First implementation of two-way TLS for scripts. - geomyidae - A small C-based gopherd. (gopher://bitreich.org/1/scm/geomyidae) | |
git clone git://r-36.net/geomyidae | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
commit f66a8a67b9471909016d6f24ce93f39584130a67 | |
parent 3a9cbc78b4777d2dab54bca974f65c708ffc61a5 | |
Author: Christoph Lohmann <20h@r-36.net> | |
Date: Fri, 26 May 2023 06:45:48 +0200 First implementation of two-way TLS for scripts. Diffstat: M main.c | 58 ++++++++++++++++++++++++------- 1 file changed, 45 insertions(+), 13 deletions(-) --- | |
diff --git a/main.c b/main.c | |
@@ -552,7 +552,7 @@ main(int argc, char *argv[])
dotls = 0, dohaproxy = 0, tcpver = -1, haret = 0,
#ifdef ENABLE_TLS
tlssocks[2], shufbuf[1025],
- shuflen, wlen, shufpos,
+ shuflen, wlen, shufpos, tlsclientreader,
#endif /* ENABLE_TLS */
maxrecv, retl,
rlen = 0;
@@ -1049,27 +1049,59 @@ read_selector_again:
perror("fork");
return 1;
default:
- close(tlssocks[1]);
+ tlsclientreader = 1;
+ switch(fork()) {
+ case 0:
+ break;
+ case -1:
+ perror("fork");
+ return 1;
+ default:
+ tlsclientreader = 0;
+ }
+
+ close(tlssocks[tlsclientreader? 1 : 0]);
do {
- shuflen = read(tlssocks[0], shufbuf, sizeof(shufbuf)-1);
+ if (tlsclientreader) {
+ shuflen = read(tlssocks[0], shufbuf, sizeof(shufbuf)-1);
+ } else {
+ shuflen = tls_read(tlsclientctx, shufbuf, sizeof(shufbuf)-1);
+ }
if (shuflen == -1 && errno == EINTR)
continue;
for (shufpos = 0; shufpos < shuflen; shufpos += wlen) {
- wlen = tls_write(tlsclientctx, shufbuf+shufpos, shuflen-shufpos);
- if (wlen < 0) {
- fprintf(stderr, "tls_write failed: %s\n", tls_error(tlsclientctx));
- return 1;
+ if (tlsclientreader) {
+ wlen = tls_write(tlsclientctx, shufbuf+shufpos, shuflen-shufpos);
+ if (wlen < 0) {
+ fprintf(stderr, "tls_write failed: %s\n", tls_error(tlsclientctx));
+ return 1;
+ }
+ } else {
+ wlen = write(tlssocks[1], shufbuf+shufpos, shuflen-shufpos);
+ if (wlen < 0) {
+ perror("write");
+ return 1;
+ }
}
}
} while (shuflen > 0);
- tls_close(tlsclientctx);
- tls_free(tlsclientctx);
- close(tlssocks[0]);
+ if (tlsclientreader) {
+ tls_close(tlsclientctx);
+ tls_free(tlsclientctx);
+ }
+
+ close(tlssocks[tlsclientreader? 0 : 1]);
- waitforpendingbytes(sock);
- shutdown(sock, SHUT_RDWR);
- close(sock);
+ if (tlsclientreader) {
+ /*
+ * Only one process needs
+ * to do this.
+ */
+ waitforpendingbytes(sock);
+ shutdown(sock, SHUT_RDWR);
+ close(sock);
+ }
return 0;
}
} |