Fabian Keil [Wed, 26 Feb 2020 09:07:05 +0000 (10:07 +0100)]
Only use certificate_mutex and rng_mutex when needed
Previously they were defined and initialized unconditionally.
Sponsored by: Robert Klemme
Fabian Keil [Wed, 26 Feb 2020 09:02:11 +0000 (10:02 +0100)]
Use a single mutex for the certificate generation
It is fast enough so there is no need to complicate
things with up to 65536 different mutexes.
Sponsored by: Robert Klemme
Fabian Keil [Wed, 26 Feb 2020 08:49:03 +0000 (09:49 +0100)]
Turn lack of md5 support in mbedTLS into a compile error
Previously the TLS code simply wouldn't work properly.
Sponsored by: Robert Klemme
Fabian Keil [Wed, 26 Feb 2020 08:07:57 +0000 (09:07 +0100)]
Remove #95 which is obsolete now that we support proper https inspection
Fabian Keil [Tue, 25 Feb 2020 21:18:37 +0000 (22:18 +0100)]
Rebuild config file
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 21:13:48 +0000 (22:13 +0100)]
Rebuild docs
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 21:07:41 +0000 (22:07 +0100)]
Rename +enable-https-filtering to +https-inspection
... which is more precise.
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 20:51:59 +0000 (21:51 +0100)]
Rename FEATURE_HTTPS_FILTERING to FEATURE_HTTPS_INSPECTION
... which is more precise.
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 19:45:19 +0000 (20:45 +0100)]
Note that enable-https-filtering{} has to be enabled based on the CONNECT request
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 17:17:47 +0000 (18:17 +0100)]
process_encrypted_request(): Log applied actions when requested
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 17:11:47 +0000 (18:11 +0100)]
process_encrypted_request(): Don't call init_current_action() when toggled off
By the time the function is called the actions are already
initialized.
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 16:54:34 +0000 (17:54 +0100)]
get_url_actions(): Don't initialize actions when called the second time
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 15:34:41 +0000 (16:34 +0100)]
Fix location of curly brace and normalize white space
Fabian Keil [Tue, 25 Feb 2020 15:27:09 +0000 (16:27 +0100)]
Bump copyright
Fabian Keil [Tue, 25 Feb 2020 12:37:22 +0000 (13:37 +0100)]
Deal with invalid certificates in case of forwarded requests
... by sending the details of the verification failure
and the certificates.
Sponsored by: Robert Klemme
Fabian Keil [Sun, 23 Feb 2020 12:00:04 +0000 (13:00 +0100)]
create_server_ssl_connection(): If the certificate is invalid, log the details
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 12:35:37 +0000 (13:35 +0100)]
Remove obsolete comment
Fabian Keil [Tue, 25 Feb 2020 12:23:32 +0000 (13:23 +0100)]
free_server_ssl_structures(): Mark the correct socket as invalid
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 12:20:54 +0000 (13:20 +0100)]
Add a missing 'the' to a log message
Fabian Keil [Mon, 24 Feb 2020 12:12:39 +0000 (13:12 +0100)]
Add receive_and_send_encrypted_post_data()
... to deal with POST data that isn't read together
with the request headers.
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 11:52:39 +0000 (12:52 +0100)]
ssl_send_data(): Log the data before writing
Sponsored by: Robert Klemme
Fabian Keil [Tue, 25 Feb 2020 11:50:48 +0000 (12:50 +0100)]
ssl_recv_data(): Log the received data
Sponsored by: Robert Klemme
Fabian Keil [Sun, 23 Feb 2020 11:13:40 +0000 (12:13 +0100)]
Fix a comment typo
Fabian Keil [Sun, 23 Feb 2020 11:07:26 +0000 (12:07 +0100)]
Fix a comment typo
Fabian Keil [Sat, 22 Feb 2020 22:19:02 +0000 (23:19 +0100)]
Reduce spaces
Fabian Keil [Sat, 22 Feb 2020 21:56:32 +0000 (22:56 +0100)]
Fix a comment typo
Fabian Keil [Sat, 22 Feb 2020 21:50:27 +0000 (22:50 +0100)]
Improve a comment
Fabian Keil [Sat, 22 Feb 2020 21:49:01 +0000 (22:49 +0100)]
Bump copyright
Fabian Keil [Sat, 22 Feb 2020 21:02:16 +0000 (22:02 +0100)]
ssl_send_data(): Consistently return -1 in case of errors
... instead of passing on the MBEDTLS_ERR_* value which
the caller doesn't need to know.
