privoxy.git
4 years agoDetect invalid certificates and create new ones
Fabian Keil [Thu, 27 Feb 2020 08:56:01 +0000 (09:56 +0100)]
Detect invalid certificates and create new ones

Currently certificates are considered valid if they can
be parsed and have a "valid to" date in the future.

Sponsored by: Robert Klemme

4 years agoBump copyright
Fabian Keil [Wed, 26 Feb 2020 16:52:39 +0000 (17:52 +0100)]
Bump copyright

4 years agosed_https(): Clear the existing tags before calling sed()
Fabian Keil [Wed, 26 Feb 2020 14:42:48 +0000 (15:42 +0100)]
sed_https(): Clear the existing tags before calling sed()

This makes sure tagging based on the encrypted client
headers works even if a tag has already been set based
on the unencrypted ones.

Sponsored by: Robert Klemme

4 years agosed_https(): Unset CSP_FLAG_CLIENT_HEADER_PARSING_DONE
Fabian Keil [Wed, 26 Feb 2020 14:35:28 +0000 (15:35 +0100)]
sed_https(): Unset CSP_FLAG_CLIENT_HEADER_PARSING_DONE

... to make sure we're applying client header taggers and filters.

Sponsored by: Robert Klemme

4 years agossl_send_certificate_error(): Don't sleep
Fabian Keil [Wed, 26 Feb 2020 13:57:38 +0000 (14:57 +0100)]
ssl_send_certificate_error(): Don't sleep

Supposedly some clients once apon a time needed
the delay but it's unclear which. Let's see if
any show up.

Sponsored by: Robert Klemme

4 years agossl_send_certificate_error(): Be more precise
Fabian Keil [Wed, 26 Feb 2020 13:28:18 +0000 (14:28 +0100)]
ssl_send_certificate_error(): Be more precise

An invalid certificate is only one of the reasons
why the certificate verification may fail.

Sponsored by: Robert Klemme

4 years agoWhen logging that the certificate verifcation failed, mention the host
Fabian Keil [Wed, 26 Feb 2020 13:02:48 +0000 (14:02 +0100)]
When logging that the certificate verifcation failed, mention the host

Sponsored by: Robert Klemme

4 years agoOnly use certificate_mutex and rng_mutex when needed
Fabian Keil [Wed, 26 Feb 2020 09:07:05 +0000 (10:07 +0100)]
Only use certificate_mutex and rng_mutex when needed

Previously they were defined and initialized unconditionally.

Sponsored by: Robert Klemme

4 years agoUse a single mutex for the certificate generation
Fabian Keil [Wed, 26 Feb 2020 09:02:11 +0000 (10:02 +0100)]
Use a single mutex for the certificate generation

It is fast enough so there is no need to complicate
things with up to 65536 different mutexes.

Sponsored by: Robert Klemme

4 years agoTurn lack of md5 support in mbedTLS into a compile error
Fabian Keil [Wed, 26 Feb 2020 08:49:03 +0000 (09:49 +0100)]
Turn lack of md5 support in mbedTLS into a compile error

Previously the TLS code simply wouldn't work properly.

Sponsored by: Robert Klemme

4 years agoRemove #95 which is obsolete now that we support proper https inspection
Fabian Keil [Wed, 26 Feb 2020 08:07:57 +0000 (09:07 +0100)]
Remove #95 which is obsolete now that we support proper https inspection

4 years agoRebuild config file
Fabian Keil [Tue, 25 Feb 2020 21:18:37 +0000 (22:18 +0100)]
Rebuild config file

Sponsored by: Robert Klemme

4 years agoRebuild docs
Fabian Keil [Tue, 25 Feb 2020 21:13:48 +0000 (22:13 +0100)]
Rebuild docs

Sponsored by: Robert Klemme

4 years agoRename +enable-https-filtering to +https-inspection
Fabian Keil [Tue, 25 Feb 2020 21:07:41 +0000 (22:07 +0100)]
Rename +enable-https-filtering to +https-inspection

... which is more precise.

Sponsored by: Robert Klemme

4 years agoRename FEATURE_HTTPS_FILTERING to FEATURE_HTTPS_INSPECTION
Fabian Keil [Tue, 25 Feb 2020 20:51:59 +0000 (21:51 +0100)]
Rename FEATURE_HTTPS_FILTERING to FEATURE_HTTPS_INSPECTION

... which is more precise.

