privoxy.git
4 years agosend_crunch_response(): Log the whole URL for inspected https requests
Fabian Keil [Fri, 15 May 2020 10:52:30 +0000 (12:52 +0200)]
send_crunch_response(): Log the whole URL for inspected https requests

Sponsored by: Robert Klemme

4 years agoLog complete https request lines with LOG_LEVEL_CLF
Fabian Keil [Wed, 13 May 2020 09:53:12 +0000 (11:53 +0200)]
Log complete https request lines with LOG_LEVEL_CLF

... at the end of handle_established_connection().

Sponsored by: Robert Klemme

4 years agoImprove ssl_send_certificate_error()'s description
Fabian Keil [Fri, 15 May 2020 11:05:51 +0000 (13:05 +0200)]
Improve ssl_send_certificate_error()'s description

Sponsored by: Robert Klemme

4 years agoSimplify free_certificate_chain()
Fabian Keil [Thu, 14 May 2020 11:51:52 +0000 (13:51 +0200)]
Simplify free_certificate_chain()

Sponsored by: Robert Klemme

4 years agoSimplify code in handle_established_connection()
Fabian Keil [Sat, 29 Feb 2020 20:13:58 +0000 (21:13 +0100)]
Simplify code in handle_established_connection()

Sponsored by: Robert Klemme

4 years agossl_verify_callback(): Log when mbedtls_pem_write_buffer() fails
Fabian Keil [Wed, 4 Mar 2020 15:01:23 +0000 (16:01 +0100)]
ssl_verify_callback(): Log when mbedtls_pem_write_buffer() fails

Sponsored by: Robert Klemme

4 years agoRemove #16 'Filter SSL encrypted content as well' which is mostly implemented
Fabian Keil [Tue, 12 May 2020 22:31:38 +0000 (00:31 +0200)]
Remove #16 'Filter SSL encrypted content as well' which is mostly implemented

4 years agoAdd donor John Palkovic as contributor
Fabian Keil [Tue, 12 May 2020 11:45:59 +0000 (13:45 +0200)]
Add donor John Palkovic as contributor

4 years agoBump copyright
Fabian Keil [Tue, 12 May 2020 10:57:26 +0000 (12:57 +0200)]
Bump copyright

4 years agoAllow to configure https-inspection and ignore-certificate-errors with the CGI editor
Fabian Keil [Mon, 2 Mar 2020 11:15:05 +0000 (12:15 +0100)]
Allow to configure https-inspection and ignore-certificate-errors with the CGI editor

Sponsored by: Robert Klemme

4 years agosed_https(): Update the last https header after running sed()
Fabian Keil [Tue, 14 Apr 2020 12:15:56 +0000 (14:15 +0200)]
sed_https(): Update the last https header after running sed()

This is necessary because addtional header may have been added.

Fixes a crash triggered by an assertion.

Reported by:  Nedžad Hrnjica
Sponsored by: Robert Klemme

4 years agoFix a comment typo in sed_https()
Fabian Keil [Tue, 14 Apr 2020 12:09:31 +0000 (14:09 +0200)]
Fix a comment typo in sed_https()

4 years agoUpdate to upstream git ec5b42 and to Debian version 3.0.28-3.
Roland Rosenfeld [Sat, 4 Apr 2020 12:49:35 +0000 (14:49 +0200)]
Update to upstream git ec5b42 and to Debian version 3.0.28-3.

4 years agoRebuild docs
Fabian Keil [Thu, 12 Mar 2020 09:39:18 +0000 (10:39 +0100)]
Rebuild docs

4 years agoRemove www.vpnranks.com/ from the sponsor list
Fabian Keil [Thu, 12 Mar 2020 09:36:02 +0000 (10:36 +0100)]
Remove www.vpnranks.com/ from the sponsor list

4 years agoDon't claim that contributors need ssh
Fabian Keil [Fri, 6 Mar 2020 13:01:49 +0000 (14:01 +0100)]
Don't claim that contributors need ssh

It's only neede for committers.

