Commit Graph

6 Commits

Author SHA1 Message Date
Adrien Destugues
c614961364 Implement CONNECT pass-through for HTTPS proxy
* When using a proxy, HTTPS connexion must still go directly to the
  target website. The proxy can then act as a TCP stream relay and just
  transmit the raw SSL stream between the client and website.
* For this, we ask the proxy sending an HTTP request with the CONNECT
  method. If the proxy supports this, we can then send anything as the
  payload and it will be forwarded.
* Untested, as the network here in Dusseldorf doesn't let me use a
  proxy.

ticket : #10973
2015-11-11 01:16:38 +01:00
Adrien Destugues
c86ad7f93b Add more features in BCertificate class
* Make it possible to extract more useful data from the certificate
* Also get the OpenSSL error message when a certificate can't be
validated. Send it to the verification failure callback so it can be
shown to the user.
2014-11-06 15:01:59 +01:00
Julian Harnath
d10ecc2c41 Style fix: add parameter name
* As pointed out by Axel.
2014-02-22 13:51:55 +00:00
Julian Harnath
c99d7ea45c Fix double-free crash in BSecureSocket when cert. verification fails
* BSecureSocket::CertificateVerificationFailed() took a BCertificate
  instance by value as parameter.
  BCertificate deletes internal data in its destructor. Passing an
  object by value creates a copy, so the copy attempted to delete
  the internal data again during its destruction.
  This caused mail_daemon to crash here when it came across a failed
  certificate.

* Fix: pass BCertificate object as reference.
2014-02-22 02:09:55 +00:00
Adrien Destugues
5ebdc79955 SecureSocket: add some certificate support
* Instead of creating an OpenSSL context ofor each socket, use a global
one and initialize it lazily when the first SecureSocket is created
* Load the certificates from our certificate list so SSL certificates
sent by servers can be validated.
* Add a callback for signalling that certificate validation failed, the
default implementation proceeds with the connection anyway (to keep the
old behavior).
* Introduce BCertificate class, that provides some information about a
certificate. Currently it's only used by the callback mentionned above,
but it will be possible to get the leaf certificate for the connection
after it's established.

Review of the API and implementation is welcome, before I start making
use of this in HttpRequest and WebKit to allow the user to accept new
certificates.
2014-01-15 17:45:21 +01:00
Axel Dörfler
0e478f5aec Added experimental version of a Socket API with SSL support.
* Each class has a Socket() method to retrieve the underlaying file descriptor
  to be able to do the more advanced stuff, if necessary.
* A server socket is yet missing, but the rest is pretty much covered.
2011-11-21 22:07:52 +01:00