privoxy.git
3 years agoRegenerate HTML man page
Fabian Keil [Mon, 30 Nov 2020 10:13:04 +0000 (11:13 +0100)]
Regenerate HTML man page

3 years agoBelatedly regenerate the man page for 3.0.29 stable
Fabian Keil [Mon, 30 Nov 2020 10:00:26 +0000 (11:00 +0100)]
Belatedly regenerate the man page for 3.0.29 stable

3 years agoUpdate RSS feed for the 3.0.29 releases
Fabian Keil [Sun, 29 Nov 2020 15:26:00 +0000 (16:26 +0100)]
Update RSS feed for the 3.0.29 releases

3 years agoAdd #166: Figure out how to ship Windows binaries with external libraries v_3_0_29
Fabian Keil [Wed, 25 Nov 2020 14:17:47 +0000 (15:17 +0100)]
Add #166: Figure out how to ship Windows binaries with external libraries

3 years agoRebuild documentation with updated changes for 3.0.29 stable
Fabian Keil [Wed, 25 Nov 2020 12:20:39 +0000 (13:20 +0100)]
Rebuild documentation with updated changes for 3.0.29 stable

3 years agoImport ChangeLog entries from 3.0.29 stable
Fabian Keil [Wed, 25 Nov 2020 11:37:44 +0000 (12:37 +0100)]
Import ChangeLog entries from 3.0.29 stable

3 years agochangelog2doc.pl: Don't confuse configure flags with ChangeLog items that need indent...
Fabian Keil [Wed, 25 Nov 2020 12:19:16 +0000 (13:19 +0100)]
changelog2doc.pl: Don't confuse configure flags with ChangeLog items that need indentation

3 years agoUpdate the announcement for 3.0.29 stable
Fabian Keil [Wed, 25 Nov 2020 11:25:33 +0000 (12:25 +0100)]
Update the announcement for 3.0.29 stable

3 years agoBump copyright
Fabian Keil [Sun, 11 Oct 2020 09:41:57 +0000 (11:41 +0200)]
Bump copyright

3 years agoAdd ChangeLog entries for 3.0.29 stable
Fabian Keil [Sun, 11 Oct 2020 09:41:41 +0000 (11:41 +0200)]
Add ChangeLog entries for 3.0.29 stable

3 years agoRebuild user manual with typo fix
Fabian Keil [Tue, 24 Nov 2020 16:46:01 +0000 (17:46 +0100)]
Rebuild user manual with typo fix

3 years agoRebuild config file
Fabian Keil [Tue, 24 Nov 2020 16:45:05 +0000 (17:45 +0100)]
Rebuild config file

3 years agoFix commment typo
Fabian Keil [Tue, 24 Nov 2020 16:45:42 +0000 (17:45 +0100)]
Fix commment typo

3 years agoFix typo
Fabian Keil [Tue, 24 Nov 2020 16:43:49 +0000 (17:43 +0100)]
Fix typo

3 years agoFix comment typos
Fabian Keil [Tue, 24 Nov 2020 16:25:49 +0000 (17:25 +0100)]
Fix comment typos

3 years agoFix comment typo
Fabian Keil [Tue, 24 Nov 2020 16:24:45 +0000 (17:24 +0100)]
Fix comment typo

3 years agoRebuild config file
Fabian Keil [Mon, 23 Nov 2020 11:22:12 +0000 (12:22 +0100)]
Rebuild config file

3 years agoRebuild docs for 3.0.29 stable
Fabian Keil [Mon, 23 Nov 2020 11:20:26 +0000 (12:20 +0100)]
Rebuild docs for 3.0.29 stable

3 years agoBump SMGL entities for 3.0.29 stable
Fabian Keil [Mon, 23 Nov 2020 11:16:13 +0000 (12:16 +0100)]
Bump SMGL entities for 3.0.29 stable

3 years agoMention that FEATURE_HTTPS_INSPECTION is required for https inspection to work
Fabian Keil [Mon, 23 Nov 2020 11:11:57 +0000 (12:11 +0100)]
Mention that FEATURE_HTTPS_INSPECTION is required for https inspection to work

3 years agoRename section 7 to 'HTTPS Inspection'
Fabian Keil [Mon, 23 Nov 2020 11:06:46 +0000 (12:06 +0100)]
Rename section 7 to 'HTTPS Inspection'