Sponsored by: Robert Klemme
Fabian Keil [Sat, 22 Feb 2020 19:53:48 +0000 (20:53 +0100)]
ssl_recv_data(): Properly handle MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
Previously ssl_recv_data() would pass it to the caller
which would treat it as an error.
Sponsored by: Robert Klemme
Fabian Keil [Sat, 22 Feb 2020 16:28:31 +0000 (17:28 +0100)]
Unbreak the build without FEATURE_HTTPS_FILTERING
Fabian Keil [Sat, 22 Feb 2020 13:38:16 +0000 (14:38 +0100)]
Don't crash when blocking a CONNECT request with https filtering enabled
Previously ssl_send_data() was called before the TLS context was
setup which resulted in a segfault in mbedtls_ssl_get_max_frag_len().
Fabian Keil [Fri, 21 Feb 2020 15:48:51 +0000 (16:48 +0100)]
Bump copyright
Fabian Keil [Fri, 21 Feb 2020 15:41:33 +0000 (16:41 +0100)]
Regenerate docs
Fabian Keil [Fri, 21 Feb 2020 15:40:47 +0000 (16:40 +0100)]
Properly link to the TLS section of the config file
Fabian Keil [Fri, 21 Feb 2020 15:35:23 +0000 (16:35 +0100)]
Fix links to the enable-https-filtering action
Fabian Keil [Fri, 21 Feb 2020 15:32:35 +0000 (16:32 +0100)]
Add a missing anchor
Fabian Keil [Thu, 20 Feb 2020 16:38:54 +0000 (17:38 +0100)]
Rebuild config file
Fabian Keil [Thu, 20 Feb 2020 16:37:19 +0000 (17:37 +0100)]
Rebuild docs
Fabian Keil [Fri, 21 Feb 2020 14:49:20 +0000 (15:49 +0100)]
config: Fix typo
Fabian Keil [Fri, 21 Feb 2020 14:48:29 +0000 (15:48 +0100)]
config: Mention that the certificate-directory is only used when https filtering
Fabian Keil [Fri, 21 Feb 2020 14:44:35 +0000 (15:44 +0100)]
config: Improve the description of the ca-cert-file directive
Fabian Keil [Thu, 20 Feb 2020 16:31:52 +0000 (17:31 +0100)]
config: Note that Privoxy does not automatically clear website certiificates
... when the CA key and certificate are changed.
Fabian Keil [Wed, 19 Feb 2020 16:36:25 +0000 (17:36 +0100)]
Bump coypright
Fabian Keil [Wed, 19 Feb 2020 14:01:45 +0000 (15:01 +0100)]
Note that access to certificate-directory and ca-directory should be limited
... to Privoxy and the Privoxy admin.
Fabian Keil [Wed, 19 Feb 2020 12:17:16 +0000 (13:17 +0100)]
generate_key(): Change argument order to be more consistent
Fabian Keil [Fri, 21 Feb 2020 14:30:55 +0000 (15:30 +0100)]
pcrs.h: Add copyright and license
Fabian Keil [Tue, 18 Feb 2020 16:23:33 +0000 (17:23 +0100)]
Change license for pcrs.c to GPLv2+
... after getting the permission from Andreas.
This allows to redistribute Privoxy under the GPLv3
which is required when linking to mbedTLS which is
licensed under the Apache 2.0 license.
