if connection-sharing is enabled.
- A TODO list has been added to the source tarball to give potential
volunteers a better idea of what the current goals are. Donations
- are still welcome too: http://www.privoxy.org/faq/general.html#DONATE
+ are still welcome too: https://www.privoxy.org/faq/general.html#DONATE
*** Version 3.0.12 ***
W32_LIB = @WIN_ONLY@-lwsock32 -lcomctl32
W32_INIS = @WIN_ONLY@config.txt trust.txt
-SSL_SRC = @FEATURE_HTTPS_FILTERING_ONLY@ssl.c
-SSL_OBJS = @FEATURE_HTTPS_FILTERING_ONLY@$(SSL_SRC:.c=.o)
-SSL_HDRS = @FEATURE_HTTPS_FILTERING_ONLY@$(SSL_SRC:.c=.h) project.h
+SSL_SRC = @FEATURE_HTTPS_INSPECTION_ONLY@ssl.c
+SSL_OBJS = @FEATURE_HTTPS_INSPECTION_ONLY@$(SSL_SRC:.c=.o)
+SSL_HDRS = @FEATURE_HTTPS_INSPECTION_ONLY@$(SSL_SRC:.c=.h) project.h
PCRS_SRC = @STATIC_PCRS_ONLY@pcrs.c
PCRS_OBJS = @STATIC_PCRS_ONLY@$(PCRS_SRC:.c=.@OBJEXT@)
This will create a directory named <root-dir>/privoxy/, which will contain the
source tree.
-Note that source code in GIT is development quality, and may not be stable or
+Note that source code in Git is development quality, and may not be stable or
well tested.
It is strongly recommended to not run Privoxy as root. You should configure/
-# Written by and Copyright (C) 2001 the SourceForge
-# Privoxy team. http://www.privoxy.org/
+# Written by and Copyright (C) 2001 the
+# Privoxy team. https://www.privoxy.org/
#
# Based on the Internet Junkbuster originally written
# by and Copyright (C) 1997 Anonymous Coders and
* getting ludicrously long with feature defines.
*
* Copyright : Written by and Copyright (C) 2001-2014 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* DEFINE_ACTION_ALIAS
*
* Copyright : Written by and Copyright (C) 2001-2014 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
DEFINE_CGI_PARAM_NO_RADIO("delay-response", ACTION_DELAY_RESPONSE, ACTION_STRING_DELAY_RESPONSE, "100")
DEFINE_CGI_PARAM_RADIO ("deanimate-gifs", ACTION_DEANIMATE, ACTION_STRING_DEANIMATE, "last", 1)
DEFINE_ACTION_BOOL ("downgrade-http-version", ACTION_DOWNGRADE)
-#ifdef FEATURE_HTTPS_FILTERING
-DEFINE_ACTION_BOOL ("enable-https-filtering", ACTION_ENABLE_HTTPS_FILTER)
-#endif
#ifdef FEATURE_EXTERNAL_FILTERS
DEFINE_ACTION_MULTI ("external-filter", ACTION_MULTI_EXTERNAL_FILTER)
#endif
DEFINE_CGI_PARAM_CUSTOM ("hide-referrer", ACTION_HIDE_REFERER, ACTION_STRING_REFERER, "http://www.privoxy.org/")
DEFINE_ACTION_STRING ("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT)
DEFINE_CGI_PARAM_NO_RADIO("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT, "Privoxy " VERSION)
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
+DEFINE_ACTION_BOOL ("https-inspection", ACTION_HTTPS_INSPECTION)
DEFINE_ACTION_BOOL ("ignore-certificate-errors", ACTION_IGNORE_CERTIFICATE_ERRORS)
#endif
DEFINE_ACTION_STRING ("limit-connect", ACTION_LIMIT_CONNECT, ACTION_STRING_LIMIT_CONNECT)
* Purpose : Declares functions to work with actions files
*
* Copyright : Written by and Copyright (C) 2001-2016 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* Functions declared include: FIXME
*
* Copyright : Written by and Copyright (C) 2001-2007 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* actual handler functions are declared elsewhere.
*
* Copyright : Written by and Copyright (C) 2001-2017
- * members of the Privoxy team. http://www.privoxy.org/
+ * members of the Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
*
*
* Copyright : Written by and Copyright (C) 2001-2009 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* Stick to the short names in this file for consistency.
*
* Copyright : Written by and Copyright (C) 2001-2014 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
*
*
* Copyright : Written by and Copyright (C) 2001 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* status.
*
* Copyright : Written by and Copyright (C) 2001-2017 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
#endif
},
{
- "FEATURE_HTTPS_FILTERING",
-#ifdef FEATURE_HTTPS_FILTERING
+ "FEATURE_HTTPS_INSPECTION",
+#ifdef FEATURE_HTTPS_INSPECTION
1,
#else
0,
*
*
* Copyright : Written by and Copyright (C) 2001-2017 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
# Sample Configuration File for Privoxy 3.0.29
#
-# Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+# Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
#
#####################################################################
# #
# result in DNS traffic.
#
# If the specified address isn't available on the system, or if
-# the hostname can't be resolved, Privoxy will fail to start.
+# the hostname can't be resolved, Privoxy will fail to start. On
+# GNU/Linux, and other platforms that can listen on not yet
+# assigned IP addresses, Privoxy will start and will listen on
+# the specified address whenever the IP address is assigned to
+# the system
#
# IPv6 addresses containing colons have to be quoted by
# brackets. They can only be used if Privoxy has been compiled
# # Define a couple of tags, the described effect requires action sections
# # that are enabled based on CLIENT-TAG patterns.
# client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
-# disable-content-filters Disable content-filters but do not affect other actions
-#
+# client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
#
#
# 6.17. client-tag-lifetime
# This directive specifies the directory where the CA key, the
# CA certificate and the trusted CAs file are located.
#
+# The permissions should only let Privoxy and the Privoxy admin
+# access the directory.
+#
# Examples:
#
# ca-directory /usr/local/etc/privoxy/CA
# This directive specifies the name of the CA certificate file
# in ".crt" format.
#
-# It can be generated with: openssl req -new -x509 -extensions
-# v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+# The file is used by Privoxy to generate website certificates
+# when https inspection is enabled with the https-inspection
+# action.
+#
+# Privoxy clients should import the certificate so that they can
+# validate the generated certificates.
+#
+# The file can be generated with: openssl req -new -x509
+# -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
#
# Examples:
#
# Notes:
#
# This directive specifies the directory where generated TLS/SSL
-# keys and certificates are saved.
+# keys and certificates are saved when https inspection is
+# enabled with the https-inspection action.
+#
+# The keys and certificates currently have to be deleted
+# manually when changing the ca-cert-file and the ca-cert-key.
+#
+# The permissions should only let Privoxy and the Privoxy admin
+# access the directory.
#
# Examples:
#
# Notes:
#
# This directive specifies the trusted CAs file that is used
-# when validating certificates for intercepted TLS/SSL request.
+# when validating certificates for intercepted TLS/SSL requests.
#
# An example file can be downloaded from https://curl.haxx.se/ca
# /cacert.pem.
AC_SUBST(STATIC_PCRE_ONLY)
AC_SUBST(STATIC_PCRS_ONLY)
-dnl =======================================================
-dnl check for mbedTLS which is required for https filtering
-dnl =======================================================
-FEATURE_HTTPS_FILTERING_ONLY=#
+dnl ========================================================
+dnl check for mbedTLS which is required for https inspection
+dnl ========================================================
+FEATURE_HTTPS_INSPECTION_ONLY=#
OPT_MBEDTLS=no
AC_ARG_WITH(mbedtls,dnl
-AC_HELP_STRING([--with-mbedtls],[enable mbedTLS detection for https filtering.])
+AC_HELP_STRING([--with-mbedtls],[enable mbedTLS detection for https inspection.])
AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]),
OPT_MBEDTLS=$withval)
AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
[
- AC_DEFINE(FEATURE_HTTPS_FILTERING, 1, [if mbedTLS is enabled])
- AC_SUBST(FEATURE_HTTPS_FILTERING, [1])
- FEATURE_HTTPS_FILTERING="yes"
+ AC_DEFINE(FEATURE_HTTPS_INSPECTION, 1, [if mbedTLS is enabled])
+ AC_SUBST(FEATURE_HTTPS_INSPECTION, [1])
+ FEATURE_HTTPS_INSPECTION="yes"
], [], -lmbedx509 -lmbedcrypto)
- if test "x$FEATURE_HTTPS_FILTERING" = "xyes"; then
- AC_MSG_NOTICE([Detected mbedTLS. Enabling https filtering.])
+ if test "x$FEATURE_HTTPS_INSPECTION" = "xyes"; then
+ AC_MSG_NOTICE([Detected mbedTLS. Enabling https inspection.])
LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
- FEATURE_HTTPS_FILTERING_ONLY=
+ FEATURE_HTTPS_INSPECTION_ONLY=
fi
fi
-AC_SUBST(FEATURE_HTTPS_FILTERING_ONLY)
+AC_SUBST(FEATURE_HTTPS_INSPECTION_ONLY)
dnl =================================================================
* latest SDK too? Shudder, I think not.
