generated from P3TERX/Actions-OpenWrt
-
Notifications
You must be signed in to change notification settings - Fork 25
/
3proxy_for_win.diff
312 lines (298 loc) · 11.3 KB
/
3proxy_for_win.diff
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
diff --git a/Makefile.msvc64 b/Makefile.msvc64
index 2a5f171d..c384de33 100644
--- a/Makefile.msvc64
+++ b/Makefile.msvc64
@@ -27,6 +27,7 @@ COMPFILES = *.pch *.idb
REMOVECOMMAND = del 2>NUL >NUL
TYPECOMMAND = type
COMPATLIBS =
+MAKEFILE = Makefile.msvc64
VERFILE = 3proxy.res $(VERFILE)
VERSIONDEP = 3proxy.res $(VERSIONDEP)
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
diff --git a/src/plugins/SSLPlugin/my_ssl.c b/src/plugins/SSLPlugin/my_ssl.c
index 94e931cf..e51a98b0 100644
--- a/src/plugins/SSLPlugin/my_ssl.c
+++ b/src/plugins/SSLPlugin/my_ssl.c
@@ -117,12 +117,11 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
return NULL;
}
- if(config->certcache){
- bin2hex(hash_sha1, 20, hash_name_sha1, sizeof(hash_name_sha1));
- sprintf(cache_name, "%s%s.pem", config->certcache, hash_name_sha1);
- /* check if certificate is already cached */
- fcache = BIO_new_file(cache_name, "rb");
- if ( fcache != NULL ) {
+ bin2hex(hash_sha1, 20, hash_name_sha1, sizeof(hash_name_sha1));
+ sprintf(cache_name, "%s%s.pem", config->certcache, hash_name_sha1);
+ /* check if certificate is already cached */
+ fcache = BIO_new_file(cache_name, "rb");
+ if ( fcache != NULL ) {
#ifndef _WIN32
flock(BIO_get_fd(fcache, NULL), LOCK_SH);
#endif
@@ -134,8 +133,8 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
if ( dst_cert != NULL ){
return dst_cert;
}
- }
}
+
/* proceed if certificate is not cached */
dst_cert = X509_dup(src_cert);
if ( dst_cert == NULL ) {
@@ -166,9 +165,8 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
/* write to cache */
- if(config->certcache){
- fcache = BIO_new_file(cache_name, "wb");
- if ( fcache != NULL ) {
+ fcache = BIO_new_file(cache_name, "wb");
+ if ( fcache != NULL ) {
#ifndef _WIN32
flock(BIO_get_fd(fcache, NULL), LOCK_EX);
#endif
@@ -177,7 +175,6 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
flock(BIO_get_fd(fcache, NULL), LOCK_UN);
#endif
BIO_free(fcache);
- }
}
return dst_cert;
}
@@ -427,4 +424,3 @@ void ssl_init()
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
}
}
-
diff --git a/src/plugins/SSLPlugin/my_ssl.h b/src/plugins/SSLPlugin/my_ssl.h
index d8af84c8..3dc04a19 100644
--- a/src/plugins/SSLPlugin/my_ssl.h
+++ b/src/plugins/SSLPlugin/my_ssl.h
@@ -29,9 +29,6 @@ struct ssl_config {
char * server_ciphersuites;
char * client_cipher_list;
char * server_cipher_list;
- char * client_ca_file;
- char * client_ca_dir;
- char * client_ca_store;
};
typedef struct ssl_config SSL_CONFIG;
@@ -68,4 +65,4 @@ void _ssl_cert_free(SSL_CERT cert);
void ssl_init(void);
-#endif // __my_ssl_h__
\ No newline at end of file
+#endif // __my_ssl_h__
diff --git a/src/plugins/SSLPlugin/ssl_plugin.c b/src/plugins/SSLPlugin/ssl_plugin.c
index 973292e7..6c30ebd6 100644
--- a/src/plugins/SSLPlugin/ssl_plugin.c
+++ b/src/plugins/SSLPlugin/ssl_plugin.c
@@ -36,11 +36,6 @@ static int ssl_connect_timeout = 0;
char *certcache = NULL;
char *srvcert = NULL;
char *srvkey = NULL;
-char *server_ca_file = NULL;
-char *server_ca_key = NULL;
-char *client_ca_file = NULL;
-char *client_ca_dir = NULL;
-char *client_ca_store = NULL;
int mitm = 0;
int serv = 0;
int ssl_inited = 0;
@@ -346,45 +341,25 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
if(server_ciphersuites) sc->server_ciphersuites = strdup(server_ciphersuites);
if(client_cipher_list) sc->client_cipher_list = strdup(client_cipher_list);
if(server_cipher_list) sc->server_cipher_list = strdup(server_cipher_list);
- if(srvkey){
- sc->server_key = getKey(srvkey);
