summaryrefslogtreecommitdiff
path: root/methods/connect.cc
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2017-06-30 13:51:32 +0200
committerJulian Andres Klode <jak@debian.org>2017-06-30 14:57:54 +0200
commit4b1d19fe5619ef46c952ca84531759a981741482 (patch)
tree81bf3d79c74ee31496e804aff218acb189dc2131 /methods/connect.cc
parentd3a70c3e5ae68a0e5a3d4667dd1d0fc0887e6263 (diff)
Allow running the TLS stack on any lower connection
This is especially needed if we use an HTTPS proxy to CONNECT to an HTTPS URI, as we run TLS-inside-TLS then.
Diffstat (limited to 'methods/connect.cc')
-rw-r--r--methods/connect.cc20
1 files changed, 19 insertions, 1 deletions
diff --git a/methods/connect.cc b/methods/connect.cc
index fd37d19f7..f58a67db3 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -656,7 +656,25 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd,
tlsFd->UnderlyingFd = MethodFd::FromFd(-1); // For now
gnutls_init(&tlsFd->session, GNUTLS_CLIENT | GNUTLS_NONBLOCK);
- gnutls_transport_set_int(tlsFd->session, dynamic_cast<FdFd *>(Fd.get())->fd);
+
+ FdFd *fdfd = dynamic_cast<FdFd *>(Fd.get());
+ if (fdfd != nullptr)
+ {
+ gnutls_transport_set_int(tlsFd->session, fdfd->fd);
+ }
+ else
+ {
+ gnutls_transport_set_ptr(tlsFd->session, Fd.get());
+ gnutls_transport_set_pull_function(tlsFd->session,
+ [](gnutls_transport_ptr_t p, void *buf, size_t size) -> ssize_t {
+ return reinterpret_cast<MethodFd *>(p)->Read(buf, size);
+ });
+ gnutls_transport_set_push_function(tlsFd->session,
+ [](gnutls_transport_ptr_t p, const void *buf, size_t size) -> ssize_t {
+ return reinterpret_cast<MethodFd *>(p)->Write((void *)buf, size);
+ });
+ }
+
gnutls_certificate_allocate_credentials(&tlsFd->credentials);
// Credential setup