Sponsored by: Robert Klemme

4 years agoNote that enable-https-filtering{} has to be enabled based on the CONNECT request
Fabian Keil [Tue, 25 Feb 2020 19:45:19 +0000 (20:45 +0100)]
Note that enable-https-filtering{} has to be enabled based on the CONNECT request

Sponsored by: Robert Klemme

4 years agoprocess_encrypted_request(): Log applied actions when requested
Fabian Keil [Tue, 25 Feb 2020 17:17:47 +0000 (18:17 +0100)]
process_encrypted_request(): Log applied actions when requested

Sponsored by: Robert Klemme

4 years agoprocess_encrypted_request(): Don't call init_current_action() when toggled off
Fabian Keil [Tue, 25 Feb 2020 17:11:47 +0000 (18:11 +0100)]
process_encrypted_request(): Don't call init_current_action() when toggled off

By the time the function is called the actions are already
initialized.

Sponsored by: Robert Klemme

4 years agoget_url_actions(): Don't initialize actions when called the second time
Fabian Keil [Tue, 25 Feb 2020 16:54:34 +0000 (17:54 +0100)]
get_url_actions(): Don't initialize actions when called the second time

Sponsored by: Robert Klemme

4 years agoFix location of curly brace and normalize white space
Fabian Keil [Tue, 25 Feb 2020 15:34:41 +0000 (16:34 +0100)]
Fix location of curly brace and normalize white space

4 years agoBump copyright
Fabian Keil [Tue, 25 Feb 2020 15:27:09 +0000 (16:27 +0100)]
Bump copyright

4 years agoDeal with invalid certificates in case of forwarded requests
Fabian Keil [Tue, 25 Feb 2020 12:37:22 +0000 (13:37 +0100)]
Deal with invalid certificates in case of forwarded requests

... by sending the details of the verification failure
and the certificates.

Sponsored by: Robert Klemme

4 years agocreate_server_ssl_connection(): If the certificate is invalid, log the details
Fabian Keil [Sun, 23 Feb 2020 12:00:04 +0000 (13:00 +0100)]
create_server_ssl_connection(): If the certificate is invalid, log the details

Sponsored by: Robert Klemme

4 years agoRemove obsolete comment
Fabian Keil [Tue, 25 Feb 2020 12:35:37 +0000 (13:35 +0100)]
Remove obsolete comment

4 years agofree_server_ssl_structures(): Mark the correct socket as invalid
Fabian Keil [Tue, 25 Feb 2020 12:23:32 +0000 (13:23 +0100)]
free_server_ssl_structures(): Mark the correct socket as invalid

Sponsored by: Robert Klemme

4 years agoAdd a missing 'the' to a log message
Fabian Keil [Tue, 25 Feb 2020 12:20:54 +0000 (13:20 +0100)]
Add a missing 'the' to a log message

4 years agoAdd receive_and_send_encrypted_post_data()
Fabian Keil [Mon, 24 Feb 2020 12:12:39 +0000 (13:12 +0100)]
Add receive_and_send_encrypted_post_data()

... to deal with POST data that isn't read together
with the request headers.

Sponsored by: Robert Klemme

4 years agossl_send_data(): Log the data before writing
Fabian Keil [Tue, 25 Feb 2020 11:52:39 +0000 (12:52 +0100)]
ssl_send_data(): Log the data before writing

Sponsored by: Robert Klemme

4 years agossl_recv_data(): Log the received data
Fabian Keil [Tue, 25 Feb 2020 11:50:48 +0000 (12:50 +0100)]
ssl_recv_data(): Log the received data

Sponsored by: Robert Klemme

4 years agoFix a comment typo
Fabian Keil [Sun, 23 Feb 2020 11:13:40 +0000 (12:13 +0100)]
Fix a comment typo

4 years agoFix a comment typo
Fabian Keil [Sun, 23 Feb 2020 11:07:26 +0000 (12:07 +0100)]
Fix a comment typo

4 years agoReduce spaces
Fabian Keil [Sat, 22 Feb 2020 22:19:02 +0000 (23:19 +0100)]
Reduce spaces

4 years agoFix a comment typo
Fabian Keil [Sat, 22 Feb 2020 21:56:32 +0000 (22:56 +0100)]
Fix a comment typo

4 years agoImprove a comment
Fabian Keil [Sat, 22 Feb 2020 21:50:27 +0000 (22:50 +0100)]
Improve a comment

4 years agoBump copyright
Fabian Keil [Sat, 22 Feb 2020 21:49:01 +0000 (22:49 +0100)]
Bump copyright

4 years agossl_send_data(): Consistently return -1 in case of errors
Fabian Keil [Sat, 22 Feb 2020 21:02:16 +0000 (22:02 +0100)]
ssl_send_data(): Consistently return -1 in case of errors

... instead of passing on the MBEDTLS_ERR_* value which
the caller doesn't need to know.

