packit 3adb1e
    /* RFC 2817:  Any successful (2xx) response to a CONNECT request indicates
Packit 3adb1e
       that the proxy has established a connection to the requested host and
Packit 3adb1e
       port, and has switched to tunneling the current connection to that server
Packit 3adb1e
       connection.
Packit 3adb1e
    */
Packit 3adb1e
    if (sl.code >= 200 && sl.code < 300) {
Packit 3adb1e
        serf_bucket_t *hdrs;
Packit 3adb1e
        const char *val;
Packit 3adb1e
Packit 3adb1e
        conn->state = SERF_CONN_CONNECTED;
Packit 3adb1e
Packit 3adb1e
        /* Body is supposed to be empty. */
Packit 3adb1e
        apr_pool_destroy(ctx->pool);
Packit 3adb1e
        serf_bucket_destroy(conn->ssltunnel_ostream);
Packit 3adb1e
        serf_bucket_destroy(conn->stream);
Packit 3adb1e
        conn->stream = NULL;
Packit 3adb1e
        ctx = NULL;
Packit 3adb1e
Packit 3adb1e
        serf__log_skt(CONN_VERBOSE, __FILE__, conn->skt,
Packit 3adb1e
                      "successfully set up ssl tunnel.\n");
Packit 3adb1e
Packit 3adb1e
        /* Fix for issue #123: ignore the "Connection: close" header here,
Packit 3adb1e
           leaving the header in place would make the serf's main context
Packit 3adb1e
           loop close this connection immediately after reading the 200 OK
Packit 3adb1e
           response. */
Packit 3adb1e
Packit 3adb1e
        hdrs = serf_bucket_response_get_headers(response);
Packit 3adb1e
        val = serf_bucket_headers_get(hdrs, "Connection");
Packit 3adb1e
        if (val && strcasecmp("close", val) == 0) {
Packit 3adb1e
            serf__log_skt(CONN_VERBOSE, __FILE__, conn->skt,
Packit 3adb1e
                      "Ignore Connection: close header on this reponse, don't "
Packit 3adb1e
                      "close the connection now that the tunnel is set up.\n");
Packit 3adb1e
            serf__bucket_headers_remove(hdrs, "Connection");
Packit 3adb1e
        }
Packit 3adb1e
Packit 3adb1e
        return APR_EOF;
Packit 3adb1e
    }
Packit 3adb1e
Packit 3adb1e
    /* Authentication failure and 2xx Ok are handled at this point,
Packit 3adb1e
       the rest are errors. */
Packit 3adb1e
    return SERF_ERROR_SSLTUNNEL_SETUP_FAILED;
Packit 3adb1e
}
Packit 3adb1e
Packit 3adb1e
/* Prepare the CONNECT request. */
Packit 3adb1e
static apr_status_t setup_request(serf_request_t *request,
Packit 3adb1e
                                  void *setup_baton,
Packit 3adb1e
                                  serf_bucket_t **req_bkt,
Packit 3adb1e
                                  serf_response_acceptor_t *acceptor,
Packit 3adb1e
                                  void **acceptor_baton,
Packit 3adb1e
                                  serf_response_handler_t *handler,
Packit 3adb1e
                                  void **handler_baton,
Packit 3adb1e
                                  apr_pool_t *pool)
Packit 3adb1e
{
Packit 3adb1e
    req_ctx_t *ctx = setup_baton;
Packit 3adb1e
Packit 3adb1e
    *req_bkt =
Packit 3adb1e
        serf_request_bucket_request_create(request,
Packit 3adb1e
                                           "CONNECT", ctx->uri,
Packit 3adb1e
                                           NULL,
Packit 3adb1e
                                           serf_request_get_alloc(request));
Packit 3adb1e
    *acceptor = accept_response;
Packit 3adb1e
    *acceptor_baton = ctx;
Packit 3adb1e
    *handler = handle_response;
Packit 3adb1e
    *handler_baton = ctx;
Packit 3adb1e
Packit 3adb1e
    return APR_SUCCESS;
Packit 3adb1e
}
Packit 3adb1e
Packit 3adb1e
static apr_status_t detect_eof(void *baton, serf_bucket_t *aggregate_bucket)
Packit 3adb1e
{
Packit 3adb1e
    serf_connection_t *conn = baton;
Packit 3adb1e
    conn->hit_eof = 1;
Packit 3adb1e
    return APR_EAGAIN;
Packit 3adb1e
}
Packit 3adb1e
Packit 3adb1e
/* SSL tunnel is needed, push a CONNECT request on the connection. */
Packit 3adb1e
apr_status_t serf__ssltunnel_connect(serf_connection_t *conn)
Packit 3adb1e
{
Packit 3adb1e
    req_ctx_t *ctx;
Packit 3adb1e
    apr_pool_t *ssltunnel_pool;
Packit 3adb1e
Packit 3adb1e
    apr_pool_create(&ssltunnel_pool, conn->pool);
Packit 3adb1e
Packit 3adb1e
    ctx = apr_palloc(ssltunnel_pool, sizeof(*ctx));
Packit 3adb1e
    ctx->pool = ssltunnel_pool;
Packit 3adb1e
    ctx->uri = apr_psprintf(ctx->pool, "%s:%d", conn->host_info.hostname,
Packit 3adb1e
                            conn->host_info.port);
Packit 3adb1e
Packit 3adb1e
    conn->ssltunnel_ostream = serf__bucket_stream_create(conn->allocator,
Packit 3adb1e
                                                         detect_eof,
Packit 3adb1e
                                                         conn);
Packit 3adb1e
Packit 3adb1e
    serf__ssltunnel_request_create(conn,
Packit 3adb1e
                                   setup_request,
Packit 3adb1e
                                   ctx);
Packit 3adb1e
Packit 3adb1e
    conn->state = SERF_CONN_SETUP_SSLTUNNEL;
Packit 3adb1e
    serf__log_skt(CONN_VERBOSE, __FILE__, conn->skt,
Packit 3adb1e
                  "setting up ssl tunnel on connection.\n");
Packit 3adb1e
Packit 3adb1e
    return APR_SUCCESS;
Packit 3adb1e
}