3 years agoMention https inspection as new feature
Fabian Keil [Fri, 20 Nov 2020 15:22:15 +0000 (16:22 +0100)]
Mention https inspection as new feature

3 years agoAdd #165: Add a max-connections-per-client directive
Fabian Keil [Thu, 19 Nov 2020 13:52:10 +0000 (14:52 +0100)]
Add #165: Add a max-connections-per-client directive

3 years agoBump version to 3.0.29 stable
Fabian Keil [Thu, 19 Nov 2020 03:49:44 +0000 (04:49 +0100)]
Bump version to 3.0.29 stable

3 years agoNote that sponsor levels 'Gold' and 'Silver' don't require a logo link
Fabian Keil [Thu, 19 Nov 2020 03:45:45 +0000 (04:45 +0100)]
Note that sponsor levels 'Gold' and 'Silver' don't require a logo link

3 years agoDon't claim that the logo will be shown randomly for sponsor level 'Silver'
Fabian Keil [Thu, 19 Nov 2020 03:42:51 +0000 (04:42 +0100)]
Don't claim that the logo will be shown randomly for sponsor level 'Silver'

The website is static and is unlikely to become dynamic in the
near future.

3 years agoAfter detecting OpenSSL/LibreSSL explicitly mention the "special exception" from...
Fabian Keil [Wed, 18 Nov 2020 19:05:22 +0000 (20:05 +0100)]
After detecting OpenSSL/LibreSSL explicitly mention the "special exception" from section 3 of the GPLv2

3 years agoBump SOURCE_DATE_EPOCH
Fabian Keil [Wed, 18 Nov 2020 10:33:24 +0000 (11:33 +0100)]
Bump SOURCE_DATE_EPOCH

3 years agoRebuild FAQ without Zwiebelfreunde e.V. information
Fabian Keil [Wed, 18 Nov 2020 10:56:04 +0000 (11:56 +0100)]
Rebuild FAQ without Zwiebelfreunde e.V. information

3 years agoRemove Zwiebelfreunde e.V. from the list of fiduciary sponsors
Fabian Keil [Wed, 18 Nov 2020 09:37:24 +0000 (10:37 +0100)]
Remove Zwiebelfreunde e.V. from the list of fiduciary sponsors

As of 2021 they no longer handle donations for foreign organisations
due to lack of resources.

3 years agoOnly set SOURCE_DATE_EPOCH if it's not already set
Fabian Keil [Thu, 12 Nov 2020 09:54:14 +0000 (10:54 +0100)]
Only set SOURCE_DATE_EPOCH if it's not already set

... so distributions can overwrite it through the environment.

3 years agoRemove list_to_text() from the list of supposedly declared functions
Fabian Keil [Tue, 10 Nov 2020 12:58:48 +0000 (13:58 +0100)]
Remove list_to_text() from the list of supposedly declared functions

3 years agoget_request_destination_elsewhere(): Prevent unlikely dereference of a NULL-pointer
Fabian Keil [Tue, 10 Nov 2020 12:50:59 +0000 (13:50 +0100)]
get_request_destination_elsewhere(): Prevent unlikely dereference of a NULL-pointer

... if getting the destination fails and list_to_text() fails
as well.

CID 267165

3 years agocgi_show_client_tags(): Plug memory leaks
Fabian Keil [Tue, 10 Nov 2020 11:33:53 +0000 (12:33 +0100)]
cgi_show_client_tags(): Plug memory leaks

CID 267168

3 years agoPlug another memory leak in cgi_show_status()
Fabian Keil [Tue, 10 Nov 2020 11:22:04 +0000 (12:22 +0100)]
Plug another memory leak in cgi_show_status()

CID 305233

3 years agossl_send_certificate_error(): Cast ssl_send_data() return code to void
Fabian Keil [Tue, 10 Nov 2020 10:54:55 +0000 (11:54 +0100)]
ssl_send_certificate_error(): Cast ssl_send_data() return code to void

... to silence CID 305232.