Sponsored by: Robert Klemme

4 years agossl_recv_data(): Properly handle MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
Fabian Keil [Sat, 22 Feb 2020 19:53:48 +0000 (20:53 +0100)]
ssl_recv_data(): Properly handle MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY

Previously ssl_recv_data() would pass it to the caller
which would treat it as an error.

Sponsored by: Robert Klemme

4 years agoUnbreak the build without FEATURE_HTTPS_FILTERING
Fabian Keil [Sat, 22 Feb 2020 16:28:31 +0000 (17:28 +0100)]
Unbreak the build without FEATURE_HTTPS_FILTERING

4 years agoDon't crash when blocking a CONNECT request with https filtering enabled
Fabian Keil [Sat, 22 Feb 2020 13:38:16 +0000 (14:38 +0100)]
Don't crash when blocking a CONNECT request with https filtering enabled

Previously ssl_send_data() was called before the TLS context was
setup which resulted in a segfault in mbedtls_ssl_get_max_frag_len().

4 years agoBump copyright
Fabian Keil [Fri, 21 Feb 2020 15:48:51 +0000 (16:48 +0100)]
Bump copyright

4 years agoRegenerate docs
Fabian Keil [Fri, 21 Feb 2020 15:41:33 +0000 (16:41 +0100)]
Regenerate docs

4 years agoProperly link to the TLS section of the config file
Fabian Keil [Fri, 21 Feb 2020 15:40:47 +0000 (16:40 +0100)]
Properly link to the TLS section of the config file

4 years agoFix links to the enable-https-filtering action
Fabian Keil [Fri, 21 Feb 2020 15:35:23 +0000 (16:35 +0100)]
Fix links to the enable-https-filtering action

4 years agoAdd a missing anchor
Fabian Keil [Fri, 21 Feb 2020 15:32:35 +0000 (16:32 +0100)]
Add a missing anchor

4 years agoRebuild config file
Fabian Keil [Thu, 20 Feb 2020 16:38:54 +0000 (17:38 +0100)]
Rebuild config file

4 years agoRebuild docs
Fabian Keil [Thu, 20 Feb 2020 16:37:19 +0000 (17:37 +0100)]
Rebuild docs

4 years agoconfig: Fix typo
Fabian Keil [Fri, 21 Feb 2020 14:49:20 +0000 (15:49 +0100)]
config: Fix typo

4 years agoconfig: Mention that the certificate-directory is only used when https filtering
Fabian Keil [Fri, 21 Feb 2020 14:48:29 +0000 (15:48 +0100)]
config: Mention that the certificate-directory is only used when https filtering

4 years agoconfig: Improve the description of the ca-cert-file directive
Fabian Keil [Fri, 21 Feb 2020 14:44:35 +0000 (15:44 +0100)]
config: Improve the description of the ca-cert-file directive

4 years agoconfig: Note that Privoxy does not automatically clear website certiificates
Fabian Keil [Thu, 20 Feb 2020 16:31:52 +0000 (17:31 +0100)]
config: Note that Privoxy does not automatically clear website certiificates

... when the CA key and certificate are changed.

4 years agoBump coypright
Fabian Keil [Wed, 19 Feb 2020 16:36:25 +0000 (17:36 +0100)]
Bump coypright

4 years agoNote that access to certificate-directory and ca-directory should be limited
Fabian Keil [Wed, 19 Feb 2020 14:01:45 +0000 (15:01 +0100)]
Note that access to certificate-directory and ca-directory should be limited

... to Privoxy and the Privoxy admin.

4 years agogenerate_key(): Change argument order to be more consistent
Fabian Keil [Wed, 19 Feb 2020 12:17:16 +0000 (13:17 +0100)]
generate_key(): Change argument order to be more consistent

4 years agopcrs.h: Add copyright and license
Fabian Keil [Fri, 21 Feb 2020 14:30:55 +0000 (15:30 +0100)]
pcrs.h: Add copyright and license

4 years agoChange license for pcrs.c to GPLv2+
Fabian Keil [Tue, 18 Feb 2020 16:23:33 +0000 (17:23 +0100)]
Change license for pcrs.c to GPLv2+

... after getting the permission from Andreas.

This allows to redistribute Privoxy under the GPLv3
which is required when linking to mbedTLS which is
licensed under the Apache 2.0 license.

