Fabian Keil [Mon, 8 Jun 2020 16:49:50 +0000 (18:49 +0200)]
Add a couple of tests for +client-header-filter{no-brotli-accepted}
Fabian Keil [Mon, 8 Jun 2020 09:38:43 +0000 (11:38 +0200)]
Register dependencies of the ssl object file so it is rebuild when needed
Fabian Keil [Sun, 7 Jun 2020 17:24:00 +0000 (19:24 +0200)]
get_clf_timestamp(): Fix locking of localtime()
Previously we were only locking the actual localtime()
call while we should keep the lock until the returned
pointer is no longer being used.
Fabian Keil [Sun, 7 Jun 2020 17:23:30 +0000 (19:23 +0200)]
get_locale_time(): Fix locking of localtime()
Previously we were only locking the actual localtime()
call while we should keep the lock until the returned
pointer is no longer being used.
Fabian Keil [Sun, 7 Jun 2020 17:22:10 +0000 (19:22 +0200)]
get_clf_timestamp(): Use privoxy_gmtime_r()
Fabian Keil [Sun, 7 Jun 2020 17:12:59 +0000 (19:12 +0200)]
Bump copyright
Fabian Keil [Sun, 7 Jun 2020 15:57:40 +0000 (17:57 +0200)]
parse_header_time(): Use privoxy_gmtime_r()
Previously the function would use gmtime() unlocked
if FEATURE_STRPTIME_SANITY_CHECKS was enabled ...
Fabian Keil [Sun, 7 Jun 2020 15:52:38 +0000 (17:52 +0200)]
client_if_modified_since(): Use privoxy_gmtime_r()
Fabian Keil [Sun, 7 Jun 2020 15:51:31 +0000 (17:51 +0200)]
server_last_modified(): Use privoxy_gmtime_r()
Fabian Keil [Sun, 7 Jun 2020 15:50:23 +0000 (17:50 +0200)]
add_cookie_expiry_date(): Use privoxy_gmtime_r()
Fabian Keil [Sun, 7 Jun 2020 15:48:52 +0000 (17:48 +0200)]
generate_certificate_valid_date(): Use privoxy_gmtime_r()
Fabian Keil [Sun, 7 Jun 2020 15:47:26 +0000 (17:47 +0200)]
Add privoxy_gmtime_r() so we can simplify some code
Fabian Keil [Sun, 7 Jun 2020 15:42:00 +0000 (17:42 +0200)]
write_pid_file(): Rename pidfile to pid_file
So it doesn't shadow the global pidfile.
Fabian Keil [Sun, 7 Jun 2020 15:21:16 +0000 (17:21 +0200)]
Fix the locking of gmtime()
Previously we were only locking the actual gmtime()
call while we should keep the lock until the returned
pointer is no longer being used.
Fabian Keil [Sun, 7 Jun 2020 14:56:05 +0000 (16:56 +0200)]
generate_certificate_valid_date(): Fall back to using gmtime() if gmtime_r() isn't available
As Lee reported it's not available on Windows.
Fabian Keil [Sun, 7 Jun 2020 12:59:28 +0000 (14:59 +0200)]
server(): Add colons that were missing in a log message
Fabian Keil [Sat, 6 Jun 2020 15:47:58 +0000 (17:47 +0200)]
privoxy-log-parser.pl: Properly highlight the filter results message
Previously a brace got lost.
Fabian Keil [Sun, 7 Jun 2020 09:41:48 +0000 (11:41 +0200)]
privoxy-regression-test.pl: Consistently use no space after function names
Fabian Keil [Sun, 7 Jun 2020 07:53:36 +0000 (09:53 +0200)]
Log the "Request:" message for unencrypted requests later
In
b94bbe62a I moved the block in front of the setting
of csp->http->client_ssl which meant the message was emitted
for encrypted requests as well.
This resulted in two "Request:" message instead of one.