3 years agoPlug memory leak in cgi_show_status()
Fabian Keil [Tue, 10 Nov 2020 10:47:18 +0000 (11:47 +0100)]
Plug memory leak in cgi_show_status()

CID 305233

3 years agoFix memory leak in cgi_show_status() with extended statistics enabled
Fabian Keil [Tue, 10 Nov 2020 10:37:21 +0000 (11:37 +0100)]
Fix memory leak in cgi_show_status() with extended statistics enabled

CID 305235

3 years agoRegenerate docs with updated license explanation
Fabian Keil [Thu, 5 Nov 2020 11:25:03 +0000 (12:25 +0100)]
Regenerate docs with updated license explanation

3 years agoComplicate the license explanation even further
Fabian Keil [Thu, 5 Nov 2020 11:19:06 +0000 (12:19 +0100)]
Complicate the license explanation even further

The GPLv3 only has to be used if the MbedTLS version
is licensed under the Apache 2.0 license which will
be the case for future releases.

At the moment the 2.16 releases are still dual licensed.

3 years agoUnblock .tagesschau.de/
Fabian Keil [Fri, 30 Oct 2020 08:08:20 +0000 (09:08 +0100)]
Unblock .tagesschau.de/

3 years agoBlock requests to pixel.wp.com/
Fabian Keil [Sun, 18 Oct 2020 09:06:02 +0000 (11:06 +0200)]
Block requests to pixel.wp.com/

3 years agoRemove the reference to a non-existant 'hash' program in a comment
Fabian Keil [Sat, 10 Oct 2020 06:20:25 +0000 (08:20 +0200)]
Remove the reference to a non-existant 'hash' program in a comment

4 years agoBlock requests to /(.*/)?piwik\.php
Fabian Keil [Wed, 16 Sep 2020 12:20:45 +0000 (14:20 +0200)]
Block requests to /(.*/)?piwik\.php

4 years agoDisable fast-redirects for .librarything.com/
Fabian Keil [Wed, 7 Oct 2020 17:59:34 +0000 (19:59 +0200)]
Disable fast-redirects for .librarything.com/

4 years agoBlock requests to .connectaserver.de/
Fabian Keil [Wed, 7 Oct 2020 09:29:22 +0000 (11:29 +0200)]
Block requests to .connectaserver.de/

4 years agoRebuild config file
Fabian Keil [Tue, 6 Oct 2020 14:07:38 +0000 (16:07 +0200)]
Rebuild config file

4 years agoRebuild docs
Fabian Keil [Tue, 6 Oct 2020 14:04:58 +0000 (16:04 +0200)]
Rebuild docs

4 years agoAdd documentation for the cipher-list directive
Fabian Keil [Tue, 6 Oct 2020 14:04:08 +0000 (16:04 +0200)]
Add documentation for the cipher-list directive

4 years agoAdd a cipher-list directive to specify the ciphers used
Fabian Keil [Tue, 6 Oct 2020 11:28:14 +0000 (13:28 +0200)]
Add a cipher-list directive to specify the ciphers used

... in the TLS handshake.

The get_ciphersuites_from_string() function in the
MbedTLS code is based on code contributed by Václav Švec.

4 years agoUse 'Example' (singular) in sections that only contain one example
Fabian Keil [Tue, 6 Oct 2020 13:54:44 +0000 (15:54 +0200)]
Use 'Example' (singular) in sections that only contain one example

4 years agoFix white-space
Fabian Keil [Tue, 6 Oct 2020 11:35:09 +0000 (13:35 +0200)]
Fix white-space

4 years agoDisable fast-redirects for issue.freebsdfoundation.org/
Fabian Keil [Sun, 4 Oct 2020 10:22:16 +0000 (12:22 +0200)]
Disable fast-redirects for issue.freebsdfoundation.org/

4 years agoLowercase the host name in functions that set it
Fabian Keil [Sat, 3 Oct 2020 18:17:48 +0000 (20:17 +0200)]
Lowercase the host name in functions that set it

In case of get_destination_from_https_headers() it's important
to get stable hashes for certificates.

In case of get_destination_from_headers() and parse_http_url()
it's mainly cosmetic.

4 years agoAdd string_tolower()
Fabian Keil [Sun, 4 Oct 2020 01:45:29 +0000 (03:45 +0200)]
Add string_tolower()

4 years agoAdd support for Websockets with https inspection enabled
Fabian Keil [Sat, 3 Oct 2020 11:53:17 +0000 (13:53 +0200)]
Add support for Websockets with https inspection enabled

Set the CT_TABOO flag in case of status code 101 and
continue shuffling data around until one of the sockets
gets closed.