4 years agoRegenerate docs
Fabian Keil [Mon, 17 Feb 2020 23:19:22 +0000 (00:19 +0100)]
Regenerate docs

4 years agoRemove cooltechzone.com from the sponsor list
Fabian Keil [Tue, 18 Feb 2020 11:36:04 +0000 (12:36 +0100)]
Remove cooltechzone.com from the sponsor list

They were unhappy with the link change.

4 years agoRevert "Clarify that Privoxy can also be used under the terms of a license later...
Fabian Keil [Mon, 17 Feb 2020 23:17:56 +0000 (00:17 +0100)]
Revert "Clarify that Privoxy can also be used under the terms of a license later than the GPLv2"

The current license of pcrs.c actually prevents the license upgrade.

This reverts commit d74933268d8eee2037691f5db776b2103eb13945.

4 years agoChange 'GIT' to 'Git'
Fabian Keil [Sun, 16 Feb 2020 17:44:15 +0000 (18:44 +0100)]
Change 'GIT' to 'Git'

4 years agoBump copyright
Fabian Keil [Sat, 15 Feb 2020 13:15:03 +0000 (14:15 +0100)]
Bump copyright

4 years agoBump copyright
Fabian Keil [Sat, 15 Feb 2020 13:14:26 +0000 (14:14 +0100)]
Bump copyright

4 years agoRebuild docs with updated license info
Fabian Keil [Sat, 15 Feb 2020 13:02:18 +0000 (14:02 +0100)]
Rebuild docs with updated license info

4 years agoClarify that Privoxy can also be used under the terms of a license later than the...
Fabian Keil [Sat, 15 Feb 2020 12:56:08 +0000 (13:56 +0100)]
Clarify that Privoxy can also be used under the terms of a license later than the GPLv2

4 years agoRegenerate developer manual
Fabian Keil [Fri, 14 Feb 2020 13:32:55 +0000 (14:32 +0100)]
Regenerate developer manual

4 years agoDeveloper manual: Bump copyright
Fabian Keil [Fri, 14 Feb 2020 13:22:14 +0000 (14:22 +0100)]
Developer manual: Bump copyright

4 years agoDeveloper manual: Document how ot access the git repository through https
Fabian Keil [Fri, 14 Feb 2020 13:21:19 +0000 (14:21 +0100)]
Developer manual: Document how ot access the git repository through https

4 years agoStrip trailing whitespace
Fabian Keil [Fri, 23 Jun 2017 18:27:37 +0000 (20:27 +0200)]
Strip trailing whitespace

4 years agoStrip trailing whitespace
Fabian Keil [Fri, 23 Jun 2017 18:27:37 +0000 (20:27 +0200)]
Strip trailing whitespace

4 years agofree_certificate_chain(): Fix memset() target
Fabian Keil [Wed, 5 Feb 2020 16:02:37 +0000 (17:02 +0100)]
free_certificate_chain(): Fix memset() target

4 years agoRemove SourceForge references in copyright headers
Fabian Keil [Thu, 30 Jan 2020 15:49:10 +0000 (16:49 +0100)]
Remove SourceForge references in copyright headers

4 years agoUpgrade a bunch of links to the homepage to https://
Fabian Keil [Thu, 30 Jan 2020 15:46:10 +0000 (16:46 +0100)]
Upgrade a bunch of links to the homepage to https://

4 years agoDeclare generate_webpage_certificate() static
Fabian Keil [Wed, 11 Dec 2019 12:05:24 +0000 (13:05 +0100)]
Declare generate_webpage_certificate() static

4 years agoFix comment typos
Fabian Keil [Mon, 2 Dec 2019 12:06:29 +0000 (13:06 +0100)]
Fix comment typos

4 years agoRegenerate homepage with silver sponsor https://www.vpnranks.com/
Fabian Keil [Mon, 3 Feb 2020 16:38:39 +0000 (17:38 +0100)]
Regenerate homepage with silver sponsor https://vpnranks.com/

4 years agoAdd https://www.vpnranks.com/ as silver sponsor
Fabian Keil [Mon, 3 Feb 2020 16:37:43 +0000 (17:37 +0100)]
Add https://www.vpnranks.com/ as silver sponsor

4 years agoAdjust cooltechzone.com sponsor link to look less manipulative
Fabian Keil [Mon, 3 Feb 2020 16:39:29 +0000 (17:39 +0100)]
Adjust cooltechzone.com sponsor link to look less manipulative

4 years agoRebuild homepage
Fabian Keil [Thu, 30 Jan 2020 12:43:43 +0000 (13:43 +0100)]
Rebuild homepage