4 years agoReplace obsolete CVS instructions with Git instructions
Fabian Keil [Fri, 6 Mar 2020 12:37:11 +0000 (13:37 +0100)]
Replace obsolete CVS instructions with Git instructions

4 years agoRemove a reference to CVS, we use Git now
Fabian Keil [Fri, 6 Mar 2020 12:30:36 +0000 (13:30 +0100)]
Remove a reference to CVS, we use Git now

4 years agoRemove an obsolete comment
Fabian Keil [Fri, 6 Mar 2020 12:27:46 +0000 (13:27 +0100)]
Remove an obsolete comment

4 years agoRemove a reference to CVS, we use Git now
Fabian Keil [Fri, 6 Mar 2020 12:27:34 +0000 (13:27 +0100)]
Remove a reference to CVS, we use Git now

4 years agoAdd a missing call to close_client_ssl_connection()
Fabian Keil [Tue, 10 Mar 2020 14:06:38 +0000 (15:06 +0100)]
Add a missing call to close_client_ssl_connection()

... to fix a memory leak.

Sponsored by: Robert Klemme

4 years agoprocess_encrypted_request(): Don't send an error response in case of unsupported...
Fabian Keil [Tue, 3 Mar 2020 11:26:33 +0000 (12:26 +0100)]
process_encrypted_request(): Don't send an error response in case of unsupported protocols

client_protocol_is_unsupported() already takes care of that.

Sponsored by: Robert Klemme

4 years agoclient_protocol_is_unsupported(): Send encrypted error message when necessary
Fabian Keil [Tue, 3 Mar 2020 11:21:32 +0000 (12:21 +0100)]
client_protocol_is_unsupported(): Send encrypted error message when necessary

Sponsored by: Robert Klemme

4 years agoprocess_encrypted_request(): Add more log messages in case of errors
Fabian Keil [Tue, 3 Mar 2020 11:17:45 +0000 (12:17 +0100)]
process_encrypted_request(): Add more log messages in case of errors

Sponsored by: Robert Klemme

4 years agohandle_established_connection(): Remove superfluous calls to close_client_and_server_...
Fabian Keil [Tue, 3 Mar 2020 10:27:07 +0000 (11:27 +0100)]
handle_established_connection(): Remove superfluous calls to close_client_and_server_ssl_connections()

... in the !client_use_ssl(csp) paths.

Sponsored by: Robert Klemme

4 years agohandle_established_connection(): Adjust indentation after 054d756c1ca
Fabian Keil [Tue, 3 Mar 2020 10:14:56 +0000 (11:14 +0100)]
handle_established_connection(): Adjust indentation after 054d756c1ca

No functional change.

Sponsored by: Robert Klemme

4 years agosend_https_request(): Don't call close_client_and_server_ssl_connections()
Fabian Keil [Tue, 3 Mar 2020 10:04:34 +0000 (11:04 +0100)]
send_https_request(): Don't call close_client_and_server_ssl_connections()

... inconsistenly. The caller already does it.

Sponsored by: Robert Klemme

4 years agoAdd a missing call to close_client_and_server_ssl_connections()
Fabian Keil [Mon, 2 Mar 2020 15:45:22 +0000 (16:45 +0100)]
Add a missing call to close_client_and_server_ssl_connections()

Not calling it caused memory leaks.

Sponsored by: Robert Klemme

4 years agodecompress_iob(): Free the temporary buffer when the buffer limit is reached
Fabian Keil [Mon, 2 Mar 2020 17:14:29 +0000 (18:14 +0100)]
decompress_iob(): Free the temporary buffer when the buffer limit is reached

... instead of leaking it.

Sponsored by: Robert Klemme

4 years agofree_csp_resources(): Destroy csp->client_tags
Fabian Keil [Mon, 2 Mar 2020 12:05:13 +0000 (13:05 +0100)]
free_csp_resources(): Destroy csp->client_tags

Fixes a memory leak when client tags are active.

Sponsored by: Robert Klemme

4 years agounload_configfile(): Use unload_forward_spec() instead of doing the work itself
Fabian Keil [Mon, 2 Mar 2020 11:36:40 +0000 (12:36 +0100)]
unload_configfile(): Use unload_forward_spec() instead of doing the work itself

... poorly. Previously the socks user name and password were leaked.

Sponsored by: Robert Klemme

4 years agounload_configfile(): free config->cors_allowed_origin
Fabian Keil [Mon, 2 Mar 2020 11:27:47 +0000 (12:27 +0100)]
unload_configfile(): free config->cors_allowed_origin

Fixes a small memory leak when reloading the config.

Sponsored by: Robert Klemme

4 years agofree_csp_resources(): Destroy csp->https_headers
Fabian Keil [Sun, 1 Mar 2020 15:40:01 +0000 (16:40 +0100)]
free_csp_resources(): Destroy csp->https_headers

Fixes a memory leak.

