Maxim Antonov [Mon, 3 Aug 2020 11:11:37 +0000 (18:11 +0700)]
Add OpenSSL support
To enable it, configure with "--with-openssl".
This is mainly useful for platforms that ship with
OpenSSL in the base so the "special exception" from
section 3 of the GPLv2 applies.
The author (Maxim Antonov) reports about 100% more requests
per second when using OpenSSL instead of MbedTLS which the
committer could confirm. For details see:
https://sourceforge.net/p/ijbswa/patches/143/
This commit has a couple of issues that will be addressed
in follow-up commits.
Fabian Keil [Mon, 10 Aug 2020 15:55:15 +0000 (17:55 +0200)]
get_block_reason_statistics_table(): Add new lines between table rows
Sponsored by: Robert Klemme
Fabian Keil [Sun, 9 Aug 2020 10:30:38 +0000 (12:30 +0200)]
Remove references to 'pcrs-suppport' in the show-status template
It no longer exists, pcrs support has been mandatory for a while.
Fabian Keil [Sun, 9 Aug 2020 10:14:57 +0000 (12:14 +0200)]
Remove reference to 'redirect-url' in the show-status template
Fabian Keil [Sun, 9 Aug 2020 10:12:00 +0000 (12:12 +0200)]
Remove reference to 'sourceversions' in the show-status template
Fabian Keil [Fri, 7 Aug 2020 09:08:23 +0000 (11:08 +0200)]
Gather statistics for block reasons
... if FEATURE_EXTENDED_STATISTICS is enabled.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 7 Aug 2020 08:40:15 +0000 (10:40 +0200)]
Bump copyright
Fabian Keil [Thu, 6 Aug 2020 09:52:19 +0000 (11:52 +0200)]
Add FEATURE_EXTENDED_STATISTICS to gather filter statistics
Sponsored by: Robert Klemme
Fabian Keil [Fri, 7 Aug 2020 13:27:09 +0000 (15:27 +0200)]
Fix indentation of --fuzz description.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 7 Aug 2020 13:24:41 +0000 (15:24 +0200)]
Fix indentation of --enable-pcre-host-patterns description
Sponsored by: Robert Klemme
Fabian Keil [Fri, 7 Aug 2020 10:30:22 +0000 (12:30 +0200)]
Change two block reasons that previsouly were the same
Sponsored by: Robert Klemme
Fabian Keil [Fri, 7 Aug 2020 08:17:40 +0000 (10:17 +0200)]
Remove betrugstest.com from the list of sponsors
Fabian Keil [Thu, 6 Aug 2020 08:44:08 +0000 (10:44 +0200)]
Fix typo in error message
Sponsored by: Robert Klemme
Fabian Keil [Wed, 5 Aug 2020 09:28:44 +0000 (11:28 +0200)]
Remove #80 which is done
Fabian Keil [Wed, 5 Aug 2020 10:53:56 +0000 (12:53 +0200)]
Regenerate docs
Fabian Keil [Wed, 5 Aug 2020 10:53:00 +0000 (12:53 +0200)]
Document the 'PCRE-HOST-PATTERN:' prefix
Sponsored by: Robert Klemme
Fabian Keil [Wed, 5 Aug 2020 10:48:35 +0000 (12:48 +0200)]
tools/url-pattern-translator.pl: Detect a couple of pattern prefixes case-insensitively
Sponsored by: Robert Klemme
Fabian Keil [Wed, 5 Aug 2020 10:34:13 +0000 (12:34 +0200)]
tools/url-pattern-translator.pl: Skip CLIENT-TAG patterns
Sponsored by: Robert Klemme
Fabian Keil [Wed, 5 Aug 2020 09:23:06 +0000 (11:23 +0200)]
tools/url-pattern-translator.pl: Skip patterns that have already been converted
It should now be safe to "convert" a file multiple times.