- if(!sc->server_key){
- fprintf(stderr, "failed to read: %s\n", srvkey);
- return sc;
- }
- }
- if(client_ca_file)sc->client_ca_file=client_ca_file;
- if(client_ca_dir)sc->client_ca_dir=client_ca_dir;
- if(client_ca_store)sc->client_ca_dir=client_ca_store;
-
if(mitm){
- if(!server_ca_file){
- if(!certcache) {
- return sc;
- }
- sprintf(fname, "%.240s3proxy.pem", certcache);
+ if(!certcache) {
+ return sc;
}
- sc->CA_cert = getCert(server_ca_file?server_ca_file:fname);
+ sprintf(fname, "%.240s3proxy.pem", certcache);
+ sc->CA_cert = getCert(fname);
if(!sc->CA_cert){
- fprintf(stderr, "failed to read: %s\n", server_ca_file?server_ca_file:fname);
+ fprintf(stderr, "failed to read: %s\n", fname);
return sc;
}
- if(!server_ca_key){
- if(!certcache) {
- return sc;
- }
- sprintf(fname, "%.240s3proxy.key", sc->certcache);
- }
- sc->CA_key = getKey(server_ca_key?server_ca_key:fname);
+ sprintf(fname, "%.240s3proxy.key", sc->certcache);
+ sc->CA_key = getKey(fname);
if(!sc->CA_key){
- fprintf(stderr, "failed to read: %s\n", server_ca_key?server_ca_key:fname);
+ fprintf(stderr, "failed to read: %s\n", fname);
return sc;
- }
- if(!sc->server_key && sc->certcache){
- sprintf(fname, "%.128sserver.key", sc->certcache);
- sc->server_key = getKey(fname);
- }
+ }
+ sprintf(fname, "%.128sserver.key", sc->certcache);
+ sc->server_key = getKey(fname);
sc->mitm = 1;
srv->so._send = ssl_send;
srv->so._recv = ssl_recv;
@@ -403,7 +378,9 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
fprintf(stderr, "failed to read: %s\n", srvcert);
return sc;
}
+ sc->server_key = getKey(srvkey);
if(!sc->server_key){
+ fprintf(stderr, "failed to read: %s\n", srvkey);
return sc;
}
if(!(sc->cli_ctx = ssl_cli_ctx(sc, sc->server_cert, sc->server_key, &errSSL))){
@@ -435,21 +412,8 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
if(sc->client_cipher_list)SSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_cipher_list);
if(sc->client_ciphersuites)SSL_CTX_set_ciphersuites(sc->srv_ctx, sc->client_ciphersuites);
if(sc->client_verify){
- if(sc->client_ca_file && sc->client_ca_dir){
- SSL_CTX_load_verify_locations(sc->srv_ctx, sc->client_ca_file, sc->client_ca_dir);
- }
- else if(sc->client_ca_file){
- SSL_CTX_load_verify_file(sc->srv_ctx, sc->client_ca_file);
- }
- else if(sc->client_ca_dir){
- SSL_CTX_load_verify_dir(sc->srv_ctx, sc->client_ca_dir);
- }
- else if(sc->client_ca_store){
- SSL_CTX_load_verify_store(sc->srv_ctx, sc->client_ca_store);
- }
- else
- SSL_CTX_set_default_verify_paths(sc->srv_ctx);
SSL_CTX_set_verify(sc->srv_ctx, SSL_VERIFY_PEER, verify_callback);
+ SSL_CTX_set_default_verify_paths(sc->srv_ctx);
}
}
return sc;
@@ -459,6 +423,7 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
static FILTER_ACTION ssl_filter_client(void *fo, struct clientparam * param, void** fc){
struct SSLstate *ssls;
+ unsigned long ul;
ssls = (struct SSLstate *) malloc(sizeof(struct SSLstate));
memset(ssls, 0, sizeof(struct SSLstate));
@@ -540,9 +505,6 @@ static void ssl_filter_close(void *fo){
free(CONFIG->server_ciphersuites);
free(CONFIG->client_cipher_list);
free(CONFIG->server_cipher_list);
- free(CONFIG->client_ca_file);
- free(CONFIG->client_ca_dir);
- free(CONFIG->client_ca_store);
free(fo);
}
@@ -663,36 +625,6 @@ static int h_server_ciphersuites(int argc, unsigned char **argv){
return 0;
}
-static int h_server_ca_file(int argc, unsigned char **argv){
- free(server_ca_file);
- server_ca_file = argc > 1? strdup((char *)argv[1]) : NULL;
- return 0;
-}
-
-static int h_server_ca_key(int argc, unsigned char **argv){
- free(server_ca_key);
- server_ca_key = argc > 1? strdup((char *)argv[1]) : NULL;
- return 0;
-}
-
-static int h_client_ca_file(int argc, unsigned char **argv){