*
* Copyright : Written by and Copyright (C) 2001 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* - Deanimation of GIF images
*
* Copyright : Written by and Copyright (C) 2001 - 2004, 2006 by the
- * SourceForge Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the GIF file format specification (see
* http://tronche.com/computer-graphics/gif/gif89a.html)
*
*
* Copyright : Written by and Copyright (C) 2001 - 2004 by the the
- * SourceForge Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on ideas from the Image::DeAnim Perl module by
* Ken MacFarlane, <ksm+cpan@universal.dca.net>
+privoxy (3.0.29~git6a358e-1) UNRELEASED; urgency=medium
+
+ * New upstream developement version.
+ * Update all patches to new version.
+ * 36_trusted-cgi-referer-example and 37_ppedit-tests403 are now
+ incorporated upstream.
+
+ -- Roland Rosenfeld <roland@debian.org> Sat, 30 Nov 2019 12:44:20 +0100
+
+privoxy (3.0.28-2) unstable; urgency=medium
+
+ * d/tests/privoxy-regression-test: Remove tmpdir on exit.
+ * 36_trusted-cgi-referer-example: Comment trusted-cgi-referer pointing
+ to example.org
+ * d/maintscript: Remove orphaned /etc/privoxy/templates/show-version
+ (Closes: #918110).
+ * 37_ppedit-tests403: Update a bunch of regression tests that have to
+ expect status code 403 now.
+ * Enable enable-edit-actions in privoxy-regression-test again.
+ * Upgrade to debhelper v12.
+ * Update (minimal) upstream signing key.
+ * Add Pre-Depends: ${misc:Pre-Depends} for --skip-systemd-native.
+
+ -- Roland Rosenfeld <roland@debian.org> Sun, 06 Jan 2019 13:07:14 +0100
+
+privoxy (3.0.28-1) unstable; urgency=medium
+
+ [ Roland Rosenfeld ]
+ * Add es debconf translation. Thanks to Jonathan Bustillos (Closes: #903863).
+ * 38_connection_close: Don't add a "Connection" header for CONNECT requests.
+
+ [ Ondřej Nový ]
+ * d/tests: Use AUTOPKGTEST_TMP instead of ADTTMP
+ * d/watch: Use https protocol
+
+ [ Roland Rosenfeld ]
+ * d/tests: Fix leftover ADTTMP.
+ * Add salsa CI pipeline in debian/gitlab-ci.yml.
+ * New upstream version 3.0.28.
+ * Adapt all patches to new version (06_8bit_manual is implemented in a
+ better way upstream now, 36_openspopenjade is replaced by some
+ autoconf code, 37_adventofcode and 38_connection_close are included
+ upstream).
+ * Update debian/copyright.
+ * Upgrade to Standards-Version 4.3.0 (Declare Rules-Requires-Root: no).
+ * Move PID file from /var/run to /run.
+ * Undo voodoo to remove CVS tags from configs since upstream uses git
+ now.
+ * Disable enable-edit-actions in privoxy-regression-test, since the test
+ seems to be broken (does not use referrer, which is required here).
+
+ -- Roland Rosenfeld <roland@debian.org> Mon, 31 Dec 2018 16:52:27 +0100
+
privoxy (3.0.26-6) unstable; urgency=medium
* Fix typo in patch description.
Priority: optional
Maintainer: Roland Rosenfeld <roland@debian.org>
Build-Depends: autoconf,
- debhelper (>= 11~),
+ debhelper (>= 12~),
docbook,
docbook-dsssl,
docbook-utils,
sgmlspl,
w3m,
zlib1g-dev
-Standards-Version: 4.1.4
+Standards-Version: 4.3.0
Homepage: https://www.privoxy.org/
Vcs-Git: https://salsa.debian.org/debian/privoxy.git
Vcs-Browser: https://salsa.debian.org/debian/privoxy
+Rules-Requires-Root: no
Package: privoxy
Architecture: any
${misc:Depends},
${perl:Depends},
${shlibs:Depends}
+Pre-Depends: ${misc:Pre-Depends}
Recommends: doc-base
Description: Privacy enhancing HTTP Proxy
Privoxy is a web proxy with advanced filtering capabilities for
Files: *
Copyright:
- Copyright (C) 2001-2016 by the Privoxy team. http://www.privoxy.org/
+ Copyright (C) 2001-2018 by the Privoxy team. http://www.privoxy.org/
Parts Copyright (C) 1999 Adam Lock <locka@iol.ie>
Parts Copyright (C) 2003 Ian Cummings <ian_a_c@hotmail.com>
Parts Copyright (C) 2000, 2001 by Andreas S. Oesterhelt <andreas@oesterhelt.org>
- Parts Copyright (C) 2006-2016 Fabian Keil <fk@fabiankeil.de>
+ Parts Copyright (C) 2006-2018 Fabian Keil <fk@fabiankeil.de>
Comment:
Based on the Internet Junkbuster originally written
by and Copyright (C) 1997 Anonymous Coders and
tools/privoxy-log-parser.pl tools/url-pattern-translator.pl utils/changelog2doc.pl
utils/create-package-feed.pl
Copyright:
- Copyright (c) 2006-2016 Fabian Keil <fk@fabiankeil.de>
+ Copyright (c) 2006-2017 Fabian Keil <fk@fabiankeil.de>
License: ISC
Files: strptime.h
Files: debian/*
Copyright:
- 2002-2016 Roland Rosenfeld <roland@debian.org>
+ 2002-2018 Roland Rosenfeld <roland@debian.org>
License: GPL-2+
Files: pcre/*
--- /dev/null
+include: https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+
+build:
+ extends: .build-unstable
+
+reprotest:
+ extends: .test-reprotest
+
+lintian:
+ extends: .test-lintian
+
+autopkgtest:
+ extends: .test-autopkgtest
+
+piuparts:
+ extends: .test-piuparts
DESC="filtering proxy server"
NAME=privoxy
DAEMON=/usr/sbin/$NAME
-PIDFILE=/var/run/$NAME.pid
+PIDFILE=/run/$NAME.pid
OWNER=privoxy
CONFIGFILE=/etc/privoxy/config
DAEMON_ARGS="--pidfile $PIDFILE --user $OWNER $CONFIGFILE"
if which invoke-rc.d >/dev/null 2>&1; then
invoke-rc.d privoxy rotate > /dev/null
else
- if [ -f /var/run/privoxy.pid ]; then
+ if [ -f /run/privoxy.pid ]; then
/etc/init.d/privoxy rotate > /dev/null
fi
fi
--- /dev/null
+rm_conffile /etc/privoxy/templates/show-version 3.0.28-2~ privoxy
--- a/default.action.master
+++ b/default.action.master
-@@ -2419,6 +2419,9 @@ schneegans.de/sv/\?url=referer
+@@ -2433,6 +2433,9 @@ schneegans.de/sv/\?url=referer
#MASTER# REMARKS: Exclude per Debian bug report #377843
# URL = http://blogs.msdn.com/wga/archive/2006/07/16/667063.aspx
blogs.msdn.com
{-filter{unsolicited-popups}}
# Sticky Actions = -filter{unsolicited-popups}
-@@ -2477,6 +2480,11 @@ tr.anp.se/
+@@ -2491,6 +2494,11 @@ tr.anp.se/
{+filter{tiny-textforms}}
.sourceforge.net/tracker
+++ /dev/null
-From: Roland Rosenfeld <roland@debian.org>
-Date: Sun, 15 May 2005 15:28:56 +0200
-Subject: Stop converting 8bit chars in the documentation (#203697)
-Bug-Debian: https://bugs.debian.org/203697
-
---- a/doc/source/ldp.dsl.in
-+++ b/doc/source/ldp.dsl.in
-@@ -47,9 +47,9 @@
- \r
- ;; this is necessary because right now jadetex does not understand\r
- ;; symbolic entities, whereas things work well with numeric entities.\r
--(declare-characteristic preserve-sdata?\r
-- "UNREGISTERED::James Clark//Characteristic::preserve-sdata?"\r
-- #f)\r
-+;(declare-characteristic preserve-sdata?\r
-+; "UNREGISTERED::James Clark//Characteristic::preserve-sdata?"\r
-+; #f)\r
- \r
- ;; put the legal notice in a separate file\r
- (define %generate-legalnotice-link%\r
-@@ -257,9 +257,9 @@
- \r
- ;; this is necessary because right now jadetex does not understand\r
- ;; symbolic entities, whereas things work well with numeric entities.\r
--(declare-characteristic preserve-sdata?\r
-- "UNREGISTERED::James Clark//Characteristic::preserve-sdata?"\r
-- #f)\r
-+;(declare-characteristic preserve-sdata?\r
-+; "UNREGISTERED::James Clark//Characteristic::preserve-sdata?"\r
-+; #f)\r
- \r
- ;; put the legal notice in a separate file\r
- (define %generate-legalnotice-link%\r
--- a/config
+++ b/config
-@@ -128,7 +128,7 @@
+@@ -127,7 +127,7 @@
# config file, because it is used while the config file is
# being read.
#
#
# 1.2. trust-info-url
# ====================
-@@ -260,7 +260,7 @@
+@@ -259,7 +259,7 @@
#
# No trailing "/", please.
#
#
# 2.2. templdir
# ==============
-@@ -345,7 +345,7 @@ confdir .