Sponsored by: Robert Klemme
Fabian Keil [Wed, 5 Aug 2020 09:21:06 +0000 (11:21 +0200)]
tools/url-pattern-translator.pl: Add the new 'PCRE-HOST-PATTERN:' prefix
Sponsored by: Robert Klemme
Fabian Keil [Wed, 5 Aug 2020 09:15:47 +0000 (11:15 +0200)]
Update configure description of FEATURE_PCRE_HOST_PATTERNS
Sponsored by: Robert Klemme
Fabian Keil [Wed, 5 Aug 2020 09:13:49 +0000 (11:13 +0200)]
Rename FEATURE_EXTENDED_HOST_PATTERNS to FEATURE_PCRE_HOST_PATTERNS
Sponsored by: Robert Klemme
Fabian Keil [Mon, 3 Aug 2020 13:20:52 +0000 (15:20 +0200)]
Bump copyright
Fabian Keil [Mon, 3 Aug 2020 11:12:32 +0000 (13:12 +0200)]
Allow to use extended host patterns and vanilla host patterns at the same time
... by prefixing extended host patterns with "PCRE-HOST-PATTERN:".
Sponsored by: Robert Klemme
Fabian Keil [Thu, 23 Jul 2020 12:00:53 +0000 (14:00 +0200)]
Collapse two if blocks into one
Sponsored by: Robert Klemme
Fabian Keil [Wed, 22 Jul 2020 18:55:32 +0000 (20:55 +0200)]
Install the GPLv3 with the "install" target
... and include it in the tar ball created with the "gen-dist" target.
Fabian Keil [Wed, 22 Jul 2020 12:26:13 +0000 (14:26 +0200)]
Rebuild man page
Fabian Keil [Wed, 22 Jul 2020 10:27:27 +0000 (12:27 +0200)]
Regenerate docs
Fabian Keil [Wed, 22 Jul 2020 12:45:49 +0000 (14:45 +0200)]
Improve the "ignore-certificate-errors" description
Fabian Keil [Wed, 22 Jul 2020 13:50:30 +0000 (15:50 +0200)]
Clarify that Privoxy is licensed under GPLv2 or later
Fabian Keil [Wed, 22 Jul 2020 12:25:30 +0000 (14:25 +0200)]
Bump copyright
Fabian Keil [Wed, 22 Jul 2020 12:10:06 +0000 (14:10 +0200)]
license.sgml: Explain that Privoxy has to be distributed under the GPLv3 (or later) when linked with mbedTLS
Fabian Keil [Wed, 22 Jul 2020 10:25:41 +0000 (12:25 +0200)]
Include the GPLv3 in the user manual
... and mention that it applies when Privoxy is linked
with mbedTLS.
Fabian Keil [Wed, 22 Jul 2020 08:52:22 +0000 (10:52 +0200)]
Import the GNU GPLv3
It can be used when Privoxy is linked to mbedTLS
whose recent versions are only distributed under the
Apache 2.0 license which is incompatible with the
GPLv2 but compatible with the GPLv3.
Fabian Keil [Wed, 22 Jul 2020 12:00:32 +0000 (14:00 +0200)]
pcrs.3: Update pcrs license
Fabian Keil [Wed, 22 Jul 2020 11:56:32 +0000 (13:56 +0200)]
pcrs.3: Change URL to https://
Fabian Keil [Wed, 22 Jul 2020 10:21:27 +0000 (12:21 +0200)]
Clarify FEATURE_FORCE_LOAD description
It allows to bypass blocking not filtering and only
does it if blocks aren't enforced.
Reported by: Robert Klemme
Fabian Keil [Mon, 20 Jul 2020 13:10:16 +0000 (15:10 +0200)]
Only use the Subject Alternative Name extension if it isn't an IP address
Sponsored by: Robert Klemme
Fabian Keil [Sun, 19 Jul 2020 12:52:24 +0000 (14:52 +0200)]
Regenerate config file
Fabian Keil [Sun, 19 Jul 2020 12:45:01 +0000 (14:45 +0200)]
Regenerate docs
Fabian Keil [Sun, 19 Jul 2020 12:42:29 +0000 (14:42 +0200)]
Fix typo
Fabian Keil [Sun, 19 Jul 2020 12:39:59 +0000 (14:39 +0200)]
config: Rename 'TLS/SSL' section to 'TLS/SSL Inspection'
Suggested by: Lee
Fabian Keil [Sat, 18 Jul 2020 12:04:11 +0000 (14:04 +0200)]
receive_encrypted_request(): Use the socket-timeout when waiting for new data
Previously the keep-alive-timeout was being used which
was inappropriate as we are waiting for data that belongs
to the same request.