Sponsored by: Robert Klemme

4 years agohandle_established_connection(): Don't mess with csp->ssl_with_(server|client)_is_opened
Fabian Keil [Sun, 1 Mar 2020 14:31:24 +0000 (15:31 +0100)]
handle_established_connection(): Don't mess with csp->ssl_with_(server|client)_is_opened

This was a mismerge in 2111876638. The original code did
it in chat() were it doesn't hurt. Actually we don't need
to do it at all, as the variables are initialized to 0.

Zeroing the variables in handle_established_connection()
caused memory leaks as close_server_ssl_connection() and
close_client_ssl_connection() returned early,

Sponsored by: Robert Klemme

4 years agohandle_established_connection(): Remove pointless code
Fabian Keil [Sat, 29 Feb 2020 20:05:37 +0000 (21:05 +0100)]
handle_established_connection(): Remove pointless code

Sponsored by: Robert Klemme

4 years agoload_config(): Plug memory leaks
Fabian Keil [Sun, 1 Mar 2020 08:53:34 +0000 (09:53 +0100)]
load_config(): Plug memory leaks

Sponsored by: Robert Klemme

4 years agoSet the "Subject Alt Name" extension to when generating certificates
root [Fri, 28 Feb 2020 08:16:49 +0000 (08:16 +0000)]
Set the "Subject Alt Name" extension to when generating certificates

This is apparently required for the certificates to
be accepted by Chromium-based browsers.

Based on a patch by Nedžad Hrnjica.

Sponsored by: Robert Klemme

4 years agofinish_http_response(): Plug memory leak with CORS enabled
Fabian Keil [Sat, 29 Feb 2020 08:49:39 +0000 (09:49 +0100)]
finish_http_response(): Plug memory leak with CORS enabled

Introduced in 9fd58c0d, not in any release.

Fixes CID 267166 "Resource leaks".

4 years agoget_certificate_serial(): Remove dead code
Fabian Keil [Fri, 28 Feb 2020 12:39:58 +0000 (13:39 +0100)]
get_certificate_serial(): Remove dead code

Fixes CID 267164 "Logically dead code".

Sponsored by: Robert Klemme

4 years agohandle_established_connection(): Remove pointless increments of n
Fabian Keil [Fri, 28 Feb 2020 12:12:38 +0000 (13:12 +0100)]
handle_established_connection(): Remove pointless increments of n

Fixes CID267170 "Uninitialized scalar variable".

Sponsored by: Robert Klemme

4 years agoOnly execute the dumb CONNECT method test when FEATURE_HTTPS_INSPECTION is unavailable
Fabian Keil [Fri, 28 Feb 2020 07:42:05 +0000 (08:42 +0100)]
Only execute the dumb CONNECT method test when FEATURE_HTTPS_INSPECTION is unavailable

With FEATURE_HTTPS_INSPECTION the test is aborted with
a timeout because Privoxy is waiting for an encrypted
request which doesn't come.

Sponsored by: Robert Klemme

4 years agoUnblock 'ada*.'
Fabian Keil [Fri, 28 Feb 2020 07:32:49 +0000 (08:32 +0100)]
Unblock 'ada*.'

4 years agoIf the amount of encrypted POST data left is known, don't read more than this
Fabian Keil [Wed, 26 Feb 2020 07:50:27 +0000 (08:50 +0100)]
If the amount of encrypted POST data left is known, don't read more than this

Sponsored by: Robert Klemme

4 years agogenerate_webpage_certificate(): Include the time in the serial number
Fabian Keil [Thu, 27 Feb 2020 10:43:35 +0000 (11:43 +0100)]
generate_webpage_certificate(): Include the time in the serial number

... to make sure the serial number changes when the certificate
is regenerated.

Sponsored by: Robert Klemme

4 years agogenerate_webpage_certificate(): Return earlier if a valid certificate already exists
Fabian Keil [Thu, 27 Feb 2020 10:29:18 +0000 (11:29 +0100)]
generate_webpage_certificate(): Return earlier if a valid certificate already exists

If the certificate is no longer valid, clear the key file, too.

Sponsored by: Robert Klemme

4 years agoGenerate the "valid from" and "valid to" date of certificates based on the current...
Fabian Keil [Thu, 27 Feb 2020 09:55:07 +0000 (10:55 +0100)]
Generate the "valid from" and "valid to" date of certificates based on the current time

Previously certificates were always valid until 2040 which
seems a tad long.