+@@ -344,7 +344,7 @@ confdir .
#
# No trailing "/", please.
#
VAR_DEST = @localstatedir@
--- a/doc/source/privoxy-man-page.sgml
+++ b/doc/source/privoxy-man-page.sgml
-@@ -58,7 +58,7 @@
+@@ -54,7 +54,7 @@
</refentryinfo>
<refmeta>
<refentrytitle>privoxy</refentrytitle>
--- a/templates/no-such-domain
+++ b/templates/no-such-domain
-@@ -79,7 +79,7 @@
+@@ -78,7 +78,7 @@
<html>
<head>
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Script-Type" content="text/javascript">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-@@ -95,7 +95,7 @@
+@@ -94,7 +94,7 @@
<table summary="" cellpadding="20" cellspacing="10" border="0" width="100%">
<tr>
<td class="status">
--- a/match-all.action
+++ b/match-all.action
-@@ -11,7 +11,16 @@
+@@ -10,7 +10,16 @@
+client-header-tagger{css-requests} \
+client-header-tagger{image-requests} \
+client-header-tagger{range-requests} \
--- a/configure.in
+++ b/configure.in
-@@ -491,7 +491,7 @@ dnl gmtime and localtime
+@@ -508,7 +508,7 @@ dnl gmtime and localtime
dnl =================================================================
dnl Next line needed to find the gethost*_r functions on Solaris
--- a/jbsockets.c
+++ b/jbsockets.c
-@@ -867,20 +867,7 @@ int bind_port(const char *hostnam, int p
+@@ -975,20 +975,7 @@ int bind_port(const char *hostnam, int p
}
memset(&hints, 0, sizeof(struct addrinfo));
--- a/GNUmakefile.in
+++ b/GNUmakefile.in
-@@ -484,8 +484,7 @@ man: dok-release
+@@ -537,8 +537,7 @@ man: dok-release
perl -pi.bak -e "s/\[ /\[/g;s/á/\\\\['a]/g;s/é/\\\\['e]/g" $(MAN_PAGE); \
perl -pi.bak -e "s/ö/\\\\[:o]/g" $(MAN_PAGE); \
perl -pi.bak -e 's/([ {])-([a-z])/$$1\\-$$2/g' $(MAN_PAGE); \
--- a/GNUmakefile.in
+++ b/GNUmakefile.in
-@@ -479,7 +479,7 @@ dok-man:
+@@ -532,7 +532,7 @@ dok-man:
# target for man page generation!
man: dok-release
mkdir -p doc/source/temp && cd doc/source/temp && $(RM) * ;\
-- nsgmls ../privoxy-man-page.sgml | sgmlspl ../../../utils/docbook2man/docbook2man-spec.pl &&\
-+ nsgmls ../privoxy-man-page.sgml | sgmlspl /usr/share/perl5/sgmlspl-specs/docbook2man-spec.pl &&\
+- $(NSGMLS) ../privoxy-man-page.sgml | sgmlspl ../../../utils/docbook2man/docbook2man-spec.pl &&\
++ $(NSGMLS) ../privoxy-man-page.sgml | sgmlspl /usr/share/perl5/sgmlspl-specs/docbook2man-spec.pl &&\
perl -pi.bak -e 's/ <URL:.*>//; s/\[ /\[/g' $(MAN_PAGE) ;\
perl -pi.bak -e "s/\[ /\[/g;s/á/\\\\['a]/g;s/é/\\\\['e]/g" $(MAN_PAGE); \
perl -pi.bak -e "s/ö/\\\\[:o]/g" $(MAN_PAGE); \
--- a/tools/privoxy-log-parser.pl
+++ b/tools/privoxy-log-parser.pl
-@@ -2612,7 +2612,7 @@ omitted, ANSI escape sequences are used
+@@ -2628,7 +2628,7 @@ omitted, ANSI escape sequences are used
This option is only intended to make embedding log excerpts in web pages easier.
It does not escape any input!
+++ /dev/null
-From: Neil Roeth <neil@debian.org>
-Date: Sat, 10 Sep 2016 08:48:35 +0200
-Subject: Replace sp and jade with opensp and openjade.
-Bug-Debian: https://bugs.debian.org/837207
-
---- a/GNUmakefile.in
-+++ b/GNUmakefile.in
-@@ -479,7 +479,7 @@ dok-man:
- # target for man page generation!
- man: dok-release
- mkdir -p doc/source/temp && cd doc/source/temp && $(RM) * ;\
-- nsgmls ../privoxy-man-page.sgml | sgmlspl /usr/share/perl5/sgmlspl-specs/docbook2man-spec.pl &&\
-+ onsgmls ../privoxy-man-page.sgml | sgmlspl /usr/share/perl5/sgmlspl-specs/docbook2man-spec.pl &&\
- perl -pi.bak -e 's/ <URL:.*>//; s/\[ /\[/g' $(MAN_PAGE) ;\
- perl -pi.bak -e "s/\[ /\[/g;s/á/\\\\['a]/g;s/é/\\\\['e]/g" $(MAN_PAGE); \
- perl -pi.bak -e "s/ö/\\\\[:o]/g" $(MAN_PAGE); \
---- a/utils/docbook2man/docbook2man-spec.pl.1
-+++ b/utils/docbook2man/docbook2man-spec.pl.1
-@@ -11,14 +11,14 @@ docbook2man-spec.pl \- convert DocBook R
- \fBsgmlspl\fR \fBdocbook2man-spec.pl\fR
-
-
--\fBnsgmls\fR [ \fB\fIsgml document\fB\fR ]\fB| sgmlspl\fR \fBdocbook2man-spec.pl\fR
-+\fBonsgmls\fR [ \fB\fIsgml document\fB\fR ]\fB| sgmlspl\fR \fBdocbook2man-spec.pl\fR
-
- .SH "DESCRIPTION"
- .PP
- \fBdocbook2man\fR is a sgmlspl spec file that produced man
- pages (using the -man macros) from DocBook RefEntry markup.
- .PP
--The program reads ESIS produced by nsgmls (or other SGML parsers) from
-+The program reads ESIS produced by onsgmls (or other SGML parsers) from
- standard input. Markup not found in RefEntry is discarded.
- .PP
- Its output, the converted man pages, are written to the current directory. If
+++ /dev/null
-From: Roland Rosenfeld <roland@debian.org>
-Date: Wed, 11 Jan 2017 22:24:55 +0100
-Subject: unblock adventofcode.com
-Bug-Debian: https://bugs.debian.org/848211
-Forwarded: https://sourceforge.net/p/ijbswa/actionsfile-feedback/937/
-
---- a/default.action.master
-+++ b/default.action.master
-@@ -1941,7 +1941,8 @@ klikki.fi/adv/
- #MASTER# UNBLOCK-REFERRER: http://www.ardmediathek.de/tv
- # URL = http://www.ardmediathek.de/ard/static/img/ardmt/banner/ard-mediathek.svg
- .ardmediathek.de/
--
-+#MASTER# UNBLOCK-REFERRER: http://adventofcode.com
-+adventofcode.com
-
- #############################################################################
- # Site-specific special rules:
05_defaut_action.patch
-06_8bit_manual.patch
14_config.patch
15_mansection8.patch
17_502_no_such_domain.patch
33_manpage_hyphen.patch
34_system-docbook2man.patch
35_man-spelling.patch
-36_openspopenjade.patch
-37_adventofcode.patch
--- /dev/null
+# privoxy po-debconf translation to Spanish.
+# Copyright (C) 2018 Software in the Public Interest
+# This file is distributed under the same license as the privoxy package.
+#
+# - Initial translation
+# Jonathan Bustillos <jathanblackred@openmailbox.com>, 2018.
+#
+# Traductores, si no conocen el formato PO, merece la pena leer la
+# documentación de gettext, especialmente las secciones dedicadas a este
+# formato, por ejemplo ejecutando:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Equipo de traducción al español, por favor lean antes de traducir
+# los siguientes documentos:
+#
+# - El proyecto de traducción de Debian al español
+# http://www.debian.org/intl/spanish/
+# especialmente las notas y normas de traducción en
+# http://www.debian.org/intl/spanish/notas
+#
+# - La guÃa de traducción de po's de debconf:
+# /usr/share/doc/po-debconf/README-trans
+# o http://www.debian.org/intl/l10n/po-debconf/README-trans
+msgid ""
+msgstr ""
+"Project-Id-Version: privoxy\n"
+"Report-Msgid-Bugs-To: privoxy@packages.debian.org\n"
+"POT-Creation-Date: 2016-04-08 17:17+0200\n"
+"PO-Revision-Date: 2018-07-16 00:23+0200\n"
+"Last-Translator: Jonathan Bustillos <jathanblackred@openmailbox.com>\n"
+"Language-Team: Debian Spanish <debian-l10n-spanish@lists.debian.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Gtranslator 2.91.7\n"
+
+#. Type: string
+#. Description
+#: ../templates:1001
+msgid "Adresses on with Privoxy listens:"
+msgstr "Direcciones que Privoxy escucha:"
+
+#. Type: string
+#. Description
+#: ../templates:1001
+msgid ""
+"Please enter a space separated list of address:port combinations on which "
+"Privoxy will listen for client requests."
