Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

https proxy using GNUTLS

Posted on 2010-11-23
6
Medium Priority
?
1,736 Views
Last Modified: 2012-05-10
Hello ,

I am writing a https web proxy in ubuntu and GNU TLS VERSION IS gnutls-2.10.0. I do not know any other web server except google.com. So my program takes the http request as
GET http://www.google.com/ HTTP/1.1
... from a browser and just change the request as GET https://www.google.com/ HTTP/1.1

and I am using GNU TLS to establish the secure channel to google .com (I know google.com supports https).
I using this statement in a while loop
ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
 
The loop executes for a while I am able to see all the html and javascript content received and after receiving the last packet the control is hanged at this statement. In normal http proxy I used jest recv() method last method as MSG_DONTWAIT flag and I am able to come out of loop.

I am using wireshark to see what is happening..But after 30 or so minutes the program terminates saying an error -9 which means "A TLS PACKET OF UNEXPECTED LENGTH RECEIVED".
please help me on this issue....

Thanks a lot in advance



0
Comment
Question by:shragi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 40

Expert Comment

by:noci
ID: 34217144
one question first,
Why are you reimplementing the functionality of stunnel? or openssl used as client connection?

Besides that why not install your own webserver on your own system, you can use apache, lighttpd and other more lightweight do exist too.
Or if you need a proxy there is squid, privoxy, dansguardian.

Maybe some study of those sources can be useful.
0
 

Author Comment

by:shragi
ID: 34232553
I will try to install by web server in my system, Because I am using a certificate and I know valid cert to google.com eventually I need to connect to remote server, so I am trying to do that.

I saw those proxies but most of them are really complicated and I am able to fill in my stuff in just a single file. SO I want to write my own https proxy which is simple and can enhance according to my requirement.

I am trying to implement and find some results on some particular browser.
Thanks
0
 
LVL 40

Expert Comment

by:noci
ID: 34233034
You will at least need openssl f.e.

openssl s_client     (see:  http://linux.die.net/man/1/s_client )

connects to a ssl host and you can pass the commands & receive the anwers.

stunnel does something like that, but offers an ip connection. (see: http://linux.die.net/man/8/stunnel)

Those solutions are the easiest.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:shragi
ID: 34233278
Thank you very much, BUt i am using gnu TLS instead of openssl, which is almost similar.

I am able to connect to ssl server and receive data...the loop looks like this

for(;;)
{
    memset (buffer_new, 0, MAX_BUF + 1);
    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
   temp=send(_browser, buffer_new, ret, 0);
}

After receiving entire content Even If I used gnutls_record_check_pending, I am unable to come out of loop, I used several flags to check .

But in the last iteration the control blocks at    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);

0
 
LVL 40

Accepted Solution

by:
noci earned 1000 total points
ID: 34234465
I would expect that at one moment you received a 0 byte record.
THAT is the moment to stop, it's the end of the stream.
so:

ssize_t ret;
for(ret= -1; ret >0; )
{
    memset (buffer_new, 0, MAX_BUF + 1);
    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
    temp=send(_browser, buffer_new, ret, 0);
}

should stop.., if it doesn't there is something wrong with the sending of data and the server didn't close the circuit...
0
 

Author Comment

by:shragi
ID: 34235148
Thanks a lot, I figured out..need to find the pattern \\r\n0\r\n...thus iam able to come out of the loop.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question