From 6292e6da71860030d5336c0f751c335bfa5c14a7 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Mon, 18 Mar 2019 16:17:16 +0000 Subject: [PATCH] [Project] Drop HTTPS proxies as they are too intrusive to implement Issue: #572 --- src/libutil/http_connection.c | 71 ++++++++++++----------------------- src/libutil/http_context.c | 16 ++------ src/libutil/http_context.h | 1 - src/libutil/http_private.h | 1 - 4 files changed, 28 insertions(+), 61 deletions(-) diff --git a/src/libutil/http_connection.c b/src/libutil/http_connection.c index ea664f20d..72cc1d239 100644 --- a/src/libutil/http_connection.c +++ b/src/libutil/http_connection.c @@ -1165,58 +1165,29 @@ rspamd_http_connection_new_client (struct rspamd_http_context *ctx, { gint fd; - if (opts & RSPAMD_HTTP_CLIENT_ENCRYPTED) { - if (ctx->https_proxies) { - struct upstream *up = rspamd_upstream_get (ctx->https_proxies, - RSPAMD_UPSTREAM_ROUND_ROBIN, NULL, 0); + if (ctx->http_proxies) { + struct upstream *up = rspamd_upstream_get (ctx->http_proxies, + RSPAMD_UPSTREAM_ROUND_ROBIN, NULL, 0); - if (up) { - rspamd_inet_addr_t *proxy_addr = rspamd_upstream_addr_next (up); + if (up) { + rspamd_inet_addr_t *proxy_addr = rspamd_upstream_addr_next (up); - fd = rspamd_inet_address_connect (proxy_addr, SOCK_STREAM, TRUE); + fd = rspamd_inet_address_connect (proxy_addr, SOCK_STREAM, TRUE); - if (fd == -1) { - msg_info ("cannot connect to https proxy %s: %s", - rspamd_inet_address_to_string (proxy_addr), - strerror (errno)); - rspamd_upstream_fail (up, TRUE); - - return NULL; - } + if (fd == -1) { + msg_info ("cannot connect to http proxy %s: %s", + rspamd_inet_address_to_string (proxy_addr), + strerror (errno)); + rspamd_upstream_fail (up, TRUE); - return rspamd_http_connection_new_common (ctx, fd, body_handler, - error_handler, finish_handler, opts, - RSPAMD_HTTP_CLIENT, - RSPAMD_HTTP_CONN_OWN_SOCKET|RSPAMD_HTTP_CONN_FLAG_PROXY, - up); + return NULL; } - } - } - else { - if (ctx->http_proxies) { - struct upstream *up = rspamd_upstream_get (ctx->http_proxies, - RSPAMD_UPSTREAM_ROUND_ROBIN, NULL, 0); - - if (up) { - rspamd_inet_addr_t *proxy_addr = rspamd_upstream_addr_next (up); - fd = rspamd_inet_address_connect (proxy_addr, SOCK_STREAM, TRUE); - - if (fd == -1) { - msg_info ("cannot connect to http proxy %s: %s", - rspamd_inet_address_to_string (proxy_addr), - strerror (errno)); - rspamd_upstream_fail (up, TRUE); - - return NULL; - } - - return rspamd_http_connection_new_common (ctx, fd, body_handler, - error_handler, finish_handler, opts, - RSPAMD_HTTP_CLIENT, - RSPAMD_HTTP_CONN_OWN_SOCKET|RSPAMD_HTTP_CONN_FLAG_PROXY, - up); - } + return rspamd_http_connection_new_common (ctx, fd, body_handler, + error_handler, finish_handler, opts, + RSPAMD_HTTP_CLIENT, + RSPAMD_HTTP_CONN_OWN_SOCKET|RSPAMD_HTTP_CONN_FLAG_PROXY, + up); } } @@ -1878,11 +1849,12 @@ rspamd_http_message_write_header (const gchar* mime_type, gboolean encrypted, else { if (conn->priv->flags & RSPAMD_HTTP_CONN_FLAG_PROXY) { rspamd_printf_fstring (buf, - "%s http://%s:%d/%V HTTP/1.1\r\n" + "%s %s://%s:%d/%V HTTP/1.1\r\n" "Connection: %s\r\n" "Host: %s\r\n" "Content-Length: %z\r\n", http_method_str (msg->method), + (msg->flags & RSPAMD_HTTP_FLAG_SSL) ? "https" : "http", host, msg->port, msg->url, @@ -2243,6 +2215,11 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_RESETED; + if (priv->flags & RSPAMD_HTTP_CONN_FLAG_PROXY) { + /* We need to disable SSL flag! */ + msg->flags &=~ RSPAMD_HTTP_FLAG_SSL; + } + if (rspamd_event_pending (&priv->ev, EV_TIMEOUT|EV_WRITE|EV_READ)) { event_del (&priv->ev); } diff --git a/src/libutil/http_context.c b/src/libutil/http_context.c index 18c89c6bc..b3a308891 100644 --- a/src/libutil/http_context.c +++ b/src/libutil/http_context.c @@ -203,11 +203,6 @@ rspamd_http_context_init (struct rspamd_http_context *ctx) &ctx->http_proxies); } - if (ctx->config.https_proxy) { - rspamd_http_context_parse_proxy (ctx, ctx->config.https_proxy, - &ctx->https_proxies); - } - default_ctx = ctx; } @@ -270,13 +265,6 @@ rspamd_http_context_create (struct rspamd_config *cfg, if (http_proxy) { ctx->config.http_proxy = ucl_object_tostring (http_proxy); } - - const ucl_object_t *https_proxy; - https_proxy = ucl_object_lookup (client_obj, "https_proxy"); - - if (https_proxy) { - ctx->config.https_proxy = ucl_object_tostring (https_proxy); - } } server_obj = ucl_object_lookup (http_obj, "server"); @@ -340,6 +328,10 @@ rspamd_http_context_free (struct rspamd_http_context *ctx) kh_destroy (rspamd_keep_alive_hash, ctx->keep_alive_hash); + if (ctx->http_proxies) { + rspamd_upstreams_destroy (ctx->http_proxies); + } + g_free (ctx); } diff --git a/src/libutil/http_context.h b/src/libutil/http_context.h index 6abd66651..4cf07fb48 100644 --- a/src/libutil/http_context.h +++ b/src/libutil/http_context.h @@ -36,7 +36,6 @@ struct rspamd_http_context_cfg { gdouble client_key_rotate_time; const gchar *user_agent; const gchar *http_proxy; - const gchar *https_proxy; }; /** diff --git a/src/libutil/http_private.h b/src/libutil/http_private.h index fbc4c17e3..368715891 100644 --- a/src/libutil/http_private.h +++ b/src/libutil/http_private.h @@ -98,7 +98,6 @@ struct rspamd_http_context { struct rspamd_keypair_cache *server_kp_cache; struct upstream_ctx *ups_ctx; struct upstream_list *http_proxies; - struct upstream_list *https_proxies; gpointer ssl_ctx; gpointer ssl_ctx_noverify; struct event_base *ev_base; -- 2.39.5