+msgstr ""
+"Introduzca una lista de combinaciones dirección:puerto separadas por "
+"espacios en las que Privoxy escuchará las solicitudes de los clientes."
After=network.target
[Service]
-Environment=PIDFILE=/var/run/privoxy.pid
+Environment=PIDFILE=/run/privoxy.pid
Environment=OWNER=privoxy
Environment=CONFIGFILE=/etc/privoxy/config
Type=forking
-PIDFile=/var/run/privoxy.pid
+PIDFile=/run/privoxy.pid
ExecStart=/usr/sbin/privoxy --pidfile $PIDFILE --user $OWNER $CONFIGFILE
ExecStopPost=/bin/rm -f $PIDFILE
SuccessExitStatus=15
override_dh_auto_install:
install -m 0755 privoxy $(DEBDIR)/usr/sbin/privoxy
- sed -e 's/\(Sample Configuration File for Privoxy\).*/\1/;' \
- -e 's/\$$Id: config,v.*/Id: config,v/' < config \
+ sed -e 's/\(Sample Configuration File for Privoxy\).*/\1/;' < config \
> $(DEBDIR)/usr/share/privoxy/config
install -m 0644 default.action $(DEBDIR)/etc/privoxy/default.action
install -m 0644 match-all.action $(DEBDIR)/etc/privoxy/match-all.action
cp -r templates $(DEBDIR)/etc/privoxy/
rm -f $(DEBDIR)/etc/privoxy/templates/*~
- rm -rf $(DEBDIR)/etc/privoxy/templates/CVS
-# Remove CVS tags and trailing spaces from config files:
+# Remove trailing spaces from config files:
find $(DEBDIR)/etc/privoxy -type f \
- | xargs grep -l '\$$[A-Z][^$$]*:[^$$]*\$$' \
+ | xargs grep -l ' $$' \
| while read f; do \
- sed -e 's/\$$\(Id: [^$$]*,v\)[^$$]*\$$/\1/' \
- -e 's/\$$\(Source: [^$$]*\)\$$/\1/' \
- -e 's/\$$\(Log: [^$$]*\)\$$/\1/' \
- -e 's/ *$$//' < $$f > $$f.new; \
+ sed -e 's/ *$$//' < $$f > $$f.new; \
mv -f $$f.new $$f; \
done
override_dh_installdocs:
- dh_installdocs -XCVS
+ dh_installdocs
(cd $(DEBDIR)/usr/share/doc/privoxy/; \
mv privoxy-index.html index.html)
(cd $(DEBDIR)/usr/share/doc/privoxy/user-manual; ln -s '../p_doc.css')
# Run privoxy-regression-test.pl on a configuration extended by
# regression-tests.action.
#
-# (c) 2016 Roland Rosenfeld <roland@debian.org>
+# (c) 2018 Roland Rosenfeld <roland@debian.org>
PORT=8119
-if [ -z "$ADTTMP" ]; then
- ADTTMP=$(mktemp -d)
+if [ -z "$AUTOPKGTEST_TMP" ]; then
+ AUTOPKGTEST_TMP=$(mktemp -d)
fi
-CONFIG=$ADTTMP/config
-PIDFILE=$ADTTMP/privoxy.pid
+trap "rm -rf $AUTOPKGTEST_TMP" EXIT
+
+CONFIG=$AUTOPKGTEST_TMP/config
+PIDFILE=$AUTOPKGTEST_TMP/privoxy.pid
sed -e "s/^listen-address.*/listen-address 127.0.0.1:$PORT/" \
- -e "s%^logdir.*%logdir $ADTTMP%" \
+ -e "s%^logdir.*%logdir $AUTOPKGTEST_TMP%" \
-e "s/^enable-edit-actions.*/enable-edit-actions 1/" \
-e "s/^keep-alive-timeout.*/keep-alive-timeout 21/" \
-e "s/^#connection-sharing.*/connection-sharing 1/" \
http_proxy=http://127.0.0.1:$PORT/
export http_proxy
-OUTFILE=$ADTTMP/output
+OUTFILE=$AUTOPKGTEST_TMP/output
/usr/bin/privoxy-regression-test --max-level 200 --show-skipped-tests \
| tee $OUTFILE 2>&1
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.12 (GNU/Linux)
mQINBFB0JFYBEACy/Kz2i9v9hLuZpZWsToyVhhByN2wNVPv6vi3+U+fGNndG0Gxk
SzEMqJDmNGSCrsllZCaAion3MgmdyZP8gNURf56NhE/CaMD3XLQWHTtBwTPPg/Bm
WNHdHqjgQ0zxT31WxE6lYCCv9cwfLFoY7ZG6YuRhQEeVNazRb+YrcIxpbvkbamBu
VmSEvzIhGN9PiWL1yOYJkNogR199f8zVRvuA4NYztg3e6RSOi3D3wyrZ7OIo2DI0
en0AWSt0bpdGoaTiLWLyoZg1WOc5wNTWimDeZZkFrWhKLhE7RKagQXGeBwARAQAB
-tB5GYWJpYW4gS2VpbCA8ZmtAZmFiaWFua2VpbC5kZT6JAj0EEwEIACcFAlB0JFYC
-GwMFCQPCZwAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQaRgikYuiNxySZg//
-VDHj0S26AEYynVbswitx79kEppfz7LHIJq37KTnOLZm29+q59hbfi1t5hSz13s76
-vdUSRvL1PH0hm/pZ5D4+ZNvsfA4sHUrO/l/YR6XZbsC0FggxGvEhXXR3ZDf0y9Am
-4N4iauC3dC7nJdA0MURV12Ckd47J76IQGhHZBscKAG7rwBm9nGhxCfp1gzo1a+Uw
-zPXktvqKEwpw+8qx5oeKjxaGzBxrTbW8gFa8KlKftkAbfIprdLMVos5ojMqbBx2V
-Eh7GSu+eEodS3vDQf+WZ2zCwtfYwfsWhLRsLhljIyNA8yKQR0fePS8NI0drxrx8C
-hputf20T0TJVmSAWktCppaNa1Lw2sd+Jh6ol/ioIWm68FgwdTXqrcmjkX8OwPIPh
-9FyBUlcix4tDJGnhQcgdy9DLvleEupIiE3F1L8hfrBJRUA/au1m6iEcOMslXaScm
-0UspqV0HMG47Clw0Gs/GoukHCYbk8Z1Xp14xBHPUodUgMEFzsgvBprgJf4gkrD/z
-700eChSalxxpsyDppwBMUSVmSiFSfLeANzmH6ADbmjlpMtDhQ/Y11HfEnBL9uvrA
-9cxNy4fVU9wsUmo84u3XxbyTCFMYf93IQBoRu9kdnAP9CMIs8Eix5ZS6p/wOQ9BN
-gFRhLnHVxcX2kSe33qXIq8H7l+OTrxChP68BznWx38GJAj0EEwEIACcCGwMFCwkI
-BwMFFQoJCAsFFgIDAQACHgECF4AFAlQ2yq0FCQeFDVIACgkQaRgikYuiNxzpBQ/8
-Cihlrd9wwkCEBDU+rPA+xi0VCo+OZ/UBsdCqe0L7dZim3jtc6N9kRMOFzWlilgMr
-SlDpYihYr7Ws2CCfdckcQ+zcMcEHiXqROWxqOB4ho+DoDj197pib3PZyyGZGnE8K
-e5KeoMG7InCUY4wsfRp9U4/NrocHmd3Umm5HVl7bontkOSOmw85wr+erqoAncnNC