Sponsored by: Robert Klemme
Fabian Keil [Sun, 7 Jun 2020 07:46:59 +0000 (09:46 +0200)]
Disable fast-redirects for collector.githubapp.com/ and block requests to it as image instead
Fabian Keil [Sun, 7 Jun 2020 08:08:00 +0000 (10:08 +0200)]
privoxy-regression-test.pl: Bump copyright
Fabian Keil [Sun, 7 Jun 2020 08:07:05 +0000 (10:07 +0200)]
privoxy-regression-test.pl: Allow '[' and ']' in URLs
Fabian Keil [Sun, 7 Jun 2020 08:06:20 +0000 (10:06 +0200)]
privoxy-regression-test.pl: Turn curl's globbing mode off so we can allow more characters in URLs
Fabian Keil [Sat, 6 Jun 2020 15:52:25 +0000 (17:52 +0200)]
privoxy-regression-test.pl: Bump version to 0.7.1
Fabian Keil [Sat, 6 Jun 2020 11:56:24 +0000 (13:56 +0200)]
privoxy-regression-test.pl: Include the action file when complaining about missing Sticky Actions
Fabian Keil [Sat, 6 Jun 2020 07:45:39 +0000 (09:45 +0200)]
Regenerate FAQ
Fabian Keil [Sat, 6 Jun 2020 07:56:09 +0000 (09:56 +0200)]
FAQ: Remove an obsolete comment with a link to the long-gone PDF manual
Fabian Keil [Sat, 6 Jun 2020 07:44:24 +0000 (09:44 +0200)]
Bump copyright
Fabian Keil [Sat, 6 Jun 2020 07:43:28 +0000 (09:43 +0200)]
FAQ: Add a link to the TODO list
Fabian Keil [Sat, 6 Jun 2020 07:42:56 +0000 (09:42 +0200)]
FAQ: Mention http-inspection in two answers
Sponsored by: Robert Klemme
Fabian Keil [Fri, 5 Jun 2020 11:39:57 +0000 (13:39 +0200)]
FAQ: Change the sponsor amounts to USD
... slightly rounding the converted amounts up to get simple numbers.
Receiving USD is apparently easier for SPI and SPI is
preferred by sponsors as they can send invoices.
No objections from: privoxy-devel@
Roland Rosenfeld [Fri, 5 Jun 2020 13:57:30 +0000 (15:57 +0200)]
Debian: Adapt TLS/SSL settings to Debian FHS.
Generate dirs with correct permissions for https-inspection.
Roland Rosenfeld [Fri, 5 Jun 2020 11:39:04 +0000 (13:39 +0200)]
Debian: Compile --with-mbedtls to allow https-inspection.
Roland Rosenfeld [Fri, 5 Jun 2020 10:40:01 +0000 (12:40 +0200)]
Debian: Update to new git version 8097d5 (update all patches)
Fabian Keil [Fri, 5 Jun 2020 14:05:51 +0000 (16:05 +0200)]
Fix spelling of FEATURE_HTTPS_INSPECTION
... so the action editor actually allows to set
https-inspection and ignore-certificate-errors.
Reported by: Roland
Fabian Keil [Fri, 5 Jun 2020 13:48:33 +0000 (15:48 +0200)]
Update http inspection section
It was still using +enable-https-filtering instead of +https-inspection.
Reported by: Roland
Fabian Keil [Fri, 5 Jun 2020 11:52:50 +0000 (13:52 +0200)]
Improve an error message in chat()
... that is emitted when forwarding an encrypted
request through a HTTP proxy fails.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 5 Jun 2020 11:28:48 +0000 (13:28 +0200)]
Use the connect-failed template when the forwarding proxy fails
... with https inspection enabled. Forwarding the response from
the proxy to the client will not work as the client expects
an encrypted response.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 5 Jun 2020 11:25:41 +0000 (13:25 +0200)]
Improve a comment in chat()
... by removing an obsolete sentence and sprinkling a
couple of "the"s.
Sponsored by: Robert Klemme
Fabian Keil [Thu, 12 Mar 2020 11:39:07 +0000 (12:39 +0100)]
Deduplicate some https inspection code in chat()
Once the connection to a HTTP proxy has been
established we can treat the connection the
same way as a direct one.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 5 Jun 2020 10:58:10 +0000 (12:58 +0200)]
Fix commment indentation
Sponsored by: Robert Klemme
Fabian Keil [Fri, 5 Jun 2020 10:19:09 +0000 (12:19 +0200)]
Fix https inspection with HTTP forwarding
Previously Privoxy would not send the CSUCCEED
message to the client so the client would not
send the encrypted request.