Sponsored by: Robert Klemme
Fabian Keil [Sat, 18 Jul 2020 11:47:36 +0000 (13:47 +0200)]
receive_encrypted_request(): Properly deal with pending data
... that has already been received and is thus invisible to
data_is_available().
Previously encrypted client requests that were too large
to be read with a single ssl_recv_data() call could be
rejected as invalid if all the data arrived quickly enough.
Apparently this happended frequently on gmail due to
large Cookies.
Reported by: Robert Klemme
Sponsored by: Robert Klemme
Fabian Keil [Fri, 26 Jun 2020 05:15:34 +0000 (07:15 +0200)]
Sync with updated 'Cautious' template
... which no longer enables the 'no-brotli-accepted' client-header filter.
This reverts commit
3e65e04181a1face1f3c3ef6e1481f674aa1a05f.
Fabian Keil [Fri, 26 Jun 2020 05:13:52 +0000 (07:13 +0200)]
Stop enabling 'no-brotli-accepted' client-header filter in all templates again
... as we have FEATURE_BROTLI now.
This reverts commit
c39e3b6489041ce5a4fa0c30481dd2cae3f4ce5a.
Fabian Keil [Thu, 25 Jun 2020 14:59:01 +0000 (16:59 +0200)]
Remove #159 "Support Brotli compression." which is done
Fabian Keil [Thu, 25 Jun 2020 09:48:41 +0000 (11:48 +0200)]
Bump copyright
Fabian Keil [Thu, 11 Jun 2020 16:31:45 +0000 (18:31 +0200)]
Bump copyright
Fabian Keil [Thu, 11 Jun 2020 09:20:14 +0000 (11:20 +0200)]
Add support for Brotli decompression
Using Google's brotli library:
https://github.com/google/brotli
Sponsored by: Robert Klemme
Fabian Keil [Fri, 19 Jun 2020 15:04:12 +0000 (17:04 +0200)]
Add fast-redirects exception for .wikipedia.org/
Fabian Keil [Mon, 15 Jun 2020 08:34:14 +0000 (10:34 +0200)]
ssl_send_certificate_error(): Add a doctype
Sponsored by: Robert Klemme
Fabian Keil [Fri, 12 Jun 2020 13:08:45 +0000 (15:08 +0200)]
ssl_send_certificate_error(): Add a page title
Sponsored by: Robert Klemme
Fabian Keil [Thu, 11 Jun 2020 18:11:28 +0000 (20:11 +0200)]
Don't add '-Imbedtls/include' to the CFLAGS when not building with mbedTLS
Sponsored by: Robert Klemme
Fabian Keil [Thu, 11 Jun 2020 16:30:13 +0000 (18:30 +0200)]
configure.in: Start --with(out)-mbedtls descriptions with upper-case characters
Sponsored by: Robert Klemme
Fabian Keil [Sat, 6 Jun 2020 07:28:00 +0000 (09:28 +0200)]
ssl_send_certificate_error(): Make it more obvious that the message is coming from Privoxy
Suggested by: Roland
Sponsored by: Robert Klemme
Fabian Keil [Thu, 11 Jun 2020 13:02:34 +0000 (15:02 +0200)]
Disable fast-redirects for .consensu.org/delivery/pixel\.php and block the requests as image instead
Fabian Keil [Tue, 9 Jun 2020 08:07:09 +0000 (10:07 +0200)]
privoxy-log-parser.pl: Unbreak the gathering of host statistics with http requests
... and CONNECT requests.
Fabian Keil [Tue, 9 Jun 2020 07:26:38 +0000 (09:26 +0200)]
privoxy-log-parser.pl: Make gather_loglevel_clf_stats() more tolerant
While at it, count all CLF messages as requests,
even if the request is invalid.