-mxj5ZZ8lsP3kjNF/W9OBsg1MFiGPQYlBrxc1EPN6GG0/tTW+tCJTU+J1uhvtcvmf
-Sv0YLQPz70vN0KZ0UDe2wp5apenlnyKG1Nhce5dZrF8qVm9Z+RXkoz53+i8StC+D
-0dq9+c2/VDCkzrQIP2hWPkQH6jSYxbHAYWH22QF18xdsiPkLZ/cO0oyj+NrKUJCq
-z1rMveHRej1xV9zQDACm/9AovtnzaU1AMjqpL+4gQd3za+uimT7q0I64qxXqNmBs
-Qdm2PAH3YLZCMP/kYAiM1/Z8PxPjsDdE/0Hi58VwvN9IQ+QtXWMMm/Ne08od7+n1
-4ufFNpIy8JP1Jw84Fy610iqN312AYRpZ2lXPvdDryfKI2gJO6tR1MchQn/MY3B4D
-dMoLphp4VeFvAszI8AWUTmOPdpy1k2GuewyTB0UOkWsxVUjpRtuFE9XxpabQhFaO
-deNH8d2qvrh78wDQjLVcVb6tKTra4vkYMA1BtsX8lzc=
-=IyrL
+tB5GYWJpYW4gS2VpbCA8ZmtAZmFiaWFua2VpbC5kZT6JAlQEEwEIAD4CGwMFCwkI
+BwMFFQoJCAsFFgIDAQACHgECF4AWIQRPNsF/OBaRNlSh6FBpGCKRi6I3HAUCWu2d
+0gUJDjvgfAAKCRBpGCKRi6I3HKxTD/95Wq9DwgTHZhJZYRBqlwgujyXYUv3GjaUe
+JHIRuTGL5jb4Pyz3mx22N2CtCccN8uWP8fhwr7kln+05AS0wtjqN2uVyVHs0NBz6
+YW/Nrt43IyAdU6G6ZZsKR175POfoJEC36S2PRd3R7Disze+rOLaL8GvVRjRHb3xJ
+CIP4r1igyvgEyXXMgZUw5N/e9NvVZcQIaPsssfIK4B4tvdlmJvcaSCybqOyVdVIW
+KWseIkW2ngiSlujX9jZdDOnKady8Ft1L10B4mcOqU9C/K7vHvZHtAewTO0yRp8xd
+1Vkg7Qf2LxhLv9Q7DvvQJYOrr4qS/6MkzydL3bFKsDHC6H03wBjoyMyFUPikZF+3
+LDeLZ+PWkrbP3VCR3QBmx4G6/7ZoqMga2XQW+2Fr+PW5tmOb8kLJtUQ2EKay6Kw4
+oSRd6DN8rmYMBVw8JyTx+zpltPNJTpOT2c4aIfsgDMsusII3XAHrhvRlBpI387Xv
+3A8oe/LtySSficKWVIgHRtu0/8oeJ7JqxqgH+afs3e3+oZ7mw5VVLlZTj3W64a8Z
+QE4gGDB3CHv/fo1L3tsd/rys5fRNT/HhwpfCCGvUH3bkWcFmya77mdtrF87f5kf5
+K+TKWBWI1pcRVs1LjXQAlOJnXDPSIHn2J1RCqOKUV13SXVKe3gDKHuXH0pA2opbx
+xrh//mnqz7kCDQRQdCRWARAAuEZNwVptQDW4jZSTtsb9xggdDjLECDpVQ0+J0Arm
+k0Ftyr1XpUJXgbJE3SVRitKe/Ez1S9P8x6kbab/c045qBjB8rup4Tq+C0OPqVctZ
+vt1CfqwUPDJS/p+PoRigG/I0w14xg+VhnwrgL7SKxsoveHnTapXPFmCpMCqrRF3M
+Y4Ti6sitiFBTS9YbdZd6FrvvrwUqpWSRgf1JgRyzjowYiJb/9Cg0A6dYXFMFbf5M
+LEGpzB/2F+vO5zDhfsu7jNcC+BS2trMaH+sf8xMqgV3tVEJmrdUrYBkkk9yfp3N/
+KpCCdpTROjcWTIVXjHM9oUbjzJ71VQh7N/bKe5x4TsSeL7vV5gUv3tSEi7rp5nMp
+yR+6QXA/qTvlBtwQKYxDOGG3pNY38upF5WenYw1z0/UvlPJTzRaGW4Hi2zGDV4vg
+PfnvFmDa2ycyomZxWmz+/Hr/HsGOrmJNDvmqyR8mOSluptw6I09jN3qEuI++xZvD
+9uDNeuAvTkp27zqnSFHGje3zRg50urijf04DHQ6q63HxJA1K4QSICG0Wlhg5Ysoo
+2UJ0uUGuCmo+yJXPBC6EazGZ2f08ili8DppPgVoYPv+7mFclTSU1AXcUUu+DTntJ
+Ea1PkHRmnBlJAzw736aAzJ8wrMq9oU/VR8r0d1RpmZFGDpkbBtZtLSunng/KUl5Q
+jv8AEQEAAYkCPAQYAQgAJgIbDBYhBE82wX84FpE2VKHoUGkYIpGLojccBQJa7Z30
+BQkOO+CeAAoJEGkYIpGLojcc5qMP/RlY/uklsNPJu3LeulkCHfi5R4ANTFhspg5b
+Dpzujp67YMo7tbuT9IAgvG/rwzYfZyADnE+MzSkv9OBuOWkjeQPF/drHMHFjurJx
+yQvZeABlosn+EPUds/FJQleiJRLdfdfKHpRYLa4qMBV0eq542vTCh24v+vYMZEP0
+sb0o7ERHcVOgl18WtP8Gumj/9GiQt9BcGYVlFyRI/5sbaFHYt/IOyb7IK63uGlTq
+zSuVpYTQNZs6ByJ44U7W9QPMLHtoEhGESquhbTM+aRPS6wqmXkEP0/TYXRP8iEkR
+oaK26qhHMVd3Qx8WA1SdekOXlconhptJd0mzy21lXnmiTAt+vOIk3Dz7Jj9e+zLT
+tUknU+ZIt00GJMy7OCqmk7GjRk86U14ZzMEY0s7eHqAzMaNDkl0Avt79z11qODbl
+hnwhwqwpoZP5tolssAE8ejux7dkbLp/Lqso8yQpT9EVlLGimpH7/1xFI9vn6irf0
+6alOBFURg/rIuecxy4HLXkCBqH/eAWl4BdjU+8py9MznZtJk/C3eKfiKG5METM5k
+ZG+BjI1FXFJCxArHOfoKjuwbWmzgSgJjcWuYgIHdC8e6zpYpkqZLG6xR2//1H9Ax
+znY/K1T1Pluo4TEhoro7D+1fymmTRyJRVreEoo4/Hy/Yc/dVuQwIafEtA+FDejKg
+zW3qmo5y
+=pli6
-----END PGP PUBLIC KEY BLOCK-----
#http://sourceforge.net/project/showfiles.php?group_id=11118 http://prdownloads.sourceforge.net/ijbswa/privoxy-(.*)-stable-src.tar.gz\?download
-opts=pgpsigurlmangle=s/$/.asc/ http://sf.net/ijbswa/privoxy-(\d+.*)-(?:stable|beta)-src.tar.gz
+opts=pgpsigurlmangle=s/$/.asc/ https://sf.net/ijbswa/privoxy-(\d+.*)-(?:stable|beta)-src.tar.gz
#################################################################################
-#
+#
# File : default.filter
-#
+#
# Purpose : Rules to process the content of web pages
-#
+#
# Copyright : Written by and Copyright (C) 2001-2018 the
# Privoxy team. https://www.privoxy.org/
#
#
# Note2: In addition to the Perl options gimsx, the following nonstandard
# options are supported:
-#
+#
# 'U' turns the default to ungreedy matching. Add ? to quantifiers to
# switch back to greedy.
#
# escaping anything, therefore you also have to be careful not to chose
# delimiters that appear in the replacement text. For example '<' should
# be save, while '?' will sooner or later cause conflicts with $url.
-#
+#
#################################################################################
# but that would make them match only the first occurrence of
# nasty-item in each <script>. We need nestable jobs!
-# Get rid of Javascript referrer tracking.
+# Get rid of Javascript referrer tracking.