Now that we send the CSUCCEED, we don't need to
forward the response from the upstream HTTP proxy
anymore.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 5 Jun 2020 09:55:14 +0000 (11:55 +0200)]
Fix comment typo
Sponsored by: Robert Klemme
Fabian Keil [Wed, 3 Jun 2020 17:13:04 +0000 (19:13 +0200)]
privoxy-log-parser.pl: Accept and highlight: Forwarded the last 1954 bytes
Fabian Keil [Wed, 3 Jun 2020 17:11:04 +0000 (19:11 +0200)]
privoxy-log-parser.pl: Accept and highlight: Forwarding 1954 bytes of encrypted POST data
Fabian Keil [Wed, 3 Jun 2020 09:12:56 +0000 (11:12 +0200)]
privoxy-log-parser.pl: Completely highlight: 'Connection from 192.168.2.1 on 127.0.1.1:8118 (socket 3) dropped due to ACL'
Change the highlight type of the first IP address to "host"
instead of "Number".
Fabian Keil [Tue, 2 Jun 2020 12:49:08 +0000 (14:49 +0200)]
privoxy-log-parser.pl: Rephrase a statistics description
... to clarify the client request bodies aren't counted.
Fabian Keil [Sat, 30 May 2020 09:34:31 +0000 (11:34 +0200)]
privoxy-log-parser.pl: Prefer the number of CLF lines to get the total number of requests
As it works with older Privoxy versions as well.
Fabian Keil [Wed, 3 Jun 2020 06:44:47 +0000 (08:44 +0200)]
Add #160: Add keep-alive support with +https-inspection.
Fabian Keil [Wed, 3 Jun 2020 12:07:29 +0000 (14:07 +0200)]
Silence a warning when compiling without FEATURE_HTTPS_INSPECTION
cgi.c:447:22: warning: unused variable 'alt_prefix_https' [-Wunused-variable]
static const char alt_prefix_https[] = "https://" CGI_SITE_1_HOST "/";
Sponsored by: Robert Klemme
Fabian Keil [Wed, 3 Jun 2020 06:33:25 +0000 (08:33 +0200)]
Add +https-inspection and +ignore-certificate-errors to the list of valid actions
Sponsored by: Robert Klemme
Fabian Keil [Wed, 3 Jun 2020 05:46:47 +0000 (07:46 +0200)]
Add fast-redirects{} exception for sourcepoint.vice.com/
Fabian Keil [Mon, 1 Jun 2020 14:49:57 +0000 (16:49 +0200)]
chat(): Remove a pointless close_client_ssl_connection() call
Sponsored by: Robert Klemme
Fabian Keil [Mon, 1 Jun 2020 14:48:48 +0000 (16:48 +0200)]
Rephrase an error message in chat()
Sponsored by: Robert Klemme
Fabian Keil [Sat, 30 May 2020 09:14:02 +0000 (11:14 +0200)]
privoxy-log-parser.pl: Accept and highlight: Performing the TLS/SSL handshake with client. Hash of host:
bab5296b25e256c7b06b92b17b56bcae
Fabian Keil [Sat, 30 May 2020 09:06:38 +0000 (11:06 +0200)]
privoxy-log-parser.pl: Accept and highlight: Flushed 30 bytes of request body while expecting 30
Fabian Keil [Sat, 30 May 2020 06:05:55 +0000 (08:05 +0200)]
privoxy-log-parser.pl: Only show HTTP version distribution if at least one version has been detected
Fabian Keil [Sat, 30 May 2020 05:56:59 +0000 (07:56 +0200)]
privoxy-log-parser.pl: Only show crunch statistics if crunches were detected
Fabian Keil [Sat, 30 May 2020 05:55:44 +0000 (07:55 +0200)]
privoxy-log-parser.pl: Warn if the request counts differ
Fabian Keil [Sat, 30 May 2020 05:53:47 +0000 (07:53 +0200)]
privoxy-log-parser.pl: Generate statistics if the log only contains LOG_LEVEL_CLF messages
... so it can be used with vanilla webserver logs.
Previously Privoxy-specific "Request:" messages were required.
Fabian Keil [Sat, 30 May 2020 04:45:28 +0000 (06:45 +0200)]
privoxy-log-parser.pl: Consistently use no space after function names
Fabian Keil [Sat, 30 May 2020 04:36:15 +0000 (06:36 +0200)]
privoxy-log-parser.pl: Align the client-HTTP-version distribution like other distributions
Fabian Keil [Sat, 30 May 2020 04:29:50 +0000 (06:29 +0200)]
privoxy-log-parser.pl: Bump version to 0.9.1
Fabian Keil [Sat, 30 May 2020 04:15:11 +0000 (06:15 +0200)]
privoxy-log-parser.pl: Include status code distribution in the stats
Fabian Keil [Fri, 29 May 2020 17:10:14 +0000 (19:10 +0200)]
privoxy-log-parser.pl: Include the size of the content Privoxy transferred
... excluding HTTP headers.
Fabian Keil [Fri, 29 May 2020 16:45:34 +0000 (18:45 +0200)]
privoxy-log-parser.pl: Bump copyright
Fabian Keil [Fri, 29 May 2020 16:42:50 +0000 (18:42 +0200)]
privoxy-log-parser.pl: Get with the program and expect all requests to be logged with LOG_LEVEL_REQUEST
It's no longer necessary to count both LOG_LEVEL_REQUEST
and LOG_LEVEL_CRUNCH messages to get the total number of
requests.
Fabian Keil [Fri, 29 May 2020 14:49:08 +0000 (16:49 +0200)]
privoxy-log-parser.pl: Leverage the LOG_LEVEL_CLF message
... to gather statistics that where previously taken
from LOG_LEVEL_HEADER lines.
This results in less confusing results if https inspection
is enabled in which case there are two LOG_LEVEL_HEADER
lines with request lines.
Sponsored by: Robert Klemme
Fabian Keil [Sun, 31 May 2020 16:13:42 +0000 (18:13 +0200)]
Add fast-redirects exception for oss-fuzz.com/
Fabian Keil [Sat, 30 May 2020 13:57:29 +0000 (15:57 +0200)]
Regenerate config file with updated 'debug 1' description and typo fixes
Fabian Keil [Sat, 30 May 2020 13:55:15 +0000 (15:55 +0200)]
Regenerate docs with updated 'debug 1' description
It now logs all requests, not just the ones that passed through.
Fabian Keil [Sat, 30 May 2020 09:01:46 +0000 (11:01 +0200)]
Update the 'debug 1' description
Fabian Keil [Sat, 30 May 2020 08:56:13 +0000 (10:56 +0200)]
Let LOG_LEVEL_REQUEST log all requests
Previously unencrypted requests were only logged
with LOG_LEVEL_REQUEST when they weren't crunched
(in which case they were logged with LOG_LEVEL_CRUNCH).
This was documented behaviour, but logging all requests
seems more useful.
Fabian Keil [Sat, 30 May 2020 08:32:08 +0000 (10:32 +0200)]
Bump copyright
Fabian Keil [Sat, 30 May 2020 08:30:03 +0000 (10:30 +0200)]
Add a +delay-response{} test
Fabian Keil [Sat, 30 May 2020 07:20:16 +0000 (09:20 +0200)]
remember_connection(): Add assertion to silence bogus cppcheck warnings
gateway.c:221:23: error: Array 'reusable_connection[100]' accessed at index 100, which is out of bounds. [arrayIndexOutOfBounds]
reusable_connection[slot].host = strdup_or_die(connection->host);
^
gateway.c:198:4: note: After for loop, slot has value 100
for (slot = 0; slot < SZ(reusable_connection); slot++)
^
[...]
Fabian Keil [Sat, 30 May 2020 03:41:23 +0000 (05:41 +0200)]
Start using ssl_send_data_delayed()
... so the delay-response{} action works with SSL as well.
Sponsored by: Robert Klemme
Fabian Keil [Sat, 30 May 2020 03:39:32 +0000 (05:39 +0200)]
Add ssl_send_data_delayed()
... a SSL version of write_socket_delayed().
Based on a patch by Vašek Švec.
Fabian Keil [Fri, 29 May 2020 16:57:28 +0000 (18:57 +0200)]
Rename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST
Only the shadow knows what "GPC" is supposed to stand for.
Fabian Keil [Fri, 29 May 2020 15:19:47 +0000 (17:19 +0200)]
Bump copyright
Fabian Keil [Fri, 29 May 2020 06:30:27 +0000 (08:30 +0200)]
Rename HTML block name 'https' to 'https-and-no-https-inspection'
The block is only relevant when compiled without FEATURE_HTTPS_INSPECTION.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 28 Feb 2020 08:33:25 +0000 (09:33 +0100)]
parse_http_url(): Only hide the path if FEATURE_HTTPS_INSPECTION in unavailable
This is relevant for the show-url-info CGI page
which should consider the whole URL when matching
with FEATURE_HTTPS_INSPECTION available.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 28 Feb 2020 07:55:50 +0000 (08:55 +0100)]
cgi_show_url_info(): Kill the "paths are ignored for https URLs" block
... unconditionally if FEATURE_HTTPS_INSPECTION is available.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 29 May 2020 06:12:01 +0000 (08:12 +0200)]
Regenerate docs
Fabian Keil [Fri, 29 May 2020 05:36:27 +0000 (07:36 +0200)]
privoxy-regression-test.pl: Fix a sentence in the documentation
Fabian Keil [Thu, 28 May 2020 11:54:30 +0000 (13:54 +0200)]
Don't enable tunnelling if a CGI page is requested
... even if HTTPS inspection is disabled.
This makes sure https://p.p/ and https://config.privoxy.org/
work even if Privoxy is toggled off.
Sponsored by: Robert Klemme
Fabian Keil [Wed, 27 May 2020 07:02:47 +0000 (09:02 +0200)]
If a dynamic CGI page has been requested through https, use https URLs
... and accept https versions of the CGI pages as trusted referrers.
This prevents mixed-content warnings when accessing the
CGI pages through https.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 29 May 2020 07:49:26 +0000 (09:49 +0200)]
Add #159: Support Brotli compression
Fabian Keil [Fri, 29 May 2020 07:38:54 +0000 (09:38 +0200)]
Fix typo
Fabian Keil [Fri, 29 May 2020 07:35:05 +0000 (09:35 +0200)]
Remove #54 as the git migration is done
Fabian Keil [Fri, 29 May 2020 07:30:02 +0000 (09:30 +0200)]
Remove #123 as we now have proper support for https inspection
Fabian Keil [Fri, 29 May 2020 07:27:17 +0000 (09:27 +0200)]
Bump copyright
Fabian Keil [Fri, 29 May 2020 07:26:31 +0000 (09:26 +0200)]
Bump copyright
Fabian Keil [Fri, 29 May 2020 07:24:41 +0000 (09:24 +0200)]
default.action.master: Update location of the development version
Fabian Keil [Fri, 29 May 2020 07:20:43 +0000 (09:20 +0200)]
Sync with updated 'Cautious' template which enables the 'no-brotli-accepted' client-header filter
Fabian Keil [Fri, 29 May 2020 07:19:51 +0000 (09:19 +0200)]
Enable 'no-brotli-accepted' client-header filter in all templates
Fabian Keil [Fri, 29 May 2020 07:09:38 +0000 (09:09 +0200)]
Add 'no-brotli-accepted' filter which prevents the unsupported Brotli compression
Fabian Keil [Wed, 27 May 2020 11:01:56 +0000 (13:01 +0200)]
Add yet another reason why +prevent-compression may cause problems
Fabian Keil [Wed, 27 May 2020 10:13:32 +0000 (12:13 +0200)]
Rename struct certs_chain member from text_buf to info_buf
Fabian Keil [Wed, 27 May 2020 08:15:24 +0000 (10:15 +0200)]
HTML-encode the certificate info shown in case of verification failures
We don't want to allow code injection through crafted certificates.
Sponsored by: Robert Klemme