Now the certificates are valid for 90 days.

Sponsored by: Robert Klemme

4 years agoDetect invalid certificates and create new ones
Fabian Keil [Thu, 27 Feb 2020 08:56:01 +0000 (09:56 +0100)]
Detect invalid certificates and create new ones

Currently certificates are considered valid if they can
be parsed and have a "valid to" date in the future.

Sponsored by: Robert Klemme

4 years agoBump copyright
Fabian Keil [Wed, 26 Feb 2020 16:52:39 +0000 (17:52 +0100)]
Bump copyright

4 years agosed_https(): Clear the existing tags before calling sed()
Fabian Keil [Wed, 26 Feb 2020 14:42:48 +0000 (15:42 +0100)]
sed_https(): Clear the existing tags before calling sed()

This makes sure tagging based on the encrypted client
headers works even if a tag has already been set based
on the unencrypted ones.

Sponsored by: Robert Klemme

4 years agosed_https(): Unset CSP_FLAG_CLIENT_HEADER_PARSING_DONE
Fabian Keil [Wed, 26 Feb 2020 14:35:28 +0000 (15:35 +0100)]
sed_https(): Unset CSP_FLAG_CLIENT_HEADER_PARSING_DONE

... to make sure we're applying client header taggers and filters.

Sponsored by: Robert Klemme

4 years agossl_send_certificate_error(): Don't sleep
Fabian Keil [Wed, 26 Feb 2020 13:57:38 +0000 (14:57 +0100)]
ssl_send_certificate_error(): Don't sleep

Supposedly some clients once apon a time needed
the delay but it's unclear which. Let's see if
any show up.

Sponsored by: Robert Klemme

4 years agossl_send_certificate_error(): Be more precise
Fabian Keil [Wed, 26 Feb 2020 13:28:18 +0000 (14:28 +0100)]
ssl_send_certificate_error(): Be more precise

An invalid certificate is only one of the reasons
why the certificate verification may fail.

Sponsored by: Robert Klemme

4 years agoWhen logging that the certificate verifcation failed, mention the host
Fabian Keil [Wed, 26 Feb 2020 13:02:48 +0000 (14:02 +0100)]
When logging that the certificate verifcation failed, mention the host

Sponsored by: Robert Klemme

4 years agoOnly use certificate_mutex and rng_mutex when needed
Fabian Keil [Wed, 26 Feb 2020 09:07:05 +0000 (10:07 +0100)]
Only use certificate_mutex and rng_mutex when needed

Previously they were defined and initialized unconditionally.

Sponsored by: Robert Klemme

4 years agoUse a single mutex for the certificate generation
Fabian Keil [Wed, 26 Feb 2020 09:02:11 +0000 (10:02 +0100)]
Use a single mutex for the certificate generation

It is fast enough so there is no need to complicate
things with up to 65536 different mutexes.

Sponsored by: Robert Klemme

4 years agoTurn lack of md5 support in mbedTLS into a compile error
Fabian Keil [Wed, 26 Feb 2020 08:49:03 +0000 (09:49 +0100)]
Turn lack of md5 support in mbedTLS into a compile error

Previously the TLS code simply wouldn't work properly.

Sponsored by: Robert Klemme

4 years agoRemove #95 which is obsolete now that we support proper https inspection
Fabian Keil [Wed, 26 Feb 2020 08:07:57 +0000 (09:07 +0100)]
Remove #95 which is obsolete now that we support proper https inspection

4 years agoRebuild config file
Fabian Keil [Tue, 25 Feb 2020 21:18:37 +0000 (22:18 +0100)]
Rebuild config file

Sponsored by: Robert Klemme

4 years agoRebuild docs
Fabian Keil [Tue, 25 Feb 2020 21:13:48 +0000 (22:13 +0100)]
Rebuild docs

Sponsored by: Robert Klemme

4 years agoRename +enable-https-filtering to +https-inspection
Fabian Keil [Tue, 25 Feb 2020 21:07:41 +0000 (22:07 +0100)]
Rename +enable-https-filtering to +https-inspection

... which is more precise.

Sponsored by: Robert Klemme

4 years agoRename FEATURE_HTTPS_FILTERING to FEATURE_HTTPS_INSPECTION
Fabian Keil [Tue, 25 Feb 2020 20:51:59 +0000 (21:51 +0100)]
Rename FEATURE_HTTPS_FILTERING to FEATURE_HTTPS_INSPECTION

... which is more precise.

