summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2017-06-30 13:51:32 +0200
committerJulian Andres Klode <jak@debian.org>2017-06-30 14:57:54 +0200
commit4b1d19fe5619ef46c952ca84531759a981741482 (patch)
tree81bf3d79c74ee31496e804aff218acb189dc2131
parentd3a70c3e5ae68a0e5a3d4667dd1d0fc0887e6263 (diff)
Allow running the TLS stack on any lower connection
This is especially needed if we use an HTTPS proxy to CONNECT to an HTTPS URI, as we run TLS-inside-TLS then.
-rw-r--r--methods/connect.cc20
1 files changed, 19 insertions, 1 deletions
diff --git a/methods/connect.cc b/methods/connect.cc
index fd37d19f7..f58a67db3 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -656,7 +656,25 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd,
tlsFd->UnderlyingFd = MethodFd::FromFd(-1); // For now
gnutls_init(&tlsFd->session, GNUTLS_CLIENT | GNUTLS_NONBLOCK);
- gnutls_transport_set_int(tlsFd->session, dynamic_cast<FdFd *>(Fd.get())->fd);
+
+ FdFd *fdfd = dynamic_cast<FdFd *>(Fd.get());
+ if (fdfd != nullptr)
+ {
+ gnutls_transport_set_int(tlsFd->session, fdfd->fd);
+ }
+ else
+ {
+ gnutls_transport_set_ptr(tlsFd->session, Fd.get());
+ gnutls_transport_set_pull_function(tlsFd->session,
+ [](gnutls_transport_ptr_t p, void *buf, size_t size) -> ssize_t {
+ return reinterpret_cast<MethodFd *>(p)->Read(buf, size);
+ });
+ gnutls_transport_set_push_function(tlsFd->session,
+ [](gnutls_transport_ptr_t p, const void *buf, size_t size) -> ssize_t {
+ return reinterpret_cast<MethodFd *>(p)->Write((void *)buf, size);
+ });
+ }
+
gnutls_certificate_allocate_credentials(&tlsFd->credentials);
// Credential setup