1
/* Copyright 2011 Justin Erenkrantz and Greg Stein
3
* Licensed under the Apache License, Version 2.0 (the "License");
4
* you may not use this file except in compliance with the License.
5
* You may obtain a copy of the License at
7
* http://www.apache.org/licenses/LICENSE-2.0
9
* Unless required by applicable law or agreed to in writing, software
10
* distributed under the License is distributed on an "AS IS" BASIS,
11
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
* See the License for the specific language governing permissions and
13
* limitations under the License.
16
/*** Setup a SSL tunnel over a HTTP proxy, according to RFC 2817. ***/
18
#include <apr_pools.h>
19
#include <apr_strings.h>
22
#include "serf_private.h"
25
/* Structure passed around as baton for the CONNECT request and respone. */
31
/* forward declaration. */
32
static apr_status_t setup_request(serf_request_t *request,
34
serf_bucket_t **req_bkt,
35
serf_response_acceptor_t *acceptor,
36
void **acceptor_baton,
37
serf_response_handler_t *handler,
41
static serf_bucket_t* accept_response(serf_request_t *request,
42
serf_bucket_t *stream,
47
serf_bucket_alloc_t *bkt_alloc;
49
req_ctx_t *ctx = acceptor_baton;
52
/* get the per-request bucket allocator */
53
bkt_alloc = serf_request_get_alloc(request);
55
/* Create a barrier so the response doesn't eat us! */
56
c = serf_bucket_barrier_create(stream, bkt_alloc);
58
return serf_bucket_response_create(c, bkt_alloc);
61
/* If a 200 OK was received for the CONNECT request, consider the connection
63
static apr_status_t handle_response(serf_request_t *request,
64
serf_bucket_t *response,
70
req_ctx_t *ctx = handler_baton;
73
serf_connection_request_create(request->conn,
79
status = serf_bucket_response_status(response, &sl);
80
if (SERF_BUCKET_READ_ERROR(status)) {
83
if (!sl.version && (APR_STATUS_IS_EOF(status) ||
84
APR_STATUS_IS_EAGAIN(status)))
89
status = serf_bucket_response_wait_for_headers(response);
90
if (status && !APR_STATUS_IS_EOF(status)) {
94
/* Body is supposed to be empty. */
96
request->conn->state = SERF_CONN_CONNECTED;
98
apr_pool_destroy(ctx->pool);
99
serf_bucket_destroy(request->conn->ssltunnel_ostream);
100
request->conn->stream = NULL;
106
/* Authentication failure and 200 Ok are handled at this point,
107
the rest are errors. */
108
return APR_EGENERAL; /* TODO: better error code */
111
/* Prepare the CONNECT request. */
112
static apr_status_t setup_request(serf_request_t *request,
114
serf_bucket_t **req_bkt,
115
serf_response_acceptor_t *acceptor,
116
void **acceptor_baton,
117
serf_response_handler_t *handler,
118
void **handler_baton,
121
req_ctx_t *ctx = setup_baton;
124
serf_request_bucket_request_create(request,
127
serf_request_get_alloc(request));
128
*acceptor = accept_response;
129
*acceptor_baton = ctx;
130
*handler = handle_response;
131
*handler_baton = ctx;
136
static apr_status_t detect_eof(void *baton, serf_bucket_t *aggregate_bucket)
138
serf_connection_t *conn = baton;
143
/* SSL tunnel is needed, push a CONNECT request on the connection. */
144
apr_status_t serf__ssltunnel_connect(serf_connection_t *conn)
147
apr_pool_t *ssltunnel_pool;
149
apr_pool_create(&ssltunnel_pool, conn->pool);
151
ctx = apr_palloc(ssltunnel_pool, sizeof(*ctx));
152
ctx->pool = ssltunnel_pool;
153
ctx->uri = apr_psprintf(ctx->pool, "%s:%d", conn->host_info.hostinfo,
154
conn->host_info.port);
156
conn->ssltunnel_ostream = serf__bucket_stream_create(conn->allocator,
160
/* TODO: should be the first request on the connection. */
161
serf_connection_priority_request_create(conn,
165
conn->state = SERF_CONN_SETUP_SSLTUNNEL;