Fabian Keil [Mon, 17 Feb 2020 23:19:22 +0000 (00:19 +0100)]
Regenerate docs
Fabian Keil [Tue, 18 Feb 2020 11:36:04 +0000 (12:36 +0100)]
Remove cooltechzone.com from the sponsor list
They were unhappy with the link change.
Fabian Keil [Mon, 17 Feb 2020 23:17:56 +0000 (00:17 +0100)]
Revert "Clarify that Privoxy can also be used under the terms of a license later than the GPLv2"
The current license of pcrs.c actually prevents the license upgrade.
This reverts commit
d74933268d8eee2037691f5db776b2103eb13945.
Fabian Keil [Sun, 16 Feb 2020 17:44:15 +0000 (18:44 +0100)]
Change 'GIT' to 'Git'
Fabian Keil [Sat, 15 Feb 2020 13:15:03 +0000 (14:15 +0100)]
Bump copyright
Fabian Keil [Sat, 15 Feb 2020 13:14:26 +0000 (14:14 +0100)]
Bump copyright
Fabian Keil [Sat, 15 Feb 2020 13:02:18 +0000 (14:02 +0100)]
Rebuild docs with updated license info
Fabian Keil [Sat, 15 Feb 2020 12:56:08 +0000 (13:56 +0100)]
Clarify that Privoxy can also be used under the terms of a license later than the GPLv2
Fabian Keil [Fri, 14 Feb 2020 13:32:55 +0000 (14:32 +0100)]
Regenerate developer manual
Fabian Keil [Fri, 14 Feb 2020 13:22:14 +0000 (14:22 +0100)]
Developer manual: Bump copyright
Fabian Keil [Fri, 14 Feb 2020 13:21:19 +0000 (14:21 +0100)]
Developer manual: Document how ot access the git repository through https
Fabian Keil [Fri, 23 Jun 2017 18:27:37 +0000 (20:27 +0200)]
Strip trailing whitespace
Fabian Keil [Fri, 23 Jun 2017 18:27:37 +0000 (20:27 +0200)]
Strip trailing whitespace
Fabian Keil [Wed, 5 Feb 2020 16:02:37 +0000 (17:02 +0100)]
free_certificate_chain(): Fix memset() target
Fabian Keil [Thu, 30 Jan 2020 15:49:10 +0000 (16:49 +0100)]
Remove SourceForge references in copyright headers
Fabian Keil [Thu, 30 Jan 2020 15:46:10 +0000 (16:46 +0100)]
Upgrade a bunch of links to the homepage to https://
Fabian Keil [Wed, 11 Dec 2019 12:05:24 +0000 (13:05 +0100)]
Declare generate_webpage_certificate() static
Fabian Keil [Mon, 2 Dec 2019 12:06:29 +0000 (13:06 +0100)]
Fix comment typos
Fabian Keil [Mon, 3 Feb 2020 16:38:39 +0000 (17:38 +0100)]
Regenerate homepage with silver sponsor https://vpnranks.com/
Fabian Keil [Mon, 3 Feb 2020 16:37:43 +0000 (17:37 +0100)]
Add https://www.vpnranks.com/ as silver sponsor
Fabian Keil [Mon, 3 Feb 2020 16:39:29 +0000 (17:39 +0100)]
Adjust cooltechzone.com sponsor link to look less manipulative
Fabian Keil [Thu, 30 Jan 2020 12:43:43 +0000 (13:43 +0100)]
Rebuild homepage
Fabian Keil [Thu, 30 Jan 2020 12:43:28 +0000 (13:43 +0100)]
Adjust cooltechzone.com sponsor link to look less manipulative
Fabian Keil [Fri, 27 Dec 2019 11:03:50 +0000 (12:03 +0100)]
Regenerate homepage with new sponsor cooltechzone.com
Fabian Keil [Fri, 27 Dec 2019 11:02:47 +0000 (12:02 +0100)]
Add cooltechzone.com as sponsor
Roland Rosenfeld [Sat, 30 Nov 2019 17:32:10 +0000 (18:32 +0100)]
Adapt Debian patches to git development branch.
