SSL in asynchronous proxy

Umesh Bywar Wed, 08 Aug 2007 05:49:30 -0700

Hi:

    I am trying to write a man-in-the-middle proxy as an extension to mozilla. 
This proxy is basically supposed to intercept HTTP/HTTPS requests, parse them 
and forward them to the appropriate server. To decipher HTTPS requests I need 
to do handshake as a server with the client. For this I am using a self-signed 
certificate which is supposed to be used in the handshake. I have done this 
successfully in case of  a synchronous proxy. But this scheme doesn't work for 
an asynchronous proxy. I am doing the following:



//Creating a socket
mServerSocket = do_CreateInstance(NS_SERVERSOCKET_CONTRACTID);

mServerSocket->Init(<SomePortNum>, loopbackOnly,-1);

nsCOMPtr<nsIServerSocketListener> listener = CreateProxyConnectionListener(); 
//ProxyConnectionListener implements nsIServerSocketListener

mServerSocket->AsyncListen(listener);



//In ProxyConnectionListener's OnSocketAccepted, I do the following:

NS_IMETHODIMP OnSocketAccepted(nsIServerSocket *aServ, nsISocketTransport 
*aTransport)

{

nsCOMPtr<nsIInputStream> input;

nsCOMPtr<nsIOutputStream> output;

aTransport->OpenInputStream(0, 0, 0, getter_AddRefs(input));

aTransport->OpenOutputStream(0, 0, 0, getter_AddRefs(output));

nsCOMPtr<nsIStreamListener> shell = CreateConnectionHandler(aTransport, input, 
output); //ConnectionHandler Implemets nsIStreamListener

nsresult rv = NS_NewInputStreamPump(getter_AddRefs(mPump), input, -1, -1, 0, 0, 
PR_FALSE);

rv = mPump->AsyncRead(shell, nsnull);

return NS_OK;

}



//In ConnectionHandler's OnDataAvailable, when I receive the CONNECT request, I 
do the following:

//First I write a 200 response to the client

//Then I upgrade the socket to SSL by calling the following StartSSLServer() 
function

NS_IMETHODIMP StartSSLServer(nsISocketTransport *trans)

{

SSLKEAType certKEA;

PRFileDesc *s1, *s2;

NS_ENSURE_ARG_POINTER(trans);

if (!cert || !privKey)

return NS_ERROR_NOT_INITIALIZED;


nsresult rv = trans->GetFileDescriptor(&s1);

NS_ENSURE_STATE(s1);


s2 = SSL_ImportFD(nsnull, s1);

if (!s2)

return NS_ERROR_UNEXPECTED;

rv = trans->SetFileDescriptor(s2);

if (NS_FAILED(rv))

goto loser;


certKEA = NSS_FindCertKEAType(cert);

if (SECSuccess != SSL_ConfigSecureServer(s2, cert, privKey, certKEA))

goto loser;

if (SECSuccess != SSL_ResetHandshake(s2, PR_TRUE))

goto loser;





return NS_OK;


loser:

return NS_ERROR_FAILURE;

}


    No errors are thrown anywhere but the handshake doesn't happen. Any ideas 
what might be going wrong? Basically, when I call startSSLServer(), the 
handshake should happen. But I guess, something is going wrong.


Best Regards.
Umesh.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

SSL in asynchronous proxy

Reply via email to