4 years agoMbedTLS ssl_send_data(): Include the socket in the log messages
Fabian Keil [Sat, 3 Oct 2020 15:35:03 +0000 (17:35 +0200)]
MbedTLS ssl_send_data(): Include the socket in the log messages

4 years agoMbedTLS ssl_recv_data(): Include the socket in the log messages
Fabian Keil [Sat, 3 Oct 2020 15:33:26 +0000 (17:33 +0200)]
MbedTLS ssl_recv_data(): Include the socket in the log messages

4 years agoOpenSSL ssl_send_data(): Include the file descriptor in the log messages
Fabian Keil [Sat, 3 Oct 2020 11:37:29 +0000 (13:37 +0200)]
OpenSSL ssl_send_data(): Include the file descriptor in the log messages

4 years agoOpenSSL ssl_recv_data(): Include the file descriptor in the log messages
Fabian Keil [Sat, 3 Oct 2020 11:35:56 +0000 (13:35 +0200)]
OpenSSL ssl_recv_data(): Include the file descriptor in the log messages

4 years agoDisable fast-redirects for .twitter.com/.*origin=http
Fabian Keil [Mon, 28 Sep 2020 10:52:57 +0000 (12:52 +0200)]
Disable fast-redirects for .twitter.com/.*origin=http

4 years agoRemove #119 "Evaluate using pcre's jit mode"
Fabian Keil [Mon, 28 Sep 2020 10:38:34 +0000 (12:38 +0200)]
Remove #119 "Evaluate using pcre's jit mode"

Support has been added.

4 years agopcrs: Use the D flag to disable JIT-compilation
Fabian Keil [Fri, 25 Sep 2020 20:35:29 +0000 (22:35 +0200)]
pcrs: Use the D flag to disable JIT-compilation

... and use it in pcrs_compile_dynamic_command().

4 years agopcrs: Request JIT compilation if it's supported
Fabian Keil [Fri, 25 Sep 2020 15:22:03 +0000 (17:22 +0200)]
pcrs: Request JIT compilation if it's supported

4 years agoUnblock belco24.de/
Fabian Keil [Mon, 5 Oct 2020 08:58:39 +0000 (10:58 +0200)]
Unblock belco24.de/

4 years agoMark FEATURE_HTTPS_INSPECTION as experimental in the show-status template
Fabian Keil [Sun, 4 Oct 2020 15:21:35 +0000 (17:21 +0200)]
Mark FEATURE_HTTPS_INSPECTION as experimental in the show-status template

4 years agoAdd #164: Evaluate switching from pcreposix(3) to pcre's native api for URL matching
Fabian Keil [Sun, 4 Oct 2020 10:30:20 +0000 (12:30 +0200)]
Add #164: Evaluate switching from pcreposix(3) to pcre's native api for URL matching

4 years agoAdd #163: Use subdirectories in the certificate-directory
Fabian Keil [Sun, 4 Oct 2020 06:56:24 +0000 (08:56 +0200)]
Add #163: Use subdirectories in the certificate-directory

4 years agoAdd #162: Delete generated keys and certificates in case of connection failures
Fabian Keil [Sun, 4 Oct 2020 02:26:07 +0000 (04:26 +0200)]
Add #162: Delete generated keys and certificates in case of connection failures

4 years agoAdd #161: Properly support requests with chunked transfer-encoding with https inspection
Fabian Keil [Sun, 4 Oct 2020 01:52:40 +0000 (03:52 +0200)]
Add #161: Properly support requests with chunked transfer-encoding with https inspection

4 years agoRebuild config file
Fabian Keil [Sun, 4 Oct 2020 04:44:10 +0000 (06:44 +0200)]
Rebuild config file

4 years agoRegenerate docs
Fabian Keil [Sun, 4 Oct 2020 04:42:32 +0000 (06:42 +0200)]
Regenerate docs

4 years agoAdd a warning that Privoxy currently does not garbage-collect obsolete keys and certi...
Fabian Keil [Sun, 4 Oct 2020 01:38:51 +0000 (03:38 +0200)]
Add a warning that Privoxy currently does not garbage-collect obsolete keys and certificates

