lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV SSL, Lynx & US Law

From: Tom Zerucha
Subject: Re: LYNX-DEV SSL, Lynx & US Law
Date: Wed, 11 Dec 1996 12:48:49 -0500 (EST) 
On Wed, 11 Dec 1996, Nelson Henry Eric wrote:

> > pace Messrs Bonomi, Richardson & Zerucha -- who offer nothing concrete --
>                                    ^^^^^^^
> I've been known on occasion to misinterpret what others say, :), so I'll
> do my best to keep this `below the boiling point'.  I would argue that
> Mr. Zerucha is the ONLY one besides Mr. Macrides who has offered ANYTHING
> concrete.  In fact, a recent post from Mr. Zerucha says it all: [you want
> SSL?] write your own hooks or proxy.  I would just add, if you can't *hack*
> it, then lump it.

Not everyone is an experienced programmer, or has the time to research how
to do proxies.  This isn't concrete, merely the cement.  It needs one more
ingredient :).

What follows is a plain http proxy.  Compiling it and doing an export
http_proxy="http://localhost:5000/"; will force all http requests to go
through it.  It also has some support for nntp, but that isn't really in
lynx.  The idea is that lynx connects with an expanded URL ("GET
/http://final.dest.com/path ..."), and the proxy makes the actual
connection (i.e. it might sit on a firewall), and sends an edited "GET
/path ..."), then simply passes packets across.

Some of the parsing is subtle, so the following sample is 95% of what you
need to write any other lynx style proxy.

US/Canadian users who have my other source can see the differences between
this and the SSL enabling version are minor.  Get the SSLeay programmers
information, alter every occurance of http/nntp to https/snews (and the
string length which is now 7 instead of 8), add the include and
initialization functions (look at the simple client examples included in
SSLeay), and add the calls to encapsulate the rnet socket in ssl, and to
free any structures when the connection is over.

If you are outside the US, have SSLeay, and a few minutes to hours, give
it a try.  I can't export code with hooks, but I can give programming
suggestions.  It is also perfectly legal for me to IMPORT examples, so if
someone comes up with something, I can download it and make comments.

Between this, and an earlier message, someone should have something
working soon.  My more complex proxies mostly involve authentication
(certificate verification), which is exportable, but may still require
some legal navigation.

address@hidden
finger address@hidden for PGP key

USING NO HOOKS...

/* lxp.c: a program to proxy http for Lynx */
/* remember to setenv http_proxy=http://127.0.0.1:5000/ */
/* gcc -O6  lxp.c -s -o lxp */
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <resolv.h>
#include <time.h>

#define XBUFSIZ 4096

int                 main(int argc, char *argv[])
{
  int                 n, flag;
  int                 lstn, acpt = -1, rnet = -1;
  fd_set              fds;
  struct sockaddr_in  sin, rsin;
  struct hostent     *host;
  char               *cp, *pp;
  char                dns[128];
  char                xbuf[XBUFSIZ];

  memset((char *) &sin, 0, sizeof(sin));
  sin.sin_family = AF_INET;
  rsin = sin;
  sin.sin_port = htons(5000);
  lstn = socket(AF_INET, SOCK_STREAM, 0);
  if( bind(lstn, (struct sockaddr *) &sin, sizeof(sin)) < 0 ) exit(-1);
  listen(lstn, 3);
  for (;;) {
    close(acpt);
    close(rnet);
    FD_ZERO(&fds);
    FD_SET(lstn, &fds);
    select(lstn + 1, &fds, NULL, NULL, NULL);
    n = sizeof(sin);
    acpt = accept(lstn, (struct sockaddr *) &sin, &n);
    flag = 0;
    do {        /* get entire http header */
      if ((n = read(acpt, &xbuf[flag], XBUFSIZ - flag)) < 0)
        break;
      flag += n;
      xbuf[flag] = 0;
    } while (!strstr(xbuf, "\r\n\r\n"));
    if (n < 0)
      continue;
    cp = strchr(xbuf, ' ');     /* point at url */
    if (!strncmp(++cp, "http://";, 7))
      rsin.sin_port = htons(80);
    else if (!strncmp(cp, "nntp://";, 7))
      rsin.sin_port = htons(119);
    else
      continue;
    cp += 7;
    if ((pp = strchr(cp, '/')) || (pp = strchr(cp, ' '))
        || (pp = strchr(cp, '\r')))
      *pp++ = 0;        /* isolate hostname */
    strncpy(dns, cp, 125);
    if ((cp = strchr(dns, ':')))
      *cp++ = 0,
        rsin.sin_port = htons(atoi(cp));
    n = inet_addr(dns);
    if (n != -1)
      memcpy(&rsin.sin_addr, &n, sizeof(n));
    else if ((host = gethostbyname(dns)) != NULL)
      memcpy(&rsin.sin_addr, host->h_addr, host->h_length);
    else
      continue;
    rnet = socket(AF_INET, SOCK_STREAM, 0);
    if ((n = connect(rnet, (struct sockaddr *) &(rsin), sizeof(sin))) < 0)
      continue;
    if( (cp = strstr(xbuf, "http://";) )) {
      *cp++ = '/'; /* for lynx proxy http, forward edited header */
      strcpy(cp, pp);   /* delete http://x.y.z:p/ */
      write(rnet, xbuf, strlen(xbuf));
    }
    do {
      FD_ZERO(&fds);
      FD_SET(rnet, &fds);
      FD_SET(acpt, &fds);
      select(1 + (rnet > acpt ? rnet : acpt), &fds, NULL, NULL, NULL);
      if (FD_ISSET(rnet, &fds) && (n = read(rnet, xbuf, XBUFSIZ)) > 0)
          write(acpt, xbuf, n);
      if (FD_ISSET(acpt, &fds) && (n = read(acpt, xbuf, XBUFSIZ)) > 0)
          write(rnet, xbuf, n);
    } while( n > 0 );
  }
}

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]