# Test page: http://www.javascript-page.com/referrer.html
#
s|(?:\w+\.)+referrer|false.toString()|gisU
s/(<body\s+[^>]*)onunload/$1never/siU
s|(<script.*)window\.onunload(?=.*</script>)|$1never|sigU
-# If we allow window.open, we want normal window features:
+# If we allow window.open, we want normal window features:
# Test: http://www.htmlgoodies.com/beyond/notitle.html
#
s/(open\s*\([^\)]+resizable=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
-s/(open\s*\([^\)]+location=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
-s/(open\s*\([^\)]+status=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
-s/(open\s*\([^\)]+scroll(?:ing|bars)=)(["']?)(?:no|0)\2/$1$2auto$2/sigU
-s/(open\s*\([^\)]+menubar=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
-s/(open\s*\([^\)]+toolbar=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
-s/(open\s*\([^\)]+directories=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
+s/(open\s*\([^\)]+location=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
+s/(open\s*\([^\)]+status=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
+s/(open\s*\([^\)]+scroll(?:ing|bars)=)(["']?)(?:no|0)\2/$1$2auto$2/sigU
+s/(open\s*\([^\)]+menubar=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
+s/(open\s*\([^\)]+toolbar=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
+s/(open\s*\([^\)]+directories=)(["']?)(?:no|0)\2/$1$2yes$2/sigU
s/(open\s*\([^\)]+fullscreen=)(["']?)(?:yes|1)\2/$1$2no$2/sigU
s/(open\s*\([^\)]+always(?:raised|lowered)=)(["']?)(?:yes|1)\2/$1$2no$2/sigU
s/(open\s*\([^\)]+z-?lock=)(["']?)(?:yes|1)\2/$1$2no$2/sigU
# New browser windows (if allowed -- see no-popups filter below) should be
# resizeable and have a location and status bar
#
-s/(<a\s+href[^>]+resizable=)(['"]?)(?:no|0)\2/$1$2yes$2/igU
-s/(<a\s+href[^>]+location=)(['"]?)(?:no|0)\2/$1$2yes$2/igU
+s/(<a\s+href[^>]+resizable=)(['"]?)(?:no|0)\2/$1$2yes$2/igU
+s/(<a\s+href[^>]+location=)(['"]?)(?:no|0)\2/$1$2yes$2/igU
s/(<a\s+href[^>]+status=)(['"]?)(?:no|0)\2/$1$2yes$2/igU
s/(<a\s+href[^>]+scrolling=)(['"]?)(?:no|0)\2/$1$2auto$2/igU
s/(<a\s+href[^>]+menubar=)(['"]?)(?:no|0)\2/$1$2yes$2/igU
s+([^'"]\s*<head.*>)(?=\s*[^'"])+$1<script>function PrivoxyWindowOpen(){return(null);}</script>+isU
s@([^\w\s.]\s*)((?:map)?(window|this|parent)\.?)?open\s*\(@$1PrivoxyWindowOpen(@ig
-s+([^'"]\s*</html>)(?!\s*(\\n|'|"))+$1<script>function PrivoxyWindowOpen(a, b, c){return(window.open(a, b, c));}</script>+iU
+s+([^'"]\s*</html>)(?!\s*(\\n|'|"))+$1<script>function PrivoxyWindowOpen(a, b, c){return(window.open(a, b, c));}</script>+iU
##################################################################################
#################################################################################
FILTER: tiny-textforms Extend those tiny textareas up to 40x80 and kill the hard wrap.
-s/(<textarea[^>]*?)(?:\s*(?:rows|cols)=(['"]?)\d+\2)+/$1 rows=$2\40$2 cols=$2\80$2/ig
+s/(<textarea[^>]*?)(?:\s*(?:rows|cols)=(['"]?)\d+\2)+/$1 rows=$2\40$2 cols=$2\80$2/ig
s/(<textarea[^>]*?)wrap=(['"]?)hard\2/$1/ig
s/(<frameset\s+[^>]*)frameborder=(['"]?)(no|0)\2/$1/igU
s/(<frameset\s+[^>]*)border=(['"]?)(no|0)\2/$1/igU
s/(<frame\s+[^>]*)noresize/$1/igU
-s/(<frame\s+[^>]*)frameborder=(['"]?)(no|0)\2/$1/igU
+s/(<frame\s+[^>]*)frameborder=(['"]?)(no|0)\2/$1/igU
s/(<frame\s+[^>]*)scrolling=(['"]?)(no|0)\2/$1/igU
#################################################################################
#
-# demoronizer: Correct Microsoft's abuse of standardized character sets, which
-# leave the browser to (mis)-interpret unknown characters, with
+# demoronizer: Correct Microsoft's abuse of standardized character sets, which
+# leave the browser to (mis)-interpret unknown characters, with
# sometimes bizarre results on non-MS platforms.
#
-# credit: ripped from the demoroniser.pl script by:
+# credit: ripped from the demoroniser.pl script by:
# John Walker -- January 1998, http://www.fourmilab.ch/webtools/demoroniser
#
#################################################################################
#################################################################################
FILTER: quicktime-kioskmode Make Quicktime movies saveable.
-s/(<embed\s+[^>]*)kioskmode\s*=\s*(["']?)true\2/$1/ig
+s/(<embed\s+[^>]*)kioskmode\s*=\s*(["']?)true\2/$1/ig
#################################################################################
#Remove by regulations
s/^.*(Section 2257|18 U.?S.?C.? 2257).*$\
/This page has been blocked by Privoxy's crude-parental content filter\
-/is
+/is
#################################################################################
FILTER: site-specifics Cure for site-specific problems. Don't apply generally!
# www.spiegel.de excludes X11 users from viewing Flash5 objects - shame.
-# Apply to: www.spiegel.de/static/js/flash-plugin.js
+# Apply to: www.spiegel.de/static/js/flash-plugin.js
#
s/indexOf\("x11"\)/indexOf("x13")/
# monster.com has two very similar gimmicks:
#
s|<input type="hidden" name="REDIRECT" value="(.+?)">|<meta http-equiv="refresh" content="0; URL=$1">|i
-
-s|<IMG SRC="http://media.monster.com/mm/usen/my/no_thanks_211x40.gif".+?>|<meta http-equiv="refresh" content="0; URL=http://my.monster.com/resume.asp">|i
+
+s|<IMG SRC="http://media.monster.com/mm/usen/my/no_thanks_211x40.gif".+?>|<meta http-equiv="refresh" content="0; URL=http://my.monster.com/resume.asp">|i
# nytimes.com triggers popups through the onload handler of dummy images
-# to fool popup-blockers.
+# to fool popup-blockers.
#
s|(<img [^>]*)onload|$1never|sig
#################################################################################
#
# no-ping: Removes non-standard ping attributes in <a> and <area> tags.
-#
+#
#################################################################################
FILTER: no-ping Removes non-standard ping attributes in <a> and <area> tags.
s@(<a(?:rea)?[^>]*?)\sping=(['"]?)([^"'>]+)\2([>\s]?)@\
</para>
<para>
- Note that source code in GIT is development quality, and may not be
+ Note that source code in Git is development quality, and may not be
stable or well tested.
</para>
Purpose : developer manual
- Copyright (C) 2001-2018 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
<!-- Completely the wrong markup, but very little is allowed -->
<!-- in this part of an article. FIXME -->
<ulink url="https://www.privoxy.org/user-manual/copyright.html">Copyright</ulink>
- &my-copy; 2001-2018 by
+ &my-copy; 2001-2020 by
<ulink url="https://www.privoxy.org/">Privoxy Developers</ulink>
</subscript>
</pubdate>
<sect2 id="gitaccess"><title>Access to Git</title>
<para>
The project's Git repository is hosted at the
- <ulink url="https://privoxy.org/">Privoxy site.</ulink>
- The Git repository URL is
- <literal>ssh://git@git.privoxy.org:23/git/privoxy.git</literal>,
- the central repository is called <literal>privoxy</literal>, and the
+ <ulink url="https://privoxy.org/">Privoxy website</ulink>.
+ For Privoxy team members with push privileges the Git repository URL is
+ <literal>ssh://git@git.privoxy.org:23/git/privoxy.git</literal>.
+ </para>
+ <para>
+ Contributors without push privileges can
+ <quote>git clone https://www.privoxy.org/git/privoxy.git</quote>.
+ </para>
+ <para>
+ The central repository is called <literal>privoxy</literal>, and the
source branch is called <literal>master</literal>. Subfolders exist
within the project for target-dependent build and packaging tools, each
including the name of the target operating system in their name (e.g.
Purpose : Used with other docs and files only.
- Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
Sample Configuration File for Privoxy &p-version;
</title>
<para>
-Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
</para>
<literallayout>
If the specified address isn't available on the system, or if the
hostname can't be resolved, <application>Privoxy</application>
will fail to start.
+ On GNU/Linux, and other platforms that can listen on not yet assigned IP
+ addresses, Privoxy will start and will listen on the specified
+ address whenever the IP address is assigned to the system
</para>
<para>
IPv6 addresses containing colons have to be quoted by brackets.
CA key, the CA certificate and the trusted CAs file
are located.
</para>
+ <para>
+ The permissions should only let &my-app; and the &my-app;
+ admin access the directory.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
in ".crt" format.
</para>
<para>
- It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+ The file is used by &my-app; to generate website certificates
+ when https inspection is enabled with the
+ <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>
+ action.
+ </para>
+ <para>
+ &my-app; clients should import the certificate so that they
+ can validate the generated certificates.
+ </para>
+ <para>
+ The file can be generated with:
+ openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
</para>
</listitem>
</varlistentry>
<listitem>
<para>
This directive specifies the directory where generated
- TLS/SSL keys and certificates are saved.
+ TLS/SSL keys and certificates are saved when https inspection
+ is enabled with the
+ <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>
+ action.
+ </para>
+ <para>
+ The keys and certificates currently have to be deleted manually
+ when changing the <ulink url="#CA-CERT-FILE">ca-cert-file</ulink>
+ and the <ulink url="#CA-CERT-KEY">ca-cert-key</ulink>.
+ </para>
+ <para>
+ The permissions should only let &my-app; and the &my-app;
+ admin access the directory.
</para>
</listitem>
</varlistentry>
<listitem>
<para>
This directive specifies the trusted CAs file that is used when validating
- certificates for intercepted TLS/SSL request.
+ certificates for intercepted TLS/SSL requests.
</para>
<para>
An example file can be downloaded from
Purpose : Entity included in other project documents.
- Copyright (C) 2001-2018 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
See LICENSE.