4 years agoRemove stray space
Fabian Keil [Sun, 4 Oct 2020 01:32:31 +0000 (03:32 +0200)]
Remove stray space

4 years agoDeclare https-inspection experimental
Fabian Keil [Tue, 29 Sep 2020 10:52:35 +0000 (12:52 +0200)]
Declare https-inspection experimental

4 years agoprocess_encrypted_request(): If we received no data after a CONNECT request, don...
Fabian Keil [Tue, 29 Sep 2020 10:37:27 +0000 (12:37 +0200)]
process_encrypted_request(): If we received no data after a CONNECT request, don't report it as a parse error

4 years agosend_https_request(): Call receive_and_send_encrypted_post_data() if
Fabian Keil [Mon, 28 Sep 2020 11:56:43 +0000 (13:56 +0200)]
send_https_request(): Call receive_and_send_encrypted_post_data() if

... nothing was flushed but we're expecting a request body.

Previously we would only call receive_and_send_encrypted_post_data()
if we flushed part of the request body which does not work if the
client headers are read without a single byte of request body.

4 years agoprivoxy-log-parser.pl: Add a --keep-date option to keep the date in highlighted messages
Fabian Keil [Sun, 27 Sep 2020 13:09:36 +0000 (15:09 +0200)]
privoxy-log-parser.pl: Add a --keep-date option to keep the date in highlighted messages

4 years agoBlock requests to pixel.inforsea.com/
Fabian Keil [Mon, 28 Sep 2020 11:09:03 +0000 (13:09 +0200)]
Block requests to pixel.inforsea.com/

4 years agoBlock requests to t.vi-serve.com/
Fabian Keil [Mon, 28 Sep 2020 11:02:29 +0000 (13:02 +0200)]
Block requests to t.vi-serve.com/

4 years agoBlock requests to .ioam.de/
Fabian Keil [Sun, 27 Sep 2020 12:38:13 +0000 (14:38 +0200)]
Block requests to .ioam.de/

4 years agoRelocate the block of t.9gag.com/img\.gif to the 'web-bug that is an image' section
Fabian Keil [Sun, 27 Sep 2020 12:33:37 +0000 (14:33 +0200)]
Relocate the block of t.9gag.com/img\.gif to the 'web-bug that is an image' section

4 years agoRelocate a variable declaration to the function where it is used
Fabian Keil [Fri, 25 Sep 2020 19:52:02 +0000 (21:52 +0200)]
Relocate a variable declaration to the function where it is used

4 years agoRemove stray space
Fabian Keil [Fri, 25 Sep 2020 19:46:29 +0000 (21:46 +0200)]
Remove stray space

4 years agoMake it more obvious that the OpenSSL code is also expected to work with LibreSSL
Fabian Keil [Fri, 25 Sep 2020 11:09:49 +0000 (13:09 +0200)]
Make it more obvious that the OpenSSL code is also expected to work with LibreSSL

4 years agopcrs_filter_response(): Free the old data if there are no hits
Fabian Keil [Thu, 24 Sep 2020 08:44:00 +0000 (10:44 +0200)]
pcrs_filter_response(): Free the old data if there are no hits

... and it's different from the data in iob and the new data.

Fixes a memory leak if multiple filters are executed
and the last one is skipped due to a pcre error.

4 years agochat(): Don't send the certificate error response if the certificate hasn't been...
Fabian Keil [Thu, 24 Sep 2020 09:14:36 +0000 (11:14 +0200)]
chat(): Don't send the certificate error response if the certificate hasn't been verified

4 years agoRebuild docs
Fabian Keil [Thu, 24 Sep 2020 07:50:45 +0000 (09:50 +0200)]
Rebuild docs

4 years agoAdd Hớ Hờ Hợ as contributor
Fabian Keil [Thu, 24 Sep 2020 07:29:25 +0000 (09:29 +0200)]
Add Hớ Hờ Hợ as contributor

Use Vietnamese Quoted-Readable for the vowels as the numeric
character sets are rejected by openjade.