4 years agoAdjust cooltechzone.com sponsor link to look less manipulative
Fabian Keil [Thu, 30 Jan 2020 12:43:28 +0000 (13:43 +0100)]
Adjust cooltechzone.com sponsor link to look less manipulative

4 years agoRegenerate homepage with new sponsor cooltechzone.com
Fabian Keil [Fri, 27 Dec 2019 11:03:50 +0000 (12:03 +0100)]
Regenerate homepage with new sponsor cooltechzone.com

4 years agoAdd cooltechzone.com as sponsor
Fabian Keil [Fri, 27 Dec 2019 11:02:47 +0000 (12:02 +0100)]
Add cooltechzone.com as sponsor

4 years agoAdapt Debian patches to git development branch.
Roland Rosenfeld [Sat, 30 Nov 2019 17:32:10 +0000 (18:32 +0100)]
Adapt Debian patches to git development branch.

4 years agoApply Debian package changes 3.0.28-1 and 3.0.28-2
Roland Rosenfeld [Sat, 30 Nov 2019 11:37:22 +0000 (12:37 +0100)]
Apply Debian package changes 3.0.28-1 and 3.0.28-2

4 years agoRemove a couple of spaces
Fabian Keil [Wed, 27 Nov 2019 12:28:58 +0000 (13:28 +0100)]
Remove a couple of spaces

4 years agoMove config.h include higher
Fabian Keil [Wed, 27 Nov 2019 12:15:32 +0000 (13:15 +0100)]
Move config.h include higher

4 years agoDon't clear the buffer passed to mbedtls_strerror()
Fabian Keil [Tue, 26 Nov 2019 12:35:30 +0000 (13:35 +0100)]
Don't clear the buffer passed to mbedtls_strerror()

mbedtls_strerror() clears the buffer itself.

4 years agossl_verify_callback(): Use malloc_or_die()
Fabian Keil [Tue, 26 Nov 2019 12:05:12 +0000 (13:05 +0100)]
ssl_verify_callback(): Use malloc_or_die()

4 years agomake_certs_path(): Use zalloc_or_die()
Fabian Keil [Tue, 26 Nov 2019 12:02:18 +0000 (13:02 +0100)]
make_certs_path(): Use zalloc_or_die()

4 years agowrite_private_key(): Use zalloc_or_die()
Fabian Keil [Tue, 26 Nov 2019 12:01:22 +0000 (13:01 +0100)]
write_private_key(): Use zalloc_or_die()

4 years agoFix comment indentation
Fabian Keil [Tue, 26 Nov 2019 11:41:29 +0000 (12:41 +0100)]
Fix comment indentation

4 years agoRemove a couple of spaces
Fabian Keil [Tue, 26 Nov 2019 11:40:57 +0000 (12:40 +0100)]
Remove a couple of spaces

4 years agoFix typo
Fabian Keil [Mon, 25 Nov 2019 13:06:01 +0000 (14:06 +0100)]
Fix typo

4 years agoFix typo
Fabian Keil [Mon, 25 Nov 2019 13:01:16 +0000 (14:01 +0100)]
Fix typo

4 years agoFix spelling in comment
Fabian Keil [Thu, 21 Nov 2019 12:15:25 +0000 (13:15 +0100)]
Fix spelling in comment

4 years agoFix spelling in comment
Fabian Keil [Thu, 21 Nov 2019 11:49:58 +0000 (12:49 +0100)]
Fix spelling in comment

4 years agoFix indentation
Fabian Keil [Tue, 19 Nov 2019 14:37:00 +0000 (15:37 +0100)]
Fix indentation

4 years agoMove LIMIT_MUTEX_NUMBER definition to project.h
Fabian Keil [Tue, 19 Nov 2019 13:53:14 +0000 (14:53 +0100)]
Move LIMIT_MUTEX_NUMBER definition to project.h

... as it is also used in other files.

4 years agoFix indentation
Fabian Keil [Tue, 19 Nov 2019 13:51:41 +0000 (14:51 +0100)]
Fix indentation

4 years agoRemove a bunch of spaces
Fabian Keil [Tue, 19 Nov 2019 13:48:04 +0000 (14:48 +0100)]
Remove a bunch of spaces

4 years agoAdd a missing space
Fabian Keil [Tue, 19 Nov 2019 13:33:09 +0000 (14:33 +0100)]
Add a missing space

4 years agoMove two typedefs from project.h to ssl.c
Fabian Keil [Tue, 19 Nov 2019 13:31:26 +0000 (14:31 +0100)]
Move two typedefs from project.h to ssl.c