aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli/tls_proxy.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/cli/tls_proxy.cpp')
-rw-r--r--src/cli/tls_proxy.cpp179
1 files changed, 98 insertions, 81 deletions
diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp
index 5140654de..25ffabdb8 100644
--- a/src/cli/tls_proxy.cpp
+++ b/src/cli/tls_proxy.cpp
@@ -28,7 +28,7 @@
#include <botan/hex.h>
#if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER)
- #include <botan/tls_session_manager_sqlite.h>
+ #include <botan/tls_session_manager_sqlite.h>
#endif
#include "credentials.h"
@@ -67,28 +67,31 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
typedef boost::shared_ptr<tls_proxy_session> pointer;
- static pointer create(boost::asio::io_service& io,
- Botan::TLS::Session_Manager& session_manager,
- Botan::Credentials_Manager& credentials,
- Botan::TLS::Policy& policy,
- tcp::resolver::iterator endpoints)
+ static pointer create(
+ boost::asio::io_service& io,
+ Botan::TLS::Session_Manager& session_manager,
+ Botan::Credentials_Manager& credentials,
+ Botan::TLS::Policy& policy,
+ tcp::resolver::iterator endpoints)
{
return pointer(
- new tls_proxy_session(
- io,
- session_manager,
- credentials,
- policy,
- endpoints)
- );
+ new tls_proxy_session(
+ io,
+ session_manager,
+ credentials,
+ policy,
+ endpoints)
+ );
}
- tcp::socket& client_socket() { return m_client_socket; }
+ tcp::socket& client_socket()
+ {
+ return m_client_socket;
+ }
void start()
{
m_c2p.resize(readbuf_size);
-
client_read(boost::system::error_code(), 0); // start read loop
}
@@ -103,22 +106,21 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
}
private:
- tls_proxy_session(boost::asio::io_service& io,
- Botan::TLS::Session_Manager& session_manager,
- Botan::Credentials_Manager& credentials,
- Botan::TLS::Policy& policy,
- tcp::resolver::iterator endpoints) :
- m_strand(io),
- m_server_endpoints(endpoints),
- m_client_socket(io),
- m_server_socket(io),
- m_tls(*this,
- session_manager,
- credentials,
- policy,
- m_rng)
- {
- }
+ tls_proxy_session(
+ boost::asio::io_service& io,
+ Botan::TLS::Session_Manager& session_manager,
+ Botan::Credentials_Manager& credentials,
+ Botan::TLS::Policy& policy,
+ tcp::resolver::iterator endpoints)
+ : m_strand(io)
+ , m_server_endpoints(endpoints)
+ , m_client_socket(io)
+ , m_server_socket(io)
+ , m_tls(*this,
+ session_manager,
+ credentials,
+ policy,
+ m_rng) {}
void client_read(const boost::system::error_code& error,
size_t bytes_transferred)
@@ -133,7 +135,9 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
try
{
if(!m_tls.is_active())
+ {
log_binary_message("From client", &m_c2p[0], bytes_transferred);
+ }
m_tls.received_data(&m_c2p[0], bytes_transferred);
}
catch(Botan::Exception& e)
@@ -145,9 +149,11 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
m_client_socket.async_read_some(
boost::asio::buffer(&m_c2p[0], m_c2p.size()),
- m_strand.wrap(boost::bind(&tls_proxy_session::client_read, shared_from_this(),
- boost::asio::placeholders::error,
- boost::asio::placeholders::bytes_transferred)));
+ m_strand.wrap(
+ boost::bind(
+ &tls_proxy_session::client_read, shared_from_this(),
+ boost::asio::placeholders::error,
+ boost::asio::placeholders::bytes_transferred)));
}
void handle_client_write_completion(const boost::system::error_code& error)
@@ -190,7 +196,9 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
void tls_emit_data(const uint8_t buf[], size_t buf_len) override
{
if(buf_len > 0)
+ {
m_p2c_pending.insert(m_p2c_pending.end(), buf, buf + buf_len);
+ }
// no write now active and we still have output pending
if(m_p2c.empty() && !m_p2c_pending.empty())
@@ -202,17 +210,20 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
boost::asio::async_write(
m_client_socket,
boost::asio::buffer(&m_p2c[0], m_p2c.size()),
- m_strand.wrap(boost::bind(
- &tls_proxy_session::handle_client_write_completion,
- shared_from_this(),
- boost::asio::placeholders::error)));
+ m_strand.wrap(
+ boost::bind(
+ &tls_proxy_session::handle_client_write_completion,
+ shared_from_this(),
+ boost::asio::placeholders::error)));
}
}
void proxy_write_to_server(const uint8_t buf[], size_t buf_len)
{
if(buf_len > 0)
+ {
m_p2s_pending.insert(m_p2s_pending.end(), buf, buf + buf_len);
+ }
// no write now active and we still have output pending
if(m_p2s.empty() && !m_p2s_pending.empty())
@@ -224,10 +235,11 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
boost::asio::async_write(