Sponsored by: Robert Klemme

4 years agoNote that enable-https-filtering{} has to be enabled based on the CONNECT request
Fabian Keil [Tue, 25 Feb 2020 19:45:19 +0000 (20:45 +0100)]
Note that enable-https-filtering{} has to be enabled based on the CONNECT request

Sponsored by: Robert Klemme

4 years agoprocess_encrypted_request(): Log applied actions when requested
Fabian Keil [Tue, 25 Feb 2020 17:17:47 +0000 (18:17 +0100)]
process_encrypted_request(): Log applied actions when requested

Sponsored by: Robert Klemme

4 years agoprocess_encrypted_request(): Don't call init_current_action() when toggled off
Fabian Keil [Tue, 25 Feb 2020 17:11:47 +0000 (18:11 +0100)]
process_encrypted_request(): Don't call init_current_action() when toggled off

By the time the function is called the actions are already
initialized.

Sponsored by: Robert Klemme

4 years agoget_url_actions(): Don't initialize actions when called the second time
Fabian Keil [Tue, 25 Feb 2020 16:54:34 +0000 (17:54 +0100)]
get_url_actions(): Don't initialize actions when called the second time

Sponsored by: Robert Klemme

4 years agoFix location of curly brace and normalize white space
Fabian Keil [Tue, 25 Feb 2020 15:34:41 +0000 (16:34 +0100)]
Fix location of curly brace and normalize white space

4 years agoBump copyright
Fabian Keil [Tue, 25 Feb 2020 15:27:09 +0000 (16:27 +0100)]
Bump copyright

4 years agoDeal with invalid certificates in case of forwarded requests
Fabian Keil [Tue, 25 Feb 2020 12:37:22 +0000 (13:37 +0100)]
Deal with invalid certificates in case of forwarded requests

... by sending the details of the verification failure
and the certificates.

Sponsored by: Robert Klemme

4 years agocreate_server_ssl_connection(): If the certificate is invalid, log the details
Fabian Keil [Sun, 23 Feb 2020 12:00:04 +0000 (13:00 +0100)]
create_server_ssl_connection(): If the certificate is invalid, log the details

Sponsored by: Robert Klemme

4 years agoRemove obsolete comment
Fabian Keil [Tue, 25 Feb 2020 12:35:37 +0000 (13:35 +0100)]
Remove obsolete comment

4 years agofree_server_ssl_structures(): Mark the correct socket as invalid
Fabian Keil [Tue, 25 Feb 2020 12:23:32 +0000 (13:23 +0100)]
free_server_ssl_structures(): Mark the correct socket as invalid

Sponsored by: Robert Klemme

4 years agoAdd a missing 'the' to a log message
Fabian Keil [Tue, 25 Feb 2020 12:20:54 +0000 (13:20 +0100)]
Add a missing 'the' to a log message

4 years agoAdd receive_and_send_encrypted_post_data()
Fabian Keil [Mon, 24 Feb 2020 12:12:39 +0000 (13:12 +0100)]
Add receive_and_send_encrypted_post_data()

... to deal with POST data that isn't read together
with the request headers.

Sponsored by: Robert Klemme

4 years agossl_send_data(): Log the data before writing
Fabian Keil [Tue, 25 Feb 2020 11:52:39 +0000 (12:52 +0100)]
ssl_send_data(): Log the data before writing

Sponsored by: Robert Klemme

4 years agossl_recv_data(): Log the received data
Fabian Keil [Tue, 25 Feb 2020 11:50:48 +0000 (12:50 +0100)]
ssl_recv_data(): Log the received data

Sponsored by: Robert Klemme

4 years agoFix a comment typo
Fabian Keil [Sun, 23 Feb 2020 11:13:40 +0000 (12:13 +0100)]
Fix a comment typo

4 years agoFix a comment typo
Fabian Keil [Sun, 23 Feb 2020 11:07:26 +0000 (12:07 +0100)]
Fix a comment typo

4 years agoReduce spaces
Fabian Keil [Sat, 22 Feb 2020 22:19:02 +0000 (23:19 +0100)]
Reduce spaces

4 years agoFix a comment typo
Fabian Keil [Sat, 22 Feb 2020 21:56:32 +0000 (22:56 +0100)]
Fix a comment typo

4 years agoImprove a comment
Fabian Keil [Sat, 22 Feb 2020 21:50:27 +0000 (22:50 +0100)]
Improve a comment

4 years agoBump copyright
Fabian Keil [Sat, 22 Feb 2020 21:49:01 +0000 (22:49 +0100)]
Bump copyright

4 years agossl_send_data(): Consistently return -1 in case of errors
Fabian Keil [Sat, 22 Feb 2020 21:02:16 +0000 (22:02 +0100)]
ssl_send_data(): Consistently return -1 in case of errors

... instead of passing on the MBEDTLS_ERR_* value which
the caller doesn't need to know.