Fabian Keil [Tue, 9 Jun 2020 06:26:29 +0000 (08:26 +0200)]
privoxy-log-parser.pl: Highlight: "Waiting for the next client connection. Currently active threads: 30"
Fabian Keil [Mon, 8 Jun 2020 16:49:50 +0000 (18:49 +0200)]
Add a couple of tests for +client-header-filter{no-brotli-accepted}
Fabian Keil [Mon, 8 Jun 2020 09:38:43 +0000 (11:38 +0200)]
Register dependencies of the ssl object file so it is rebuild when needed
Fabian Keil [Sun, 7 Jun 2020 17:24:00 +0000 (19:24 +0200)]
get_clf_timestamp(): Fix locking of localtime()
Previously we were only locking the actual localtime()
call while we should keep the lock until the returned
pointer is no longer being used.
Fabian Keil [Sun, 7 Jun 2020 17:23:30 +0000 (19:23 +0200)]
get_locale_time(): Fix locking of localtime()
Previously we were only locking the actual localtime()
call while we should keep the lock until the returned
pointer is no longer being used.
Fabian Keil [Sun, 7 Jun 2020 17:22:10 +0000 (19:22 +0200)]
get_clf_timestamp(): Use privoxy_gmtime_r()
Fabian Keil [Sun, 7 Jun 2020 17:12:59 +0000 (19:12 +0200)]
Bump copyright
Fabian Keil [Sun, 7 Jun 2020 15:57:40 +0000 (17:57 +0200)]
parse_header_time(): Use privoxy_gmtime_r()
Previously the function would use gmtime() unlocked
if FEATURE_STRPTIME_SANITY_CHECKS was enabled ...
Fabian Keil [Sun, 7 Jun 2020 15:52:38 +0000 (17:52 +0200)]
client_if_modified_since(): Use privoxy_gmtime_r()
Fabian Keil [Sun, 7 Jun 2020 15:51:31 +0000 (17:51 +0200)]
server_last_modified(): Use privoxy_gmtime_r()
Fabian Keil [Sun, 7 Jun 2020 15:50:23 +0000 (17:50 +0200)]
add_cookie_expiry_date(): Use privoxy_gmtime_r()
Fabian Keil [Sun, 7 Jun 2020 15:48:52 +0000 (17:48 +0200)]
generate_certificate_valid_date(): Use privoxy_gmtime_r()
Fabian Keil [Sun, 7 Jun 2020 15:47:26 +0000 (17:47 +0200)]
Add privoxy_gmtime_r() so we can simplify some code
Fabian Keil [Sun, 7 Jun 2020 15:42:00 +0000 (17:42 +0200)]
write_pid_file(): Rename pidfile to pid_file
So it doesn't shadow the global pidfile.
Fabian Keil [Sun, 7 Jun 2020 15:21:16 +0000 (17:21 +0200)]
Fix the locking of gmtime()
Previously we were only locking the actual gmtime()
call while we should keep the lock until the returned
pointer is no longer being used.
Fabian Keil [Sun, 7 Jun 2020 14:56:05 +0000 (16:56 +0200)]
generate_certificate_valid_date(): Fall back to using gmtime() if gmtime_r() isn't available
As Lee reported it's not available on Windows.
Fabian Keil [Sun, 7 Jun 2020 12:59:28 +0000 (14:59 +0200)]
server(): Add colons that were missing in a log message
Fabian Keil [Sat, 6 Jun 2020 15:47:58 +0000 (17:47 +0200)]
privoxy-log-parser.pl: Properly highlight the filter results message
Previously a brace got lost.
Fabian Keil [Sun, 7 Jun 2020 09:41:48 +0000 (11:41 +0200)]
privoxy-regression-test.pl: Consistently use no space after function names
Fabian Keil [Sun, 7 Jun 2020 07:53:36 +0000 (09:53 +0200)]
Log the "Request:" message for unencrypted requests later
In
b94bbe62a I moved the block in front of the setting
of csp->http->client_ssl which meant the message was emitted
for encrypted requests as well.
This resulted in two "Request:" message instead of one.
