Solved

https proxy using GNUTLS

Posted on 2010-11-23
6
1,626 Views
Last Modified: 2012-05-10
Hello ,

I am writing a https web proxy in ubuntu and GNU TLS VERSION IS gnutls-2.10.0. I do not know any other web server except google.com. So my program takes the http request as
GET http://www.google.com/ HTTP/1.1
... from a browser and just change the request as GET https://www.google.com/ HTTP/1.1

and I am using GNU TLS to establish the secure channel to google .com (I know google.com supports https).
I using this statement in a while loop
ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
 
The loop executes for a while I am able to see all the html and javascript content received and after receiving the last packet the control is hanged at this statement. In normal http proxy I used jest recv() method last method as MSG_DONTWAIT flag and I am able to come out of loop.

I am using wireshark to see what is happening..But after 30 or so minutes the program terminates saying an error -9 which means "A TLS PACKET OF UNEXPECTED LENGTH RECEIVED".
please help me on this issue....

Thanks a lot in advance



0
Comment
Question by:shragi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 40

Expert Comment

by:noci
ID: 34217144
one question first,
Why are you reimplementing the functionality of stunnel? or openssl used as client connection?

Besides that why not install your own webserver on your own system, you can use apache, lighttpd and other more lightweight do exist too.
Or if you need a proxy there is squid, privoxy, dansguardian.

Maybe some study of those sources can be useful.
0
 

Author Comment

by:shragi
ID: 34232553
I will try to install by web server in my system, Because I am using a certificate and I know valid cert to google.com eventually I need to connect to remote server, so I am trying to do that.

I saw those proxies but most of them are really complicated and I am able to fill in my stuff in just a single file. SO I want to write my own https proxy which is simple and can enhance according to my requirement.

I am trying to implement and find some results on some particular browser.
Thanks
0
 
LVL 40

Expert Comment

by:noci
ID: 34233034
You will at least need openssl f.e.

openssl s_client     (see:  http://linux.die.net/man/1/s_client )

connects to a ssl host and you can pass the commands & receive the anwers.

stunnel does something like that, but offers an ip connection. (see: http://linux.die.net/man/8/stunnel)

Those solutions are the easiest.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:shragi
ID: 34233278
Thank you very much, BUt i am using gnu TLS instead of openssl, which is almost similar.

I am able to connect to ssl server and receive data...the loop looks like this

for(;;)
{
    memset (buffer_new, 0, MAX_BUF + 1);
    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
   temp=send(_browser, buffer_new, ret, 0);
}

After receiving entire content Even If I used gnutls_record_check_pending, I am unable to come out of loop, I used several flags to check .

But in the last iteration the control blocks at    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);

0
 
LVL 40

Accepted Solution

by:
noci earned 250 total points
ID: 34234465
I would expect that at one moment you received a 0 byte record.
THAT is the moment to stop, it's the end of the stream.
so:

ssize_t ret;
for(ret= -1; ret >0; )
{
    memset (buffer_new, 0, MAX_BUF + 1);
    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
    temp=send(_browser, buffer_new, ret, 0);
}

should stop.., if it doesn't there is something wrong with the sending of data and the server didn't close the circuit...
0
 

Author Comment

by:shragi
ID: 34235148
Thanks a lot, I figured out..need to find the pattern \\r\n0\r\n...thus iam able to come out of the loop.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question