Sponsored by: Robert Klemme

4 years agossl_recv_data(): Properly handle MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
Fabian Keil [Sat, 22 Feb 2020 19:53:48 +0000 (20:53 +0100)]
ssl_recv_data(): Properly handle MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY

Previously ssl_recv_data() would pass it to the caller
which would treat it as an error.

Sponsored by: Robert Klemme

4 years agoUnbreak the build without FEATURE_HTTPS_FILTERING
Fabian Keil [Sat, 22 Feb 2020 16:28:31 +0000 (17:28 +0100)]
Unbreak the build without FEATURE_HTTPS_FILTERING

4 years agoDon't crash when blocking a CONNECT request with https filtering enabled
Fabian Keil [Sat, 22 Feb 2020 13:38:16 +0000 (14:38 +0100)]
Don't crash when blocking a CONNECT request with https filtering enabled

Previously ssl_send_data() was called before the TLS context was
setup which resulted in a segfault in mbedtls_ssl_get_max_frag_len().

4 years agoBump copyright
Fabian Keil [Fri, 21 Feb 2020 15:48:51 +0000 (16:48 +0100)]
Bump copyright

4 years agoRegenerate docs
Fabian Keil [Fri, 21 Feb 2020 15:41:33 +0000 (16:41 +0100)]
Regenerate docs

4 years agoProperly link to the TLS section of the config file
Fabian Keil [Fri, 21 Feb 2020 15:40:47 +0000 (16:40 +0100)]
Properly link to the TLS section of the config file

4 years agoFix links to the enable-https-filtering action
Fabian Keil [Fri, 21 Feb 2020 15:35:23 +0000 (16:35 +0100)]
Fix links to the enable-https-filtering action

4 years agoAdd a missing anchor
Fabian Keil [Fri, 21 Feb 2020 15:32:35 +0000 (16:32 +0100)]
Add a missing anchor

4 years agoRebuild config file
Fabian Keil [Thu, 20 Feb 2020 16:38:54 +0000 (17:38 +0100)]
Rebuild config file

4 years agoRebuild docs
Fabian Keil [Thu, 20 Feb 2020 16:37:19 +0000 (17:37 +0100)]
Rebuild docs

4 years agoconfig: Fix typo
Fabian Keil [Fri, 21 Feb 2020 14:49:20 +0000 (15:49 +0100)]
config: Fix typo

4 years agoconfig: Mention that the certificate-directory is only used when https filtering
Fabian Keil [Fri, 21 Feb 2020 14:48:29 +0000 (15:48 +0100)]
config: Mention that the certificate-directory is only used when https filtering

4 years agoconfig: Improve the description of the ca-cert-file directive
Fabian Keil [Fri, 21 Feb 2020 14:44:35 +0000 (15:44 +0100)]
config: Improve the description of the ca-cert-file directive

4 years agoconfig: Note that Privoxy does not automatically clear website certiificates
Fabian Keil [Thu, 20 Feb 2020 16:31:52 +0000 (17:31 +0100)]
config: Note that Privoxy does not automatically clear website certiificates

... when the CA key and certificate are changed.

4 years agoBump coypright
Fabian Keil [Wed, 19 Feb 2020 16:36:25 +0000 (17:36 +0100)]
Bump coypright

4 years agoNote that access to certificate-directory and ca-directory should be limited
Fabian Keil [Wed, 19 Feb 2020 14:01:45 +0000 (15:01 +0100)]
Note that access to certificate-directory and ca-directory should be limited

... to Privoxy and the Privoxy admin.

4 years agogenerate_key(): Change argument order to be more consistent
Fabian Keil [Wed, 19 Feb 2020 12:17:16 +0000 (13:17 +0100)]
generate_key(): Change argument order to be more consistent

4 years agopcrs.h: Add copyright and license
Fabian Keil [Fri, 21 Feb 2020 14:30:55 +0000 (15:30 +0100)]
pcrs.h: Add copyright and license