mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
Browse Source

[Project] Drop HTTPS proxies as they are too intrusive to implement 

Issue: #572
tags/1.9.1
Vsevolod Stakhov 5 years ago
parent
6e95f83a94
commit
6292e6da71
4 changed files with 28 additions and 61 deletions
Split View Show Diff Stats
  1. 24
    47
      src/libutil/http_connection.c
  2. 4
    12
      src/libutil/http_context.c
  3. 0
    1
      src/libutil/http_context.h
  4. 0
    1
      src/libutil/http_private.h

+ 24
- 47
src/libutil/http_connection.c View File

@@ -1165,58 +1165,29 @@ rspamd_http_connection_new_client (struct rspamd_http_context *ctx,
{
gint fd;

if (opts & RSPAMD_HTTP_CLIENT_ENCRYPTED) {
if (ctx->https_proxies) {
struct upstream *up = rspamd_upstream_get (ctx->https_proxies,
RSPAMD_UPSTREAM_ROUND_ROBIN, NULL, 0);
if (ctx->http_proxies) {
struct upstream *up = rspamd_upstream_get (ctx->http_proxies,
RSPAMD_UPSTREAM_ROUND_ROBIN, NULL, 0);

if (up) {
rspamd_inet_addr_t *proxy_addr = rspamd_upstream_addr_next (up);
if (up) {
rspamd_inet_addr_t *proxy_addr = rspamd_upstream_addr_next (up);

fd = rspamd_inet_address_connect (proxy_addr, SOCK_STREAM, TRUE);
fd = rspamd_inet_address_connect (proxy_addr, SOCK_STREAM, TRUE);

if (fd == -1) {
msg_info ("cannot connect to https proxy %s: %s",
rspamd_inet_address_to_string (proxy_addr),
strerror (errno));
rspamd_upstream_fail (up, TRUE);

return NULL;
}
if (fd == -1) {
msg_info ("cannot connect to http proxy %s: %s",
rspamd_inet_address_to_string (proxy_addr),
strerror (errno));
rspamd_upstream_fail (up, TRUE);

return rspamd_http_connection_new_common (ctx, fd, body_handler,
error_handler, finish_handler, opts,
RSPAMD_HTTP_CLIENT,
RSPAMD_HTTP_CONN_OWN_SOCKET|RSPAMD_HTTP_CONN_FLAG_PROXY,
up);
return NULL;
}
}
}
else {
if (ctx->http_proxies) {
struct upstream *up = rspamd_upstream_get (ctx->http_proxies,
RSPAMD_UPSTREAM_ROUND_ROBIN, NULL, 0);

if (up) {
rspamd_inet_addr_t *proxy_addr = rspamd_upstream_addr_next (up);

fd = rspamd_inet_address_connect (proxy_addr, SOCK_STREAM, TRUE);

if (fd == -1) {
msg_info ("cannot connect to http proxy %s: %s",
rspamd_inet_address_to_string (proxy_addr),
strerror (errno));
rspamd_upstream_fail (up, TRUE);

return NULL;
}

return rspamd_http_connection_new_common (ctx, fd, body_handler,
error_handler, finish_handler, opts,
RSPAMD_HTTP_CLIENT,
RSPAMD_HTTP_CONN_OWN_SOCKET|RSPAMD_HTTP_CONN_FLAG_PROXY,
up);
}
return rspamd_http_connection_new_common (ctx, fd, body_handler,
error_handler, finish_handler, opts,
RSPAMD_HTTP_CLIENT,
RSPAMD_HTTP_CONN_OWN_SOCKET|RSPAMD_HTTP_CONN_FLAG_PROXY,
up);
}
}

@@ -1878,11 +1849,12 @@ rspamd_http_message_write_header (const gchar* mime_type, gboolean encrypted,
else {
if (conn->priv->flags & RSPAMD_HTTP_CONN_FLAG_PROXY) {
rspamd_printf_fstring (buf,
"%s http://%s:%d/%V HTTP/1.1\r\n"
"%s %s://%s:%d/%V HTTP/1.1\r\n"
"Connection: %s\r\n"
"Host: %s\r\n"
"Content-Length: %z\r\n",
http_method_str (msg->method),
(msg->flags & RSPAMD_HTTP_FLAG_SSL) ? "https" : "http",
host,
msg->port,
msg->url,
@@ -2243,6 +2215,11 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn

priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_RESETED;

if (priv->flags & RSPAMD_HTTP_CONN_FLAG_PROXY) {
/* We need to disable SSL flag! */
msg->flags &=~ RSPAMD_HTTP_FLAG_SSL;
}

if (rspamd_event_pending (&priv->ev, EV_TIMEOUT|EV_WRITE|EV_READ)) {
event_del (&priv->ev);
}

+ 4
- 12
src/libutil/http_context.c View File

@@ -203,11 +203,6 @@ rspamd_http_context_init (struct rspamd_http_context *ctx)
&ctx->http_proxies);
}

if (ctx->config.https_proxy) {
rspamd_http_context_parse_proxy (ctx, ctx->config.https_proxy,
&ctx->https_proxies);
}

default_ctx = ctx;
}

@@ -270,13 +265,6 @@ rspamd_http_context_create (struct rspamd_config *cfg,
if (http_proxy) {
ctx->config.http_proxy = ucl_object_tostring (http_proxy);
}

const ucl_object_t *https_proxy;
https_proxy = ucl_object_lookup (client_obj, "https_proxy");

if (https_proxy) {
ctx->config.https_proxy = ucl_object_tostring (https_proxy);
}
}

server_obj = ucl_object_lookup (http_obj, "server");
@@ -340,6 +328,10 @@ rspamd_http_context_free (struct rspamd_http_context *ctx)

kh_destroy (rspamd_keep_alive_hash, ctx->keep_alive_hash);

if (ctx->http_proxies) {
rspamd_upstreams_destroy (ctx->http_proxies);
}

g_free (ctx);
}


+ 0
- 1
src/libutil/http_context.h View File

@@ -36,7 +36,6 @@ struct rspamd_http_context_cfg {
gdouble client_key_rotate_time;
const gchar *user_agent;
const gchar *http_proxy;
const gchar *https_proxy;
};

/**

+ 0
- 1
src/libutil/http_private.h View File

@@ -98,7 +98,6 @@ struct rspamd_http_context {
struct rspamd_keypair_cache *server_kp_cache;
struct upstream_ctx *ups_ctx;
struct upstream_list *http_proxies;
struct upstream_list *https_proxies;
gpointer ssl_ctx;
gpointer ssl_ctx_noverify;
struct event_base *ev_base;

Write Preview
Loading…
Cancel
Save