4 years agoAdd withoutname as contributor
Fabian Keil [Thu, 24 Sep 2020 06:27:58 +0000 (08:27 +0200)]
Add withoutname as contributor

4 years agocgi_edit_actions_submit(): Check the toggle state of filters until no filters are...
Fabian Keil [Wed, 23 Sep 2020 17:08:14 +0000 (19:08 +0200)]
cgi_edit_actions_submit(): Check the toggle state of filters until no filters are left

Previously we would stop looking after the first filter
index wasn't found in the request URL.

This worked in case of "split-large-forms 0" but resulted in
filter state being ignored in case of "split-large-forms 1"
which leads to request URLs that only contain a subset of
the filters.

Reported by withoutname in #921.

4 years agoOpenSSL: Use %y instead of %Y in VALID_DATETIME_FMT
Fabian Keil [Wed, 23 Sep 2020 12:26:56 +0000 (14:26 +0200)]
OpenSSL: Use %y instead of %Y in VALID_DATETIME_FMT

Otherwise OpenSSL uses the GENERALIZEDTIME ASN.1 encoding
which results in LibreSSL-based clients rejecting
the certificate because they want the UTCTIME encoding
if the year is before 2050.

Example:

    fk@openbsd ~ $curl https://www.electrobsd.org/
    curl: (60) SSL certificate problem: format error in certificate's notBefore field
    [...]

4 years agossl_certificate_is_invalid(): If the validity check fails, consider the certificate...
Fabian Keil [Wed, 23 Sep 2020 09:19:32 +0000 (11:19 +0200)]
ssl_certificate_is_invalid(): If the validity check fails, consider the certificate invalid

4 years agossl_release(): Fix build with LibreSSL
Fabian Keil [Wed, 23 Sep 2020 08:10:43 +0000 (10:10 +0200)]
ssl_release(): Fix build with LibreSSL

... by only calling SSL_COMP_free_compression_methods()
and COMP_zlib_cleanup() if OPENSSL_NO_COMP is undefined.

Briefly tested with LibreSSL 3.1.1 on OpenBSD 6.7.

4 years agoDowngrade a 'Blocked URL' to http:// so the test works without FEATURE_HTTPS_INSPECTION
Fabian Keil [Wed, 23 Sep 2020 07:54:29 +0000 (09:54 +0200)]
Downgrade a 'Blocked URL' to  so the test works without FEATURE_HTTPS_INSPECTION

4 years agoBlock requests to t.9gag.com/img.gif
Fabian Keil [Wed, 16 Sep 2020 12:55:34 +0000 (14:55 +0200)]
Block requests to t.9gag.com/img.gif

4 years agoclose_server_ssl_connection(): Set SSL_RECEIVED_SHUTDOWN
Fabian Keil [Tue, 22 Sep 2020 11:13:03 +0000 (13:13 +0200)]
close_server_ssl_connection(): Set SSL_RECEIVED_SHUTDOWN

... so the BIO_free_all() call later on does not result
in OpenSSL waiting for a shutdown alert.

Prevents temporary hangs like:

   #0  0x0000000801d1f8da in _read () from /lib/libc.so.7
   #1  0x00000008019aebe6 in __thr_read (fd=59, buf=0x8084ecc43, nbytes=5) at /usr/src/lib/libthr/thread/thr_syscalls.c:418
   #2  0x0000000800cafb62 in sock_read (b=0x80459d470, out=0x8084ecc43 "\027\003\003\062m\234o*\370\005\371\v\242\nxX\364\n\r\020\344H=\261?Y\377Y\177\302\034Y!\004\064&H", outl=5) at /usr/src/crypto/openssl/crypto/bio/bss_sock.c:140
   #3  0x0000000800db9f34 in BIO_read (b=0x80459d470, out=0x8084ecc43, outl=5) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:210
   #4  0x000000080176a80d in ssl3_read_n (s=0x808515500, n=5, max=5, extend=<optimized out>) at /usr/src/crypto/openssl/ssl/s3_pkt.c:258
   #5  0x000000080176b87c in ssl3_get_record (s=0x808515500) at /usr/src/crypto/openssl/ssl/s3_pkt.c:342
   #6  ssl3_read_bytes (s=<optimized out>, type=<optimized out>, buf=<optimized out>, len=<optimized out>, peek=0) at /usr/src/crypto/openssl/ssl/s3_pkt.c:1233
   #7  0x000000080176e7bb in ssl3_shutdown (s=0x808515500) at /usr/src/crypto/openssl/ssl/s3_lib.c:4396
   #8  0x00000008017505b0 in ssl_free (a=0x8085b73f0) at /usr/src/crypto/openssl/ssl/bio_ssl.c:126
   #9  0x0000000800dbab7e in BIO_free (a=0x8085b73f0) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:133
   #10 BIO_free_all (bio=0x0) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:509
   #11 0x000000000045b481 in free_server_ssl_structures (csp=0x807720948) at openssl.c:1147
   #12 0x000000000045b411 in close_server_ssl_connection (csp=0x807720948) at openssl.c:942
   #13 0x0000000000438654 in serve (csp=0x807720948) at jcc.c:4531
   #14 0x00000008019ac08c in thread_start (curthread=0x8051fd200) at /usr/src/lib/libthr/thread/thr_create.c:290
   #15 0x0000000000000000 in ?? ()

