Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement CONNECT pass-through for HTTPS proxy
* When using a proxy, HTTPS connexion must still go directly to the target website. The proxy can then act as a TCP stream relay and just transmit the raw SSL stream between the client and website. * For this, we ask the proxy sending an HTTP request with the CONNECT method. If the proxy supports this, we can then send anything as the payload and it will be forwarded. * Untested, as the network here in Dusseldorf doesn't let me use a proxy. ticket : #10973
- Loading branch information
1 parent
9593558
commit c614961
Showing
7 changed files
with
232 additions
and
58 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
/* | ||
* Copyright 2015, Haiku, Inc. All Rights Reserved. | ||
* Distributed under the terms of the MIT License. | ||
*/ | ||
#ifndef _PROXY_SECURE_SOCKET_H | ||
#define _PROXY_SECURE_SOCKET_H | ||
|
||
|
||
#include <SecureSocket.h> | ||
|
||
|
||
class BProxySecureSocket : public BSecureSocket { | ||
public: | ||
BProxySecureSocket(const BNetworkAddress& proxy); | ||
BProxySecureSocket(const BNetworkAddress& proxy, | ||
const BNetworkAddress& peer, | ||
bigtime_t timeout = B_INFINITE_TIMEOUT); | ||
BProxySecureSocket(const BProxySecureSocket& other); | ||
virtual ~BProxySecureSocket(); | ||
|
||
// BSocket implementation | ||
|
||
virtual status_t Connect(const BNetworkAddress& peer, | ||
bigtime_t timeout = B_INFINITE_TIMEOUT); | ||
|
||
private: | ||
const BNetworkAddress fProxyAddress; | ||
}; | ||
|
||
|
||
#endif // _PROXY_SECURE_SOCKET_H | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
/* | ||
* Copyright 2015 Haiku, Inc. | ||
* Distributed under the terms of the MIT License. | ||
*/ | ||
|
||
|
||
#include <ProxySecureSocket.h> | ||
|
||
#include <stdio.h> | ||
|
||
|
||
BProxySecureSocket::BProxySecureSocket(const BNetworkAddress& proxy) | ||
: | ||
BSecureSocket(), | ||
fProxyAddress(proxy) | ||
{ | ||
} | ||
|
||
|
||
BProxySecureSocket::BProxySecureSocket(const BNetworkAddress& proxy, const BNetworkAddress& peer, | ||
bigtime_t timeout) | ||
: | ||
BSecureSocket(), | ||
fProxyAddress(proxy) | ||
{ | ||
Connect(peer, timeout); | ||
} | ||
|
||
|
||
BProxySecureSocket::BProxySecureSocket(const BProxySecureSocket& other) | ||
: | ||
BSecureSocket(other), | ||
fProxyAddress(other.fProxyAddress) | ||
{ | ||
} | ||
|
||
|
||
BProxySecureSocket::~BProxySecureSocket() | ||
{ | ||
} | ||
|
||
|
||
status_t | ||
BProxySecureSocket::Connect(const BNetworkAddress& peer, bigtime_t timeout) | ||
{ | ||
status_t status = InitCheck(); | ||
if (status != B_OK) | ||
return status; | ||
|
||
BSocket::Connect(fProxyAddress, timeout); | ||
if (status != B_OK) | ||
return status; | ||
|
||
BString connectRequest; | ||
connectRequest.SetToFormat("CONNECT %s:%d HTTP/1.0\r\n\r\n", | ||
peer.HostName().String(), peer.Port()); | ||
BSocket::Write(connectRequest.String(), connectRequest.Length()); | ||
|
||
char buffer[256]; | ||
ssize_t length = BSocket::Read(buffer, sizeof(buffer) - 1); | ||
if (length <= 0) | ||
return length; | ||
|
||
buffer[length] = '\0'; | ||
int httpStatus = 0; | ||
int matches = scanf(buffer, "HTTP/1.0 %d %*[^\r\n]\r\n\r\n", httpStatus); | ||
if (matches != 2) | ||
return B_BAD_DATA; | ||
|
||
if (httpStatus < 200 || httpStatus > 299) | ||
return B_BAD_VALUE; | ||
|
||
return _Setup(); | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters