privoxy.git
3 years agoAdd new 'allow-autocompletion' filter
Fabian Keil [Thu, 10 Dec 2020 20:10:47 +0000 (21:10 +0100)]
Add new 'allow-autocompletion' filter

... which changes autocomplete="off" to "on" on input fields to
allow autocompletion.

Requested by Jamie Zawinski in #370.
Filter based on a submission by Aaron Linville.

3 years agoGit snapshot "release".
Roland Rosenfeld [Sun, 17 Jan 2021 12:40:14 +0000 (13:40 +0100)]
Git snapshot "release".
Update all patches to new version.
39_show-status and 40_redirect-ssl are now incorporated upstream.

3 years agoMerge Debian version 3.0.29-2
Roland Rosenfeld [Sun, 17 Jan 2021 12:31:42 +0000 (13:31 +0100)]
Merge Debian version 3.0.29-2

3 years agoMerge Debian 3.0.29-1 version.
Roland Rosenfeld [Sun, 17 Jan 2021 12:28:07 +0000 (13:28 +0100)]
Merge Debian 3.0.29-1 version.

3 years agoOpenSSL ssl_recv_data(): Include the actual fd in an error message
Fabian Keil [Tue, 12 Jan 2021 08:38:50 +0000 (09:38 +0100)]
OpenSSL ssl_recv_data(): Include the actual fd in an error message

3 years agoopenssl.c: Fix comment typo
Fabian Keil [Tue, 12 Jan 2021 12:25:44 +0000 (13:25 +0100)]
openssl.c: Fix comment typo

3 years agoconfigure: Clarify comments about OpenSSL and mbedTLS support
Fabian Keil [Tue, 12 Jan 2021 07:03:28 +0000 (08:03 +0100)]
configure: Clarify comments about OpenSSL and mbedTLS support

They aren't both required, enabling either one is sufficient
to get https inspection working.

3 years agoconfigure.in: Bail out if OpenSSL and mbedTLS are enabled at the same time
Fabian Keil [Tue, 12 Jan 2021 06:46:07 +0000 (07:46 +0100)]
configure.in: Bail out if OpenSSL and mbedTLS are enabled at the same time

3 years agoconfigure.in: Remove left-over OS/2 code
Fabian Keil [Tue, 12 Jan 2021 06:43:41 +0000 (07:43 +0100)]
configure.in: Remove left-over OS/2 code

3 years agoNote that #18 is work in progress
Fabian Keil [Wed, 13 Jan 2021 08:53:51 +0000 (09:53 +0100)]
Note that #18 is work in progress

3 years agoTODO #1: Add another reference
Fabian Keil [Tue, 12 Jan 2021 05:14:59 +0000 (06:14 +0100)]
TODO #1: Add another reference

3 years agoprivoxy-log-parser: Log truncated LOG_LEVEL_CLF messages more gracefully
Fabian Keil [Mon, 11 Jan 2021 13:23:52 +0000 (14:23 +0100)]
privoxy-log-parser: Log truncated LOG_LEVEL_CLF messages more gracefully

... and note that the statistics will be inprecise.

3 years agoBlock requests to api.theadex.com/
Fabian Keil [Mon, 11 Jan 2021 12:21:40 +0000 (13:21 +0100)]
Block requests to api.theadex.com/

3 years agoBlock requests to ih.adscale.de/
Fabian Keil [Mon, 11 Jan 2021 12:13:40 +0000 (13:13 +0100)]
Block requests to ih.adscale.de/

3 years agoBlock requests to .s400.meetrics.net/
Fabian Keil [Mon, 11 Jan 2021 12:11:08 +0000 (13:11 +0100)]
Block requests to .s400.meetrics.net/

3 years agoBlock requests for pp.lp4.io/
Fabian Keil [Mon, 11 Jan 2021 12:04:46 +0000 (13:04 +0100)]
Block requests for pp.lp4.io/

3 years agoDisable fast-redirects for .ksta.de/
Fabian Keil [Mon, 11 Jan 2021 11:49:33 +0000 (12:49 +0100)]
Disable fast-redirects for .ksta.de/

3 years agoRebuild user manual
Fabian Keil [Thu, 7 Jan 2021 15:09:07 +0000 (16:09 +0100)]
Rebuild user manual

3 years agouser-manual: Bump copyright
Fabian Keil [Thu, 7 Jan 2021 15:19:55 +0000 (16:19 +0100)]
user-manual: Bump copyright

3 years agouser-manual: Note that actions aren't updated after rewrites
Fabian Keil [Fri, 8 Jan 2021 20:50:23 +0000 (21:50 +0100)]
user-manual: Note that actions aren't updated after rewrites

3 years agouser-manual: Explicitly mention that upgrading from http to https with a client-heade...
Fabian Keil [Thu, 7 Jan 2021 15:07:40 +0000 (16:07 +0100)]
user-manual: Explicitly mention that upgrading from http to https with a client-header filter is not supported

3 years agouser-manual: Note that protocol and host have to be added
Fabian Keil [Wed, 6 Jan 2021 15:51:36 +0000 (16:51 +0100)]
user-manual: Note that protocol and host have to be added

... when rewriting the destination host for https-inspected requests.

3 years agoAdd #184: Add support for wolfSSL
Fabian Keil [Fri, 8 Jan 2021 00:35:25 +0000 (01:35 +0100)]
Add #184: Add support for wolfSSL

3 years agoAdd #183: Properly deal with proxy responses that arrive in multiple pieces
Fabian Keil [Wed, 6 Jan 2021 20:49:28 +0000 (21:49 +0100)]
Add #183: Properly deal with proxy responses that arrive in multiple pieces

3 years agochange_encrypted_request_destination(): Keep the original port instead of defaulting...
Fabian Keil [Thu, 7 Jan 2021 13:13:55 +0000 (14:13 +0100)]
change_encrypted_request_destination(): Keep the original port instead of defaulting to 443

... when the rewritten request line does not contain a host and port.

3 years agofilter_header(): Break a couple of long lines
Fabian Keil [Sun, 10 Jan 2021 02:55:34 +0000 (03:55 +0100)]
filter_header(): Break a couple of long lines

3 years agoparse_client_request(): Fix status code in a LOG_LEVEL_CLF message
Fabian Keil [Sun, 10 Jan 2021 07:46:35 +0000 (08:46 +0100)]
parse_client_request(): Fix status code in a LOG_LEVEL_CLF message

3 years agochange_encrypted_request_destination(): Plug a memory leak if the rewritten request...
Fabian Keil [Thu, 7 Jan 2021 14:30:59 +0000 (15:30 +0100)]
change_encrypted_request_destination(): Plug a memory leak if the rewritten request line is invalid

3 years agoprocess_encrypted_request(): Improve error message
Fabian Keil [Thu, 7 Jan 2021 13:48:10 +0000 (14:48 +0100)]
process_encrypted_request(): Improve error message

... emitted when the rewritten request line is invalid.

While at it, emit a LOG_LEVEL_CLF message.

3 years agoprocess_encrypted_request(): Use the MESSED_UP_REQUEST_RESPONSE when the rewritten...
Fabian Keil [Thu, 7 Jan 2021 13:44:24 +0000 (14:44 +0100)]
process_encrypted_request(): Use the MESSED_UP_REQUEST_RESPONSE when the rewritten request line is invalid

3 years agochange_request_destination(): Reject rewrites from http to https
Fabian Keil [Thu, 7 Jan 2021 13:41:17 +0000 (14:41 +0100)]
change_request_destination(): Reject rewrites from http to https

... as they currently aren't supported.

Previously we would wait for the client to establish
an encrypted connection which obviously would not happen.

3 years agochat(): Use client_use_ssl(csp) instead of http->ssl
Fabian Keil [Wed, 6 Jan 2021 16:52:38 +0000 (17:52 +0100)]
chat(): Use client_use_ssl(csp) instead of http->ssl

... in a place where it is more appropriate.

Currently the difference doesn't matter, but it will
when we start supporting upgrading the protocol from
http to https behind the client's back.

3 years agoAdd Pragma header to the client-header-order example
Fabian Keil [Tue, 5 Jan 2021 17:34:38 +0000 (18:34 +0100)]
Add Pragma header to the client-header-order example

3 years agoredirect_url(): Silence a bogus use-after-free warning
Fabian Keil [Tue, 5 Jan 2021 00:03:25 +0000 (01:03 +0100)]
redirect_url(): Silence a bogus use-after-free warning

... emitted by ccc-analyzer from llvm80.

3 years agossl_store_cert(): Check BIO_get_mem_data() return code
Fabian Keil [Tue, 5 Jan 2021 00:12:04 +0000 (01:12 +0100)]
ssl_store_cert(): Check BIO_get_mem_data() return code

3 years agoenforce_header_order(): Save a couple of memory allocations
Fabian Keil [Mon, 4 Jan 2021 22:27:04 +0000 (23:27 +0100)]
enforce_header_order(): Save a couple of memory allocations

3 years agosed(): Don't call enforce_header_order() if a filter removed the request line
Fabian Keil [Tue, 5 Jan 2021 13:32:50 +0000 (14:32 +0100)]
sed(): Don't call enforce_header_order() if a filter removed the request line

... as enforce_header_order() asserts that the request line is present.

Without the request line the request will be rejected as invalid
later on anyway, so sorting the headers first is pointless.

3 years agoAdd #182: Before enforcing the client-header-order, check that the client headers...
Fabian Keil [Tue, 5 Jan 2021 02:59:13 +0000 (03:59 +0100)]
Add #182: Before enforcing the client-header-order, check that the client headers actually need sorting

3 years agoRebuild docs
Fabian Keil [Mon, 4 Jan 2021 20:28:06 +0000 (21:28 +0100)]
Rebuild docs

3 years agoRebuild config file
Fabian Keil [Mon, 4 Jan 2021 20:24:12 +0000 (21:24 +0100)]
Rebuild config file

3 years agoBump copyright
Fabian Keil [Mon, 4 Jan 2021 20:25:05 +0000 (21:25 +0100)]
Bump copyright

3 years agoBump copyright
Fabian Keil [Sun, 3 Jan 2021 20:32:32 +0000 (21:32 +0100)]
Bump copyright

3 years agoNote that client-header-order works for encrypted headers if https-inspection is...
Fabian Keil [Sun, 3 Jan 2021 13:19:51 +0000 (14:19 +0100)]
Note that client-header-order works for encrypted headers if https-inspection is enabled

3 years agoAdd three additional headers to the client-header-order example
Fabian Keil [Sun, 3 Jan 2021 13:18:02 +0000 (14:18 +0100)]
Add three additional headers to the client-header-order example

3 years agosed_https(): Also update csp->https_headers->first which may have been changed by...
Fabian Keil [Sun, 3 Jan 2021 11:06:56 +0000 (12:06 +0100)]
sed_https(): Also update csp->https_headers->first which may have been changed by header reordering

Prevents forwarding of invalid requests and segmentation faults when the
client-header-order directive is used while https inspection is enabled.

    Program terminated with signal SIGSEGV, Segmentation fault.
    (gdb) where
    #0  0x0000000801d1cbb0 in arena_run_heap_remove (ph=0x8027130d8, phn=0x802c01360) at jemalloc_arena.c:77
    #1  0x0000000801d17188 in arena_dissociate_bin_run (chunk=<optimized out>, run=0x802c01378, bin=0x802713098) at jemalloc_arena.c:2839
    #2  arena_dalloc_bin_locked_impl (tsdn=0x8006e3690, arena=0x802712540, chunk=<optimized out>, ptr=<optimized out>, bitselm=<optimized out>, junked=<optimized out>) at jemalloc_arena.c:2905
    #3  0x0000000801cfd1fd in __je_tcache_bin_flush_small (tsd=<optimized out>, tcache=<optimized out>, tbin=0x802a760e8, binind=<optimized out>, rem=<optimized out>) at jemalloc_tcache.c:134
    #4  0x0000000801cfe01b in tcache_destroy (tsd=0x8006e3690, tcache=0x802a76000) at jemalloc_tcache.c:368
    #5  0x0000000801cfdde7 in __je_tcache_cleanup (tsd=0x8006e3690) at jemalloc_tcache.c:407
    #6  0x0000000801cfcd53 in __je_tsd_cleanup (arg=0x8006e3690) at jemalloc_tsd.c:82
    #7  0x0000000801cfcf3b in __je_tsd_cleanup_wrapper () at /usr/src/contrib/jemalloc/include/jemalloc/internal/tsd.h:658
    #8  0x0000000801cfccca in _malloc_thread_cleanup () at jemalloc_tsd.c:52
    #9  0x0000000801a529c2 in exit_thread () at /usr/src/lib/libthr/thread/thr_exit.c:302
    #10 0x0000000801a528fe in _pthread_exit_mask (status=<optimized out>, mask=<optimized out>) at /usr/src/lib/libthr/thread/thr_exit.c:266
    #11 0x0000000801a5275b in _pthread_exit (status=0x8027130d8) at /usr/src/lib/libthr/thread/thr_exit.c:206
    #12 0x0000000801a45094 in thread_start (curthread=0x802817e00) at /usr/src/lib/libthr/thread/thr_create.c:290
    #13 0x0000000000000000 in ?? ()
    Backtrace stopped: Cannot access memory at address 0x7fffdf9fb000

Reported by: Kai Raven

3 years agoBring back "--with-fdsetsize" now that select() is supported again
Fabian Keil [Sat, 2 Jan 2021 13:37:24 +0000 (14:37 +0100)]
Bring back "--with-fdsetsize" now that select() is supported again

This reverts commit d2a6fcf8b923dc9f81b03417ede4d44f0beb03e0.

3 years agoBump copyright
Fabian Keil [Sat, 2 Jan 2021 13:30:56 +0000 (14:30 +0100)]
Bump copyright

3 years agoAdd ChangeLog entries for changes between v_3_0_29 and 639c42d7ab751ae
Fabian Keil [Sat, 2 Jan 2021 13:30:42 +0000 (14:30 +0100)]
Add ChangeLog entries for changes between v_3_0_29 and 639c42d7ab751ae

3 years agoprivoxy-log-parser: Bump copyright
Fabian Keil [Fri, 1 Jan 2021 11:19:48 +0000 (12:19 +0100)]
privoxy-log-parser: Bump copyright

3 years agoprivoxy-log-parser: Highlight 'Rewritten request line results in downgrade to http'
Fabian Keil [Fri, 1 Jan 2021 11:19:33 +0000 (12:19 +0100)]
privoxy-log-parser: Highlight 'Rewritten request line results in downgrade to http'

3 years agoprivoxy-log-parser: Highlight 'Rewrite detected: ...' messages again
Fabian Keil [Sat, 26 Dec 2020 12:33:10 +0000 (13:33 +0100)]
privoxy-log-parser: Highlight 'Rewrite detected: ...' messages again

3 years agoNote that #87 is trivial now
Fabian Keil [Mon, 28 Dec 2020 21:46:55 +0000 (22:46 +0100)]
Note that #87 is trivial now

3 years agoRemove #14 (Allow to filter POST parameters) which is done
Fabian Keil [Mon, 28 Dec 2020 21:46:04 +0000 (22:46 +0100)]
Remove #14 (Allow to filter POST parameters) which is done

3 years agoAdjust a log message to clarify that it refers to client tags
Fabian Keil [Sun, 27 Dec 2020 14:32:02 +0000 (15:32 +0100)]
Adjust a log message to clarify that it refers to client tags

3 years agoAdd #181: Allow to upgrade an http request to https
Fabian Keil [Thu, 24 Dec 2020 11:54:55 +0000 (12:54 +0100)]
Add #181: Allow to upgrade an http request to https

3 years agoUpdate a comment in parse_http_url()
Fabian Keil [Thu, 24 Dec 2020 11:19:07 +0000 (12:19 +0100)]
Update a comment in parse_http_url()

3 years agoBump copyright
Fabian Keil [Fri, 1 Jan 2021 10:09:44 +0000 (11:09 +0100)]
Bump copyright

3 years agoBump copyright
Fabian Keil [Fri, 1 Jan 2021 11:20:24 +0000 (12:20 +0100)]
Bump copyright

3 years agoAllow to rewrite the request destination for https-intercepted requests
Fabian Keil [Tue, 22 Dec 2020 17:24:17 +0000 (18:24 +0100)]
Allow to rewrite the request destination for https-intercepted requests

... behind the client's back.

The documentation already sort of claimed that it was supported
by not especially mentioning that it didn't work for https-inspected
requests.

Fixes SF bug #923 reported by withoutname.

3 years agoRegenerate docs
Fabian Keil [Wed, 30 Dec 2020 11:50:58 +0000 (12:50 +0100)]
Regenerate docs

3 years agoCorrect count of the different pcrs-based filter actions
Fabian Keil [Fri, 25 Dec 2020 10:27:24 +0000 (11:27 +0100)]
Correct count of the different pcrs-based filter actions

3 years agoAdd support for filering client request bodies
Maxim Antonov [Thu, 17 Dec 2020 08:05:23 +0000 (15:05 +0700)]
Add support for filering client request bodies

... by using CLIENT-BODY-FILTER filters which can
be enabled with the client-body-filter action.

3 years agoRegenerate homepage with updated alt text for the Lalal.ai logo
Fabian Keil [Wed, 23 Dec 2020 15:20:20 +0000 (16:20 +0100)]
Regenerate homepage with updated alt text for the Lalal.ai logo

3 years agoChange the alt text for the Lalal.ai logo as requested by the sponsor
Fabian Keil [Wed, 23 Dec 2020 15:19:13 +0000 (16:19 +0100)]
Change the alt text for the Lalal.ai logo as requested by the sponsor

3 years agoChange the alt text for the Lalal.ai logo as requested by the sponsor
Fabian Keil [Wed, 23 Dec 2020 15:19:06 +0000 (16:19 +0100)]
Change the alt text for the Lalal.ai logo as requested by the sponsor

3 years agoWe have two bronze sponsors so use the plural in the header
Fabian Keil [Tue, 22 Dec 2020 11:44:57 +0000 (12:44 +0100)]
We have two bronze sponsors so use the plural in the header

3 years agoAdd lalal.ai as silver sponsor
Fabian Keil [Tue, 22 Dec 2020 11:44:03 +0000 (12:44 +0100)]
Add lalal.ai as silver sponsor

3 years agoRegenerate homepage with updated sponsor list
Fabian Keil [Tue, 22 Dec 2020 11:40:06 +0000 (12:40 +0100)]
Regenerate homepage with updated sponsor list

Downgrade most recent release to 3.0.29 so I can
push the page to the webserver.

3 years agoLet the dok-webserver target turn the www.lalal.ai marker into an image link
Fabian Keil [Tue, 22 Dec 2020 11:28:33 +0000 (12:28 +0100)]
Let the dok-webserver target turn the lalal.ai marker into an image link

3 years agoAdd www.lalal.ai as silver sponsor
Fabian Keil [Tue, 22 Dec 2020 11:21:56 +0000 (12:21 +0100)]
Add www.lalal.ai as silver sponsor

3 years agoRemove silver sponsor www.top10vpn.com
Fabian Keil [Tue, 22 Dec 2020 11:14:19 +0000 (12:14 +0100)]
Remove silver sponsor www.top10vpn.com

The sponsorship period ended in September ...

3 years agoRemove silver sponsor www.top10vpn.com
Fabian Keil [Tue, 22 Dec 2020 11:13:01 +0000 (12:13 +0100)]
Remove silver sponsor www.top10vpn.com

The sponsorship period ended in September ...

3 years agodeveloper-manual: Update paragraph to reflect that Privoxy-Regression-Test now defaul...
Fabian Keil [Mon, 21 Dec 2020 07:52:53 +0000 (08:52 +0100)]
developer-manual: Update paragraph to reflect that Privoxy-Regression-Test now defaults to using 127.0.0.1:8118/ as privoxy address

3 years agoAdd #180: Add support for GnuTLS
Fabian Keil [Mon, 21 Dec 2020 06:41:59 +0000 (07:41 +0100)]
Add #180: Add support for GnuTLS

3 years agoprivoxy-regression-test: Use http://127.0.0.1:8118/ as default privoxy address
Fabian Keil [Sat, 19 Dec 2020 23:46:25 +0000 (00:46 +0100)]
privoxy-regression-test: Use 127.0.0.1:8118/ as default privoxy address

... unless http_proxy is set through the environment.

3 years agoRemove an obsolete comment
Fabian Keil [Thu, 17 Dec 2020 17:30:19 +0000 (18:30 +0100)]
Remove an obsolete comment

3 years agoRemove pointless redefinition of 'privoxy_mutex_t'
Fabian Keil [Sat, 19 Dec 2020 15:55:02 +0000 (16:55 +0100)]
Remove pointless redefinition of 'privoxy_mutex_t'

... when compiling with FEATURE_HTTPS_INSPECTION.

Silences warnings when compiling with "-std=c99":

    cc -c -pipe -fstack-protector-all -ggdb -Wshadow  -Wconversion -I/usr/local/include/  -pthread -Wall -std=c99   errlog.c -o errlog.o
    In file included from errlog.c:70:
    ./jcc.h:66:25: warning: redefinition of typedef 'privoxy_mutex_t' is a C11 feature [-Wtypedef-redefinition]
    typedef pthread_mutex_t privoxy_mutex_t;
                            ^
    ./project.h:59:28: note: previous definition is here
       typedef pthread_mutex_t privoxy_mutex_t;
                               ^
    1 warning generated.

Compile-tested on Windows by Lee.

3 years agocreate_server_ssl_connection(): Declare a variable at the beginning of the code block
Fabian Keil [Sat, 19 Dec 2020 16:11:42 +0000 (17:11 +0100)]
create_server_ssl_connection(): Declare a variable at the beginning of the code block

... to silence:
    cc -c -pipe -fstack-protector-all -ggdb -Wshadow  -Wconversion -I/usr/local/include/  -pthread -Wall -std=c89   openssl.c -o openssl.o
    openssl.c:1144:12: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat]
          for (int i = 0; i < sk_X509_num(chain); i++)
               ^

3 years agossl_store_cert(): Declare a variable at the beginning of the the code block
Fabian Keil [Sat, 19 Dec 2020 16:10:15 +0000 (17:10 +0100)]
ssl_store_cert(): Declare a variable at the beginning of the the code block

... to silence:

    cc -c -pipe -fstack-protector-all -ggdb -Wshadow  -Wconversion -I/usr/local/include/  -pthread -Wall -std=c89   openssl.c -o openssl.o
    openssl.c:408:12: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat]
          for (int i = 0; i < bs->length; i++)
               ^

3 years agoRemove 'inline' from a bunch of functions and leave the optimization decision to...
Fabian Keil [Sat, 19 Dec 2020 16:05:59 +0000 (17:05 +0100)]
Remove 'inline' from a bunch of functions and leave the optimization decision to the compiler

Unbreaks the build with '-std=c89'. Previous failure:
    cc -c -pipe -fstack-protector-all -ggdb -Wshadow  -Wconversion -I/usr/local/include/  -pthread -Wall -std=c89   errlog.c -o errlog.o
    errlog.c:95:8: error: unknown type name 'inline'
    static inline void lock_logfile(void)
           ^
    errlog.c:99:8: error: unknown type name 'inline'
    static inline void unlock_logfile(void)
           ^
    errlog.c:103:8: error: unknown type name 'inline'
    static inline void lock_loginit(void)
           ^
    errlog.c:107:8: error: unknown type name 'inline'
    static inline void unlock_loginit(void)
           ^
    errlog.c:447:8: error: unknown type name 'inline'
    static inline size_t get_log_timestamp(char *buffer, size_t buffer_size)
           ^
    errlog.c:447:21: error: expected ';' after top level declarator
    static inline size_t get_log_timestamp(char *buffer, size_t buffer_size)
                        ^
                        ;

3 years agoaction_render_string_filters_template(): Declare a variable at the beginning
Fabian Keil [Sat, 19 Dec 2020 15:59:48 +0000 (16:59 +0100)]
action_render_string_filters_template(): Declare a variable at the beginning

... of the function to silence a compiler warning when building with -std=c89:

   cc -c -pipe -fstack-protector-all -ggdb -Wshadow  -Wconversion -I/usr/local/include/  -pthread -Wall -std=c89   cgiedit.c -o cgiedit.o
   cgiedit.c:4436:9: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat]
      for (int i=0; i < SZ(desc); ++i)
           ^
   1 warning generated.

3 years agoAdd #178: Add a add-server-header{} action
Fabian Keil [Sat, 19 Dec 2020 09:44:33 +0000 (10:44 +0100)]
Add #178: Add a add-server-header{} action

3 years agoAdd #178: Warn on http://config.privoxy.org/client-tags
Fabian Keil [Fri, 18 Dec 2020 10:39:12 +0000 (11:39 +0100)]
Add #178: Warn on config.privoxy.org/client-tags

... if a Tag name has not at least one matching action section.

3 years agoAdd #177: Support https-inspection for intercepted requests
Fabian Keil [Fri, 18 Dec 2020 02:32:14 +0000 (03:32 +0100)]
Add #177: Support https-inspection for intercepted requests

3 years agoAdd #176: Find a new fiduciary sponsor as a replacement for Zwiebelfreunde e.V.
Fabian Keil [Fri, 18 Dec 2020 01:48:03 +0000 (02:48 +0100)]
Add #176: Find a new fiduciary sponsor as a replacement for Zwiebelfreunde e.V.

3 years agoAdd #175: Add more screenshots to the documentation and website
Fabian Keil [Sun, 13 Dec 2020 06:19:51 +0000 (07:19 +0100)]
Add #175: Add more screenshots to the documentation and website

3 years agoRemove #137
Fabian Keil [Fri, 18 Dec 2020 02:32:40 +0000 (03:32 +0100)]
Remove #137

A logo has been added recently to the website.

3 years agoconfigure: Update the link to the 'Removing outdated PCRE version ...' thread
Fabian Keil [Fri, 18 Dec 2020 09:48:28 +0000 (10:48 +0100)]
configure: Update the link to the 'Removing outdated PCRE version ...' thread

3 years agoRebuild docs
Fabian Keil [Thu, 17 Dec 2020 13:56:19 +0000 (14:56 +0100)]
Rebuild docs

3 years agoRebuild README
Fabian Keil [Wed, 16 Dec 2020 09:46:45 +0000 (10:46 +0100)]
Rebuild README

3 years agoCheck the chdir() return code
Fabian Keil [Thu, 17 Dec 2020 09:32:55 +0000 (10:32 +0100)]
Check the chdir() return code

... to fix the compiler warning:
   jcc.c: In function ‘main’:
   jcc.c:5185:7: warning: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Wunused-result]
          chdir("/");
          ^~~~~~~~~~

3 years agodeveloper-manual: Mention the directory from which to execute the commands to create...
Fabian Keil [Thu, 17 Dec 2020 11:52:57 +0000 (12:52 +0100)]
developer-manual: Mention the directory from which to execute the commands to create Debian packages

3 years agoRegenerate config file
Fabian Keil [Thu, 17 Dec 2020 10:00:42 +0000 (11:00 +0100)]
Regenerate config file

3 years agoMention regression-tests.action in the config file
Fabian Keil [Thu, 17 Dec 2020 09:54:44 +0000 (10:54 +0100)]
Mention regression-tests.action in the config file

3 years agoImprove the message shown when the client-tags CGI page is requested with no tags...
Fabian Keil [Thu, 17 Dec 2020 08:57:03 +0000 (09:57 +0100)]
Improve the message shown when the client-tags CGI page is requested with no tags configued

3 years agoUse the '/sponsor' redirect for the link to the sponsor page
Fabian Keil [Thu, 17 Dec 2020 07:21:28 +0000 (08:21 +0100)]
Use the '/sponsor' redirect for the link to the sponsor page

3 years agoExplicitly mention that access to the ca key should be limited to Privoxy
Fabian Keil [Thu, 17 Dec 2020 06:03:38 +0000 (07:03 +0100)]
Explicitly mention that access to the ca key should be limited to Privoxy

3 years agoGracefully handle existing website keys without matching certificates
Fabian Keil [Thu, 17 Dec 2020 03:57:04 +0000 (04:57 +0100)]
Gracefully handle existing website keys without matching certificates

This can happen if Privoxy was previously running with an invalid
TLS configuration that didn't allow it to create a certificate.

The problem can be reproduced manually by removing or renaming a
certificate while keeping the key.

Previously this would result in a confusing client error messages:

    fk@t520 ~ $curl -v --head https://www.electrobsd.org/
    * Uses proxy env variable https_proxy == 'http://127.0.1.1:8118/'
    *   Trying 127.0.1.1:8118...
    * Connected to 127.0.1.1 (127.0.1.1) port 8118 (#0)
    * allocate connect buffer!
    * Establish HTTP proxy tunnel to www.electrobsd.org:443
    > CONNECT www.electrobsd.org:443 HTTP/1.1
    > Host: www.electrobsd.org:443
    > User-Agent: curl/7.72.0
    > Proxy-Connection: Keep-Alive
    >
    < HTTP/1.1 200 Connection established
    HTTP/1.1 200 Connection established
    <

    * Proxy replied 200 to CONNECT request
    * CONNECT phase completed!
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * successfully set certificate verify locations:
    *   CAfile: /usr/local/share/certs/ca-root-nss.crt
      CApath: none
    * TLSv1.2 (OUT), TLS header, Certificate Status (22):
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.electrobsd.org:443
    * Closing connection 0
    curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.electrobsd.org:443

While the Privoxy log would say something like:
04:53:53.932 099 Error: Subject key was already created
04:53:53.932 099 Error: Loading webpage certificate /usr/local/etc/privoxy/CA/certs/6db5da8a16c246d1bd8c0fa7cd160a5b.crt failed: error:02001002:system library:fopen:No such file or directory
04:53:53.932 099 Error: Loading webpage certificate /usr/local/etc/privoxy/CA/certs/6db5da8a16c246d1bd8c0fa7cd160a5b.crt failed: error:20074002:BIO routines:file_ctrl:system lib
04:53:53.933 099 Error: Loading webpage certificate /usr/local/etc/privoxy/CA/certs/6db5da8a16c246d1bd8c0fa7cd160a5b.crt failed: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
04:53:53.933 099 Error: Failed to open a secure connection with the client

Instead of failing, just remove the key and continue.

3 years agoList more client-specific-tag examples for inspiration
Fabian Keil [Wed, 16 Dec 2020 19:10:01 +0000 (20:10 +0100)]
List more client-specific-tag examples for inspiration

3 years agoFix grammar
Fabian Keil [Wed, 16 Dec 2020 19:07:53 +0000 (20:07 +0100)]
Fix grammar