4 years agoclose_client_ssl_connection(): Set SSL_RECEIVED_SHUTDOWN
Fabian Keil [Tue, 22 Sep 2020 11:09:41 +0000 (13:09 +0200)]
close_client_ssl_connection(): Set SSL_RECEIVED_SHUTDOWN

... so the BIO_free_all() call later on does not result
in OpenSSL waiting for a shutdown alert.

Prevents temporary hangs like this:

   (gdb) where
   #0  0x0000000801d1f8da in _read () from /lib/libc.so.7
   #1  0x00000008019aebe6 in __thr_read (fd=26, buf=0x804a2e8c3, nbytes=5) at /usr/src/lib/libthr/thread/thr_syscalls.c:418
   #2  0x0000000800cafb62 in sock_read (b=0x80895ffb0, out=0x804a2e8c3 "\027\003\003\004\a", outl=5) at /usr/src/crypto/openssl/crypto/bio/bss_sock.c:140
   #3  0x0000000800db9f34 in BIO_read (b=0x80895ffb0, out=0x804a2e8c3, outl=5) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:210
   #4  0x000000080176a80d in ssl3_read_n (s=0x806371a80, n=5, max=5, extend=<optimized out>) at /usr/src/crypto/openssl/ssl/s3_pkt.c:258
   #5  0x000000080176b87c in ssl3_get_record (s=0x806371a80) at /usr/src/crypto/openssl/ssl/s3_pkt.c:342
   #6  ssl3_read_bytes (s=<optimized out>, type=<optimized out>, buf=<optimized out>, len=<optimized out>, peek=0) at /usr/src/crypto/openssl/ssl/s3_pkt.c:1233
   #7  0x000000080176e7bb in ssl3_shutdown (s=0x806371a80) at /usr/src/crypto/openssl/ssl/s3_lib.c:4396
   #8  0x00000008017505b0 in ssl_free (a=0x80895fed0) at /usr/src/crypto/openssl/ssl/bio_ssl.c:126
   #9  0x0000000800dbab7e in BIO_free (a=0x80895fed0) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:133
   #10 BIO_free_all (bio=0x0) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:509
   #11 0x000000000045b301 in free_client_ssl_structures (csp=0x807678a88) at openssl.c:907
   #12 0x000000000045b391 in close_client_ssl_connection (csp=0x807678a88) at openssl.c:883
   #13 0x0000000000438603 in serve (csp=0x807678a88) at jcc.c:4516
   #14 0x00000008019ac08c in thread_start (curthread=0x807744200) at /usr/src/lib/libthr/thread/thr_create.c:290
   #15 0x0000000000000000 in ?? ()

4 years agocreate_client_ssl_connection(): Fix whitespace
Fabian Keil [Tue, 22 Sep 2020 11:04:51 +0000 (13:04 +0200)]
create_client_ssl_connection(): Fix whitespace

4 years agoserve(): Close the client socket before closing the server socket
Fabian Keil [Tue, 22 Sep 2020 08:31:20 +0000 (10:31 +0200)]
serve(): Close the client socket before closing the server socket

When using OpenSSL, closing the server socket sometimes
takes a long time so make sure this does not delay the
closing of the client socket.

While this is a work around, it doesn't hurt and
can be kept once the OpenSSL issue is fixed in
follow-up commits.