======================================================================
Purpose : user manual
- Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
<subscript>
<!-- Completely the wrong markup, but very little is allowed -->
<!-- in this part of an article. FIXME -->
- <link linkend="copyright">Copyright</link> &my-copy; 2001-2019 by
+ <link linkend="copyright">Copyright</link> &my-copy; 2001-2020 by
<ulink url="https://www.privoxy.org/">Privoxy Developers</ulink>
</subscript>
</pubdate>
</sect3>
-<!-- ~~~~~ New section ~~~~~ -->
-<sect3 renderas="sect4" id="enable-https-filtering">
-<title>enable-https-filtering</title>
-
-<variablelist>
- <varlistentry>
- <term>Typical use:</term>
- <listitem>
- <para>Filter encrypted requests and responses</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Effect:</term>
- <listitem>
- <para>
- Encrypted requests are decrypted, filtered and forwarded encrypted.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Type:</term>
- <!-- boolean, parameterized, Multi-value -->
- <listitem>
- <para>Boolean.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Parameter:</term>
- <listitem>
- <para>
- N/A
- </para>
- </listitem>
- </varlistentry>
-
-<varlistentry>
- <term>Notes:</term>
- <listitem>
- <para>
- This action allows &my-app; to filter encrypted requests and responses.
- For this to work &my-app; has to generate a certificate and send it
- to the client which has to accept it.
- </para>
- <para>
- Before this works the directives in the
- <link linkend="config">TLS section of the config</link>
- file have to be configured.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Example usage (section):</term>
- <listitem>
- <screen>{+enable-https-filtering}
-www.example.com</screen>
- </listitem>
- </varlistentry>
-
-</variablelist>
-</sect3>
-
<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="external-filter">
<title>external-filter</title>
</sect3>
+<!-- ~~~~~ New section ~~~~~ -->
+<sect3 renderas="sect4" id="https-inspection">
+<title>https-inspection</title>
+
+<variablelist>
+ <varlistentry>
+ <term>Typical use:</term>
+ <listitem>
+ <para>Filter encrypted requests and responses</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Effect:</term>
+ <listitem>
+ <para>
+ Encrypted requests are decrypted, filtered and forwarded encrypted.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Type:</term>
+ <!-- boolean, parameterized, Multi-value -->
+ <listitem>
+ <para>Boolean.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Parameter:</term>
+ <listitem>
+ <para>
+ N/A
+ </para>
+ </listitem>
+ </varlistentry>
+
+<varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ This action allows &my-app; to filter encrypted requests and responses.
+ For this to work &my-app; has to generate a certificate and send it
+ to the client which has to accept it.
+ </para>
+ <para>
+ Before this works the directives in the
+ <literal><ulink url="config.html#TLS">TLS section</ulink></literal>
+ of the config file have to be configured.
+ </para>
+ <para>
+ Note that the action has to be enabled based on the CONNECT
+ request which doesn't contain a path. Enabling it based on
+ a pattern with path doesn't work as the path is only seen
+ by &my-app; if the action is already enabled.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage (section):</term>
+ <listitem>
+ <screen>{+https-inspection}
+www.example.com</screen>
+ </listitem>
+ </varlistentry>
+
+</variablelist>
+</sect3>
+
+
<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="ignore-certificate-errors">
<title>ignore-certificate-errors</title>
<listitem>
<para>
When the
- <link linkend="ENABLE-HTTPS-FILTERING"><quote>+enable-https-filtering</quote></link>
+ <link linkend="HTTPS-INSPECTION"><quote>+https-inspection</quote></link>
action is used &my-app; by default verifies that the remote site uses a valid
certificate.
</para>
Purpose : Index file of the project's homepage and also documentation index
- Copyright (C) 2001-2018 Privoxy developers <privoxy-devel@lists.privoxy.org>
+ Copyright (C) 2001-2020 Privoxy developers <privoxy-devel@lists.privoxy.org>
See LICENSE.
========================================================================
<!-- GNUMakefile is inserting this now -->
<para>
<subscript>
- Copyright __copy 2001-2019 by Privoxy Developers
+ Copyright __copy 2001-2020 by Privoxy Developers
</subscript>
</para>
<subscript>
<ulink url="https://www.top10vpn.com">https://www.top10vpn.com</ulink>
</subscript>
+ <subscript>
+ <ulink url="https://www.vpnranks.com/">https://www.vpnranks.com/</ulink>
+ </subscript>
</para>
<para>
<subscript>
</ul>
</div>
<div class="SECT2">
- <h2 class="SECT2"><a name="AEN203" id="AEN203">3.3. Privoxy Custom Entities</a></h2>
+ <h2 class="SECT2"><a name="AEN206" id="AEN206">3.3. Privoxy Custom Entities</a></h2>
<p><span class="APPLICATION">Privoxy</span> documentation is using a number of customized <span class=
"QUOTE">"entities"</span> to facilitate documentation maintenance.</p>
<p>We are using a set of <span class="QUOTE">"boilerplate"</span> files with generic text, that is used by
before accessing via Git.</p>
<div class="SECT2">
<h2 class="SECT2"><a name="GITACCESS" id="GITACCESS">2.1. Access to Git</a></h2>
- <p>The project's Git repository is hosted at the <a href="https://privoxy.org/" target="_top">Privoxy site.</a>
- The Git repository URL is <tt class="LITERAL">ssh://git@git.privoxy.org:23/git/privoxy.git</tt>, the central
- repository is called <tt class="LITERAL">privoxy</tt>, and the source branch is called <tt class=
+ <p>The project's Git repository is hosted at the <a href="https://privoxy.org/" target="_top">Privoxy
+ website</a>. For Privoxy team members with push privileges the Git repository URL is <tt class=
+ "LITERAL">ssh://git@git.privoxy.org:23/git/privoxy.git</tt>.</p>
+ <p>Contributors without push privileges can <span class="QUOTE">"git clone
+ https://www.privoxy.org/git/privoxy.git"</span>.</p>
+ <p>The central repository is called <tt class="LITERAL">privoxy</tt>, and the source branch is called <tt class=
"LITERAL">master</tt>. Subfolders exist within the project for target-dependent build and packaging tools, each
including the name of the target operating system in their name (e.g. Windows, OSXPackageBuilder, debian). There
is a webview of the Git hierarchy at <a href="https://www.privoxy.org/gitweb/?p=privoxy.git;a=tree" target=
<div class="TITLEPAGE">
<h1 class="TITLE"><a name="AEN2" id="AEN2">Privoxy Developer Manual</a></h1>
<p class="PUBDATE"><sub><a href="https://www.privoxy.org/user-manual/copyright.html" target="_top">Copyright</a>
- © 2001-2018 by <a href="https://www.privoxy.org/" target="_top">Privoxy Developers</a></sub><br></p>
+ © 2001-2020 by <a href="https://www.privoxy.org/" target="_top">Privoxy Developers</a></sub><br></p>
<div>
<div class="ABSTRACT">
<a name="AEN8" id="AEN8"></a>
<dt>3.1. <a href="documentation.html#SGML">Quickstart to Docbook and SGML</a></dt>
<dt>3.2. <a href="documentation.html#DOCSTYLE"><span class="APPLICATION">Privoxy</span> Documentation
Style</a></dt>
- <dt>3.3. <a href="documentation.html#AEN203">Privoxy Custom Entities</a></dt>
+ <dt>3.3. <a href="documentation.html#AEN206">Privoxy Custom Entities</a></dt>
</dl>
</dd>
<dt>4. <a href="coding.html">Coding Guidelines</a></dt>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="PROGRAMLISTING">
- $ utils/changelog2doc.pl /tmp/change.log >| doc/source/changelog.sgml</pre>
+ <pre class=
+ "PROGRAMLISTING"> $ utils/changelog2doc.pl /tmp/change.log >| doc/source/changelog.sgml</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
- <pre class="PROGRAMLISTING">
- cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co os2setup</pre>
+ <pre class=
+ "PROGRAMLISTING"> cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co os2setup</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
- <pre class="PROGRAMLISTING">
- cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co OSXPackageBuilder</pre>
+ <pre class=
+ "PROGRAMLISTING"> cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co OSXPackageBuilder</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
- <pre class="PROGRAMLISTING">
- cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co osxsetup</pre>
+ <pre class=
+ "PROGRAMLISTING"> cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co osxsetup</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
- <pre class="PROGRAMLISTING">
- cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co macsetup</pre>
+ <pre class=
+ "PROGRAMLISTING"> cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa co macsetup</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
- <pre class="SCREEN">
- { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} }
+ <pre class=
+ "SCREEN"> { -crunch-incoming-cookies -crunch-outgoing-cookies -session-cookies-only -filter{content-cookies} }
.example.com</pre>
</td>
</tr>
<h2 class="SECT1"><a name="AEN63" id="AEN63"></a></h2>
<p style="text-align: center"><sub>The Privoxy website is also available as <a href=
"http://jvauzb4sb3bwlsnc.onion/" target="_top">Tor onion service</a>.</sub></p>
- <p style="text-align: center"><sub>Copyright © 2001-2019 by Privoxy Developers</sub></p>
+ <p style="text-align: center"><sub>Copyright © 2001-2020 by Privoxy Developers</sub></p>
<p style="text-align: center"><sub>Hosting and development is funded in part by:</sub></p>
<p style="text-align: center"><sub><a href="https://www.top10vpn.com" target=
"_top">https://www.top10vpn.com</a></sub></p>
+ <p style="text-align: center"><sub><a href="https://www.vpnranks.com/" target=
+ "_top">https://www.vpnranks.com/</a></sub></p>
<p style="text-align: center"><sub><a href="/faq/general.html#SPONSOR" target="_top">Become a
sponsor</a></sub></p>
</div>
<div class="SECT1">
<hr>
<h2 class="SECT1"><a name="AEN62" id="AEN62"></a></h2>
- <p><sub>Copyright © 2001-2019 by Privoxy Developers</sub></p>
+ <p><sub>Copyright © 2001-2020 by Privoxy Developers</sub></p>
</div>
</div>
</body>
level</a> with the exception of sponsors that preferred not to be listed here.</p>
<h3>Silver sponsors</h3>
<p><a href="https://www.top10vpn.com">https://www.top10vpn.com</a></p>
+ <p><a href="https://www.vpnranks.com/">https://www.vpnranks.com/</a></p>
<h3>Bronze sponsor</h3>
<p><a href="https://www.betrugstest.com/">https://www.betrugstest.com/</a></p>
<h3>Becoming a Privoxy sponsor</h3>
<p>The default profiles, and their associated actions, as pre-defined in <tt class=
"FILENAME">default.action</tt> are:</p>
<div class="TABLE">
- <a name="AEN3088" id="AEN3088"></a>
+ <a name="AEN3105" id="AEN3105"></a>
<p><b>Table 1. Default Configurations</b></p>
<table border="1" frame="border" rules="all" class="CALSTABLE">
<col width="1*" title="C1">
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="ENABLE-HTTPS-FILTERING" id="ENABLE-HTTPS-FILTERING">8.5.15.