Sponsored by: Robert Klemme
Fabian Keil [Sun, 7 Jun 2020 07:46:59 +0000 (09:46 +0200)]
Disable fast-redirects for collector.githubapp.com/ and block requests to it as image instead
Fabian Keil [Sun, 7 Jun 2020 08:08:00 +0000 (10:08 +0200)]
privoxy-regression-test.pl: Bump copyright
Fabian Keil [Sun, 7 Jun 2020 08:07:05 +0000 (10:07 +0200)]
privoxy-regression-test.pl: Allow '[' and ']' in URLs
Fabian Keil [Sun, 7 Jun 2020 08:06:20 +0000 (10:06 +0200)]
privoxy-regression-test.pl: Turn curl's globbing mode off so we can allow more characters in URLs
Fabian Keil [Sat, 6 Jun 2020 15:52:25 +0000 (17:52 +0200)]
privoxy-regression-test.pl: Bump version to 0.7.1
Fabian Keil [Sat, 6 Jun 2020 11:56:24 +0000 (13:56 +0200)]
privoxy-regression-test.pl: Include the action file when complaining about missing Sticky Actions
Fabian Keil [Sat, 6 Jun 2020 07:45:39 +0000 (09:45 +0200)]
Regenerate FAQ
Fabian Keil [Sat, 6 Jun 2020 07:56:09 +0000 (09:56 +0200)]
FAQ: Remove an obsolete comment with a link to the long-gone PDF manual
Fabian Keil [Sat, 6 Jun 2020 07:44:24 +0000 (09:44 +0200)]
Bump copyright
Fabian Keil [Sat, 6 Jun 2020 07:43:28 +0000 (09:43 +0200)]
FAQ: Add a link to the TODO list
Fabian Keil [Sat, 6 Jun 2020 07:42:56 +0000 (09:42 +0200)]
FAQ: Mention http-inspection in two answers
Sponsored by: Robert Klemme
Fabian Keil [Fri, 5 Jun 2020 11:39:57 +0000 (13:39 +0200)]
FAQ: Change the sponsor amounts to USD
... slightly rounding the converted amounts up to get simple numbers.
Receiving USD is apparently easier for SPI and SPI is
preferred by sponsors as they can send invoices.
No objections from: privoxy-devel@
Roland Rosenfeld [Fri, 5 Jun 2020 13:57:30 +0000 (15:57 +0200)]
Debian: Adapt TLS/SSL settings to Debian FHS.
Generate dirs with correct permissions for https-inspection.
Roland Rosenfeld [Fri, 5 Jun 2020 11:39:04 +0000 (13:39 +0200)]
Debian: Compile --with-mbedtls to allow https-inspection.
Roland Rosenfeld [Fri, 5 Jun 2020 10:40:01 +0000 (12:40 +0200)]
Debian: Update to new git version 8097d5 (update all patches)
Fabian Keil [Fri, 5 Jun 2020 14:05:51 +0000 (16:05 +0200)]
Fix spelling of FEATURE_HTTPS_INSPECTION
... so the action editor actually allows to set
https-inspection and ignore-certificate-errors.
Reported by: Roland
Fabian Keil [Fri, 5 Jun 2020 13:48:33 +0000 (15:48 +0200)]
Update http inspection section
It was still using +enable-https-filtering instead of +https-inspection.
Reported by: Roland
Fabian Keil [Fri, 5 Jun 2020 11:52:50 +0000 (13:52 +0200)]
Improve an error message in chat()
... that is emitted when forwarding an encrypted
request through a HTTP proxy fails.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 5 Jun 2020 11:28:48 +0000 (13:28 +0200)]
Use the connect-failed template when the forwarding proxy fails
... with https inspection enabled. Forwarding the response from
the proxy to the client will not work as the client expects
an encrypted response.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 5 Jun 2020 11:25:41 +0000 (13:25 +0200)]
Improve a comment in chat()
... by removing an obsolete sentence and sprinkling a
couple of "the"s.
Sponsored by: Robert Klemme
Fabian Keil [Thu, 12 Mar 2020 11:39:07 +0000 (12:39 +0100)]
Deduplicate some https inspection code in chat()
Once the connection to a HTTP proxy has been
established we can treat the connection the
same way as a direct one.
Sponsored by: Robert Klemme