Roland Rosenfeld [Sat, 30 Nov 2019 11:37:22 +0000 (12:37 +0100)]
Apply Debian package changes 3.0.28-1 and 3.0.28-2
Fabian Keil [Wed, 27 Nov 2019 12:28:58 +0000 (13:28 +0100)]
Remove a couple of spaces
Fabian Keil [Wed, 27 Nov 2019 12:15:32 +0000 (13:15 +0100)]
Move config.h include higher
Fabian Keil [Tue, 26 Nov 2019 12:35:30 +0000 (13:35 +0100)]
Don't clear the buffer passed to mbedtls_strerror()
mbedtls_strerror() clears the buffer itself.
Fabian Keil [Tue, 26 Nov 2019 12:05:12 +0000 (13:05 +0100)]
ssl_verify_callback(): Use malloc_or_die()
Fabian Keil [Tue, 26 Nov 2019 12:02:18 +0000 (13:02 +0100)]
make_certs_path(): Use zalloc_or_die()
Fabian Keil [Tue, 26 Nov 2019 12:01:22 +0000 (13:01 +0100)]
write_private_key(): Use zalloc_or_die()
Fabian Keil [Tue, 26 Nov 2019 11:41:29 +0000 (12:41 +0100)]
Fix comment indentation
Fabian Keil [Tue, 26 Nov 2019 11:40:57 +0000 (12:40 +0100)]
Remove a couple of spaces
Fabian Keil [Mon, 25 Nov 2019 13:06:01 +0000 (14:06 +0100)]
Fix typo
Fabian Keil [Mon, 25 Nov 2019 13:01:16 +0000 (14:01 +0100)]
Fix typo
Fabian Keil [Thu, 21 Nov 2019 12:15:25 +0000 (13:15 +0100)]
Fix spelling in comment
Fabian Keil [Thu, 21 Nov 2019 11:49:58 +0000 (12:49 +0100)]
Fix spelling in comment
Fabian Keil [Tue, 19 Nov 2019 14:37:00 +0000 (15:37 +0100)]
Fix indentation
Fabian Keil [Tue, 19 Nov 2019 13:53:14 +0000 (14:53 +0100)]
Move LIMIT_MUTEX_NUMBER definition to project.h
... as it is also used in other files.
Fabian Keil [Tue, 19 Nov 2019 13:51:41 +0000 (14:51 +0100)]
Fix indentation
Fabian Keil [Tue, 19 Nov 2019 13:48:04 +0000 (14:48 +0100)]
Remove a bunch of spaces
Fabian Keil [Tue, 19 Nov 2019 13:33:09 +0000 (14:33 +0100)]
Add a missing space
Fabian Keil [Tue, 19 Nov 2019 13:31:26 +0000 (14:31 +0100)]
Move two typedefs from project.h to ssl.c
Fabian Keil [Mon, 18 Nov 2019 13:23:50 +0000 (14:23 +0100)]
Rebuild config file
Fabian Keil [Mon, 18 Nov 2019 10:56:14 +0000 (11:56 +0100)]
Document the use of IP_FREEBIND
Based on a patch by Sam Varshavchik.
Fabian Keil [Mon, 18 Nov 2019 10:54:17 +0000 (11:54 +0100)]
Use the IP_FREEBIND socket option, if defined
This allows Privoxy to bind to not-yet assigned IP addresses
which is useful in failover environments.
Patch by Sam Varshavchik.
Fabian Keil [Tue, 12 Nov 2019 12:09:11 +0000 (13:09 +0100)]
Bump copyright
Fabian Keil [Tue, 12 Nov 2019 11:44:41 +0000 (12:44 +0100)]
Fix an invalid free introduced in
d01bb4028a9
Fabian Keil [Mon, 11 Nov 2019 19:01:54 +0000 (20:01 +0100)]
Add a missing 'client-specific-tag' directive
Fabian Keil [Mon, 11 Nov 2019 11:20:08 +0000 (12:20 +0100)]
Bump MAX_AF_FILES to 100
Sponsored by: Robert Klemme
projects / privoxy.git / log