- enable-https-filtering</a></h4>
- <div class="VARIABLELIST">
- <dl>
- <dt>Typical use:</dt>
- <dd>
- <p>Filter encrypted requests and responses</p>
- </dd>
- <dt>Effect:</dt>
- <dd>
- <p>Encrypted requests are decrypted, filtered and forwarded encrypted.</p>
- </dd>
- <dt>Type:</dt>
- <dd>
- <p>Boolean.</p>
- </dd>
- <dt>Parameter:</dt>
- <dd>
- <p>N/A</p>
- </dd>
- <dt>Notes:</dt>
- <dd>
- <p>This action allows <span class="APPLICATION">Privoxy</span> to filter encrypted requests and
- responses. For this to work <span class="APPLICATION">Privoxy</span> has to generate a certificate and
- send it to the client which has to accept it.</p>
- <p>Before this works the directives in the <a href="config.html">TLS section of the config</a> file have
- to be configured.</p>
- </dd>
- <dt>Example usage (section):</dt>
- <dd>
- <table border="0" bgcolor="#E0E0E0" width="90%">
- <tr>
- <td>
- <pre class="SCREEN">{+enable-https-filtering}
-www.example.com</pre>
- </td>
- </tr>
- </table>
- </dd>
- </dl>
- </div>
- </div>
- <div class="SECT3">
- <h4 class="SECT3"><a name="EXTERNAL-FILTER" id="EXTERNAL-FILTER">8.5.16. external-filter</a></h4>
+ <h4 class="SECT3"><a name="EXTERNAL-FILTER" id="EXTERNAL-FILTER">8.5.15. external-filter</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FAST-REDIRECTS" id="FAST-REDIRECTS">8.5.17. fast-redirects</a></h4>
+ <h4 class="SECT3"><a name="FAST-REDIRECTS" id="FAST-REDIRECTS">8.5.16. fast-redirects</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FILTER" id="FILTER">8.5.18. filter</a></h4>
+ <h4 class="SECT3"><a name="FILTER" id="FILTER">8.5.17. filter</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.</pre>
+ <pre class=
+ "SCREEN">+filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).</pre>
+ <pre class=
+ "SCREEN">+filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{html-annoyances} # Get rid of particularly annoying HTML abuse.</pre>
+ <pre class=
+ "SCREEN">+filter{html-annoyances} # Get rid of particularly annoying HTML abuse.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{content-cookies} # Kill cookies that come in the HTML or JS content.</pre>
+ <pre class=
+ "SCREEN">+filter{content-cookies} # Kill cookies that come in the HTML or JS content.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.</pre>
+ <pre class=
+ "SCREEN">+filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.</pre>
+ <pre class=
+ "SCREEN">+filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{banners-by-link} # Kill banners by their links to known clicktrackers.</pre>
+ <pre class=
+ "SCREEN">+filter{banners-by-link} # Kill banners by their links to known clicktrackers.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).</pre>
+ <pre class=
+ "SCREEN">+filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.</pre>
+ <pre class=
+ "SCREEN">+filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{jumping-windows} # Prevent windows from resizing and moving themselves.</pre>
+ <pre class=
+ "SCREEN">+filter{jumping-windows} # Prevent windows from resizing and moving themselves.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{frameset-borders} # Give frames a border and make them resizable.</pre>
+ <pre class=
+ "SCREEN">+filter{frameset-borders} # Give frames a border and make them resizable.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.</pre>
+ <pre class=
+ "SCREEN">+filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{demoronizer} # Fix MS's non-standard use of standard charsets.</pre>
+ <pre class=
+ "SCREEN">+filter{demoronizer} # Fix MS's non-standard use of standard charsets.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{fun} # Text replacements for subversive browsing fun!</pre>
+ <pre class=
+ "SCREEN">+filter{fun} # Text replacements for subversive browsing fun!</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.</pre>
+ <pre class=
+ "SCREEN">+filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{ie-exploits} # Disable some known Internet Explorer bug exploits.</pre>
+ <pre class=
+ "SCREEN">+filter{ie-exploits} # Disable some known Internet Explorer bug exploits.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{site-specifics} # Cure for site-specific problems. Don't apply generally!</pre>
+ <pre class=
+ "SCREEN">+filter{site-specifics} # Cure for site-specific problems. Don't apply generally!</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.</pre>
+ <pre class=
+ "SCREEN">+filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.</pre>
+ <pre class=
+ "SCREEN">+filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.</pre>
+ <pre class=
+ "SCREEN">+filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.</pre>
+ <pre class=
+ "SCREEN">+filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.</pre>
</td>
</tr>
</table>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.</pre>
+ <pre class=
+ "SCREEN">+filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.</pre>
</td>
</tr>
</table>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FORCE-TEXT-MODE" id="FORCE-TEXT-MODE">8.5.19. force-text-mode</a></h4>
+ <h4 class="SECT3"><a name="FORCE-TEXT-MODE" id="FORCE-TEXT-MODE">8.5.18. force-text-mode</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FORWARD-OVERRIDE" id="FORWARD-OVERRIDE">8.5.20. forward-override</a></h4>
+ <h4 class="SECT3"><a name="FORWARD-OVERRIDE" id="FORWARD-OVERRIDE">8.5.19. forward-override</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HANDLE-AS-EMPTY-DOCUMENT" id="HANDLE-AS-EMPTY-DOCUMENT">8.5.21.
+ <h4 class="SECT3"><a name="HANDLE-AS-EMPTY-DOCUMENT" id="HANDLE-AS-EMPTY-DOCUMENT">8.5.20.
handle-as-empty-document</a></h4>
<div class="VARIABLELIST">
<dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HANDLE-AS-IMAGE" id="HANDLE-AS-IMAGE">8.5.22. handle-as-image</a></h4>
+ <h4 class="SECT3"><a name="HANDLE-AS-IMAGE" id="HANDLE-AS-IMAGE">8.5.21. handle-as-image</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-ACCEPT-LANGUAGE" id="HIDE-ACCEPT-LANGUAGE">8.5.23.
+ <h4 class="SECT3"><a name="HIDE-ACCEPT-LANGUAGE" id="HIDE-ACCEPT-LANGUAGE">8.5.22.
hide-accept-language</a></h4>
<div class="VARIABLELIST">
<dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-CONTENT-DISPOSITION" id="HIDE-CONTENT-DISPOSITION">8.5.24.
+ <h4 class="SECT3"><a name="HIDE-CONTENT-DISPOSITION" id="HIDE-CONTENT-DISPOSITION">8.5.23.
hide-content-disposition</a></h4>
<div class="VARIABLELIST">
<dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-IF-MODIFIED-SINCE" id="HIDE-IF-MODIFIED-SINCE">8.5.25.
+ <h4 class="SECT3"><a name="HIDE-IF-MODIFIED-SINCE" id="HIDE-IF-MODIFIED-SINCE">8.5.24.
hide-if-modified-since</a></h4>
<div class="VARIABLELIST">
<dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-FROM-HEADER" id="HIDE-FROM-HEADER">8.5.26. hide-from-header</a></h4>
+