- free(client_ca_file);
- client_ca_file = argc > 1? strdup((char *)argv[1]) : NULL;
- return 0;
-}
-
-static int h_client_ca_dir(int argc, unsigned char **argv){
- free(client_ca_dir);
- client_ca_dir = argc > 1? strdup((char *)argv[1]) : NULL;
- return 0;
-}
-
-static int h_client_ca_store(int argc, unsigned char **argv){
- free(client_ca_store);
- client_ca_store = argc > 1? strdup((char *)argv[1]) : NULL;
- return 0;
-}
-
struct vermap{
char *sver;
int iver;
@@ -764,23 +696,18 @@ static struct commands ssl_commandhandlers[] = {
{ssl_commandhandlers+2, "ssl_nomitm", h_nomitm, 1, 1},
{ssl_commandhandlers+3, "ssl_serv", h_serv, 1, 1},
{ssl_commandhandlers+4, "ssl_noserv", h_serv, 1, 1},
- {ssl_commandhandlers+5, "ssl_server_cert", h_srvcert, 1, 2},
- {ssl_commandhandlers+6, "ssl_server_key", h_srvkey, 1, 2},
- {ssl_commandhandlers+7, "ssl_server_ca_file", h_server_ca_file, 1, 2},
- {ssl_commandhandlers+8, "ssl_server_ca_key", h_server_ca_key, 1, 2},
- {ssl_commandhandlers+9, "ssl_client_ca_file", h_client_ca_file, 1, 2},
- {ssl_commandhandlers+10, "ssl_client_ca_dir", h_client_ca_dir, 1, 2},
- {ssl_commandhandlers+11, "ssl_client_ca_store", h_client_ca_store, 1, 2},
- {ssl_commandhandlers+12, "ssl_client_ciphersuites", h_client_ciphersuites, 1, 2},
- {ssl_commandhandlers+13, "ssl_server_ciphersuites", h_server_ciphersuites, 1, 2},
- {ssl_commandhandlers+14, "ssl_client_cipher_list", h_client_cipher_list, 1, 2},
- {ssl_commandhandlers+15, "ssl_server_cipher_list", h_server_cipher_list, 1, 2},
- {ssl_commandhandlers+16, "ssl_client_min_proto_version", h_client_min_proto_version, 1, 2},
- {ssl_commandhandlers+17, "ssl_server_min_proto_version", h_server_min_proto_version, 1, 2},
- {ssl_commandhandlers+18, "ssl_client_max_proto_version", h_client_max_proto_version, 1, 2},
- {ssl_commandhandlers+19, "ssl_server_max_proto_version", h_server_max_proto_version, 1, 2},
- {ssl_commandhandlers+20, "ssl_client_verify", h_client_verify, 1, 1},
- {ssl_commandhandlers+21, "ssl_client_no_verify", h_no_client_verify, 1, 1},
+ {ssl_commandhandlers+5, "ssl_srvcert", h_srvcert, 1, 2},
+ {ssl_commandhandlers+6, "ssl_srvkey", h_srvkey, 1, 2},
+ {ssl_commandhandlers+7, "ssl_client_ciphersuites", h_client_ciphersuites, 1, 2},
+ {ssl_commandhandlers+8, "ssl_server_ciphersuites", h_server_ciphersuites, 1, 2},
+ {ssl_commandhandlers+9, "ssl_client_cipher_list", h_client_cipher_list, 1, 2},
+ {ssl_commandhandlers+10, "ssl_server_cipher_list", h_server_cipher_list, 1, 2},
+ {ssl_commandhandlers+11, "ssl_client_min_proto_version", h_client_min_proto_version, 1, 2},
+ {ssl_commandhandlers+12, "ssl_server_min_proto_version", h_server_min_proto_version, 1, 2},
+ {ssl_commandhandlers+13, "ssl_client_max_proto_version", h_client_max_proto_version, 1, 2},
+ {ssl_commandhandlers+14, "ssl_server_max_proto_version", h_server_max_proto_version, 1, 2},
+ {ssl_commandhandlers+15, "ssl_client_verify", h_client_verify, 1, 1},
+ {ssl_commandhandlers+16, "ssl_client_no_verify", h_no_client_verify, 1, 1},
{NULL, "ssl_certcache", h_certcache, 2, 2},
};
@@ -810,24 +737,10 @@ PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink,
server_min_proto_version = 0;
server_max_proto_version = 0;
client_verify = 0;
- free(client_ciphersuites);
client_ciphersuites = NULL;
- free(server_ciphersuites);
server_ciphersuites = NULL;
- free(client_cipher_list);
client_cipher_list = NULL;
- free(server_cipher_list);
server_cipher_list = NULL;
- free(server_ca_file);
- server_ca_file = NULL;
- free(server_ca_key);
- server_ca_key = NULL;
- free(client_ca_file);
- client_ca_file = NULL;
- free(client_ca_dir);
- client_ca_dir = NULL;
- free(client_ca_store);
- client_ca_store = NULL;
if(!ssl_loaded){