m_server_socket,
boost::asio::buffer(&m_p2s[0], m_p2s.size()),
- m_strand.wrap(boost::bind(
- &tls_proxy_session::handle_server_write_completion,
- shared_from_this(),
- boost::asio::placeholders::error)));
+ m_strand.wrap(
+ boost::bind(
+ &tls_proxy_session::handle_server_write_completion,
+ shared_from_this(),
+ boost::asio::placeholders::error)));
}
}
@@ -261,9 +273,10 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
m_server_socket.async_read_some(
boost::asio::buffer(&m_s2p[0], m_s2p.size()),
- m_strand.wrap(boost::bind(&tls_proxy_session::server_read, shared_from_this(),
- boost::asio::placeholders::error,
- boost::asio::placeholders::bytes_transferred)));
+ m_strand.wrap(
+ boost::bind(&tls_proxy_session::server_read, shared_from_this(),
+ boost::asio::placeholders::error,
+ boost::asio::placeholders::bytes_transferred)));
}
bool tls_session_established(const Botan::TLS::Session& session) override
@@ -273,20 +286,21 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
m_hostname = session.server_info().hostname();
if(m_hostname != "")
+ {
std::cout << "Client requested hostname '" << m_hostname << "'" << std::endl;
+ }
- async_connect(m_server_socket, m_server_endpoints,
- [this](boost::system::error_code ec, tcp::resolver::iterator endpoint)
- {
- if(ec)
- {
- log_error("Server connection", ec);
- return;
- }
-
- server_read(boost::system::error_code(), 0); // start read loop
- proxy_write_to_server(nullptr, 0);
- });
+ auto onConnect = [this](boost::system::error_code ec, tcp::resolver::iterator endpoint)
+ {
+ if(ec)
+ {
+ log_error("Server connection", ec);
+ return;
+ }
+ server_read(boost::system::error_code(), 0); // start read loop
+ proxy_write_to_server(nullptr, 0);
+ };
+ async_connect(m_server_socket, m_server_endpoints, onConnect);
return true;
}
@@ -298,7 +312,9 @@ class tls_proxy_session : public boost::enable_shared_from_this<tls_proxy_sessio
return;
}
else
+ {
std::cout << "Alert " << alert.type_string() << std::endl;
+ }
}
boost::asio::io_service::strand m_strand;
@@ -326,16 +342,17 @@ class tls_proxy_server
public:
typedef tls_proxy_session session;
- tls_proxy_server(boost::asio::io_service& io, unsigned short port,
- tcp::resolver::iterator endpoints,
- Botan::Credentials_Manager& creds,
- Botan::TLS::Policy& policy,
- Botan::TLS::Session_Manager& session_mgr) :
- m_acceptor(io, tcp::endpoint(tcp::v4(), port)),
- m_server_endpoints(endpoints),
- m_creds(creds),
- m_policy(policy),
- m_session_manager(session_mgr)
+ tls_proxy_server(
+ boost::asio::io_service& io, unsigned short port,
+ tcp::resolver::iterator endpoints,
+ Botan::Credentials_Manager& creds,
+ Botan::TLS::Policy& policy,
+ Botan::TLS::Session_Manager& session_mgr)
+ : m_acceptor(io, tcp::endpoint(tcp::v4(), port))
+ , m_server_endpoints(endpoints)
+ , m_creds(creds)
+ , m_policy(policy)
+ , m_session_manager(session_mgr)
{
session::pointer new_session = make_session();
@@ -345,29 +362,26 @@ class tls_proxy_server
&tls_proxy_server::handle_accept,
this,
new_session,
- boost::asio::placeholders::error)
- );
+ boost::asio::placeholders::error));
}
private:
session::pointer make_session()
{
return session::create(
- m_acceptor.get_io_service(),
- m_session_manager,
- m_creds,
- m_policy,
- m_server_endpoints
- );
+ m_acceptor.get_io_service(),
+ m_session_manager,
+ m_creds,
+ m_policy,
+ m_server_endpoints);
}
void handle_accept(session::pointer new_session,
const boost::system::error_code& error)
{
- if (!error)
+ if(!error)
{
new_session->start();
-
new_session = make_session();
m_acceptor.async_accept(
@@ -376,8 +390,7 @@ class tls_proxy_server
&tls_proxy_server::handle_accept,
this,
new_session,
- boost::asio::placeholders::error)
- );
+ boost::asio::placeholders::error));
}
}
@@ -395,7 +408,7 @@ class TLS_Proxy final : public Command
{
public:
TLS_Proxy() : Command("tls_proxy listen_port target_host target_port server_cert server_key "
- "--threads=0 --session-db= --session-db-pass=") {}
+ "--threads=0 --session-db= --session-db-pass=") {}
void go() override
{
@@ -439,12 +452,16 @@ class TLS_Proxy final : public Command
// run forever... first thread is main calling io.run below
for(size_t i = 2; i <= num_threads; ++i)
+ {
threads.push_back(std::make_shared<std::thread>([&io]() { io.run(); }));
+ }
io.run();
- for (size_t i = 0; i < threads.size(); ++i)
+ for(size_t i = 0; i < threads.size(); ++i)
+ {
threads[i]->join();
+ }
}
};
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 21:37:21 +0000