https proxy using GNUTLS

Posted on 2010-11-23
Last Modified: 2012-05-10
Hello ,

I am writing a https web proxy in ubuntu and GNU TLS VERSION IS gnutls-2.10.0. I do not know any other web server except So my program takes the http request as
... from a browser and just change the request as GET HTTP/1.1

and I am using GNU TLS to establish the secure channel to google .com (I know supports https).
I using this statement in a while loop
ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
The loop executes for a while I am able to see all the html and javascript content received and after receiving the last packet the control is hanged at this statement. In normal http proxy I used jest recv() method last method as MSG_DONTWAIT flag and I am able to come out of loop.

I am using wireshark to see what is happening..But after 30 or so minutes the program terminates saying an error -9 which means "A TLS PACKET OF UNEXPECTED LENGTH RECEIVED".
please help me on this issue....

Thanks a lot in advance

Question by:shragi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 40

Expert Comment

ID: 34217144
one question first,
Why are you reimplementing the functionality of stunnel? or openssl used as client connection?

Besides that why not install your own webserver on your own system, you can use apache, lighttpd and other more lightweight do exist too.
Or if you need a proxy there is squid, privoxy, dansguardian.

Maybe some study of those sources can be useful.

Author Comment

ID: 34232553
I will try to install by web server in my system, Because I am using a certificate and I know valid cert to eventually I need to connect to remote server, so I am trying to do that.

I saw those proxies but most of them are really complicated and I am able to fill in my stuff in just a single file. SO I want to write my own https proxy which is simple and can enhance according to my requirement.

I am trying to implement and find some results on some particular browser.
LVL 40

Expert Comment

ID: 34233034
You will at least need openssl f.e.

openssl s_client     (see: )

connects to a ssl host and you can pass the commands & receive the anwers.

stunnel does something like that, but offers an ip connection. (see:

Those solutions are the easiest.
Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.


Author Comment

ID: 34233278
Thank you very much, BUt i am using gnu TLS instead of openssl, which is almost similar.

I am able to connect to ssl server and receive data...the loop looks like this

    memset (buffer_new, 0, MAX_BUF + 1);
    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
   temp=send(_browser, buffer_new, ret, 0);

After receiving entire content Even If I used gnutls_record_check_pending, I am unable to come out of loop, I used several flags to check .

But in the last iteration the control blocks at    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);

LVL 40

Accepted Solution

noci earned 250 total points
ID: 34234465
I would expect that at one moment you received a 0 byte record.
THAT is the moment to stop, it's the end of the stream.

ssize_t ret;
for(ret= -1; ret >0; )
    memset (buffer_new, 0, MAX_BUF + 1);
    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
    temp=send(_browser, buffer_new, ret, 0);

should stop.., if it doesn't there is something wrong with the sending of data and the server didn't close the circuit...

Author Comment

ID: 34235148
Thanks a lot, I figured out..need to find the pattern \\r\n0\r\n...thus iam able to come out of the loop.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question