1 /* Copyright 2011 Justin Erenkrantz and Greg Stein
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 /*** Setup a SSL tunnel over a HTTP proxy, according to RFC 2817. ***/
18 #include <apr_pools.h>
19 #include <apr_strings.h>
22 #include "serf_private.h"
25 /* Structure passed around as baton for the CONNECT request and respone. */
31 /* forward declaration. */
32 static apr_status_t setup_request(serf_request_t *request,
34 serf_bucket_t **req_bkt,
35 serf_response_acceptor_t *acceptor,
36 void **acceptor_baton,
37 serf_response_handler_t *handler,
41 static serf_bucket_t* accept_response(serf_request_t *request,
42 serf_bucket_t *stream,
47 serf_bucket_alloc_t *bkt_alloc;
49 req_ctx_t *ctx = acceptor_baton;
52 /* get the per-request bucket allocator */
53 bkt_alloc = serf_request_get_alloc(request);
55 /* Create a barrier so the response doesn't eat us! */
56 c = serf_bucket_barrier_create(stream, bkt_alloc);
58 return serf_bucket_response_create(c, bkt_alloc);
61 /* If a 200 OK was received for the CONNECT request, consider the connection
63 static apr_status_t handle_response(serf_request_t *request,
64 serf_bucket_t *response,
70 req_ctx_t *ctx = handler_baton;
73 serf_connection_request_create(request->conn,
79 status = serf_bucket_response_status(response, &sl);
80 if (SERF_BUCKET_READ_ERROR(status)) {
83 if (!sl.version && (APR_STATUS_IS_EOF(status) ||
84 APR_STATUS_IS_EAGAIN(status)))
89 status = serf_bucket_response_wait_for_headers(response);
90 if (status && !APR_STATUS_IS_EOF(status)) {
94 /* RFC 2817: Any successful (2xx) response to a CONNECT request indicates
95 that the proxy has established a connection to the requested host and
96 port, and has switched to tunneling the current connection to that server
99 if (sl.code >= 200 && sl.code < 300) {
100 request->conn->state = SERF_CONN_CONNECTED;
102 /* Body is supposed to be empty. */
103 apr_pool_destroy(ctx->pool);
104 serf_bucket_destroy(request->conn->ssltunnel_ostream);
105 request->conn->stream = NULL;
108 serf__log(CONN_VERBOSE, __FILE__,
109 "successfully set up ssl tunnel on connection 0x%x\n",
115 /* Authentication failure and 2xx Ok are handled at this point,
116 the rest are errors. */
117 return SERF_ERROR_SSLTUNNEL_SETUP_FAILED;
120 /* Prepare the CONNECT request. */
121 static apr_status_t setup_request(serf_request_t *request,
123 serf_bucket_t **req_bkt,
124 serf_response_acceptor_t *acceptor,
125 void **acceptor_baton,
126 serf_response_handler_t *handler,
127 void **handler_baton,
130 req_ctx_t *ctx = setup_baton;
133 serf_request_bucket_request_create(request,
136 serf_request_get_alloc(request));
137 *acceptor = accept_response;
138 *acceptor_baton = ctx;
139 *handler = handle_response;
140 *handler_baton = ctx;
145 static apr_status_t detect_eof(void *baton, serf_bucket_t *aggregate_bucket)
147 serf_connection_t *conn = baton;
152 /* SSL tunnel is needed, push a CONNECT request on the connection. */
153 apr_status_t serf__ssltunnel_connect(serf_connection_t *conn)
156 apr_pool_t *ssltunnel_pool;
158 apr_pool_create(&ssltunnel_pool, conn->pool);
160 ctx = apr_palloc(ssltunnel_pool, sizeof(*ctx));
161 ctx->pool = ssltunnel_pool;
162 ctx->uri = apr_psprintf(ctx->pool, "%s:%d", conn->host_info.hostname,
163 conn->host_info.port);
165 conn->ssltunnel_ostream = serf__bucket_stream_create(conn->allocator,
169 serf__ssltunnel_request_create(conn,
173 conn->state = SERF_CONN_SETUP_SSLTUNNEL;
174 serf__log(CONN_VERBOSE, __FILE__,
175 "setting up ssl tunnel on connection 0x%x\n", conn);