From 4b1d19fe5619ef46c952ca84531759a981741482 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Fri, 30 Jun 2017 13:51:32 +0200
Subject: Allow running the TLS stack on any lower connection

This is especially needed if we use an HTTPS proxy to CONNECT
to an HTTPS URI, as we run TLS-inside-TLS then.
---
 methods/connect.cc | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'methods')

diff --git a/methods/connect.cc b/methods/connect.cc
index fd37d19f7..f58a67db3 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -656,7 +656,25 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd,
    tlsFd->UnderlyingFd = MethodFd::FromFd(-1); // For now
 
    gnutls_init(&tlsFd->session, GNUTLS_CLIENT | GNUTLS_NONBLOCK);
-   gnutls_transport_set_int(tlsFd->session, dynamic_cast<FdFd *>(Fd.get())->fd);
+
+   FdFd *fdfd = dynamic_cast<FdFd *>(Fd.get());
+   if (fdfd != nullptr)
+   {
+      gnutls_transport_set_int(tlsFd->session, fdfd->fd);
+   }
+   else
+   {
+      gnutls_transport_set_ptr(tlsFd->session, Fd.get());
+      gnutls_transport_set_pull_function(tlsFd->session,
+					 [](gnutls_transport_ptr_t p, void *buf, size_t size) -> ssize_t {
+					    return reinterpret_cast<MethodFd *>(p)->Read(buf, size);
+					 });
+      gnutls_transport_set_push_function(tlsFd->session,
+					 [](gnutls_transport_ptr_t p, const void *buf, size_t size) -> ssize_t {
+					    return reinterpret_cast<MethodFd *>(p)->Write((void *)buf, size);
+					 });
+   }
+
    gnutls_certificate_allocate_credentials(&tlsFd->credentials);
 
    // Credential setup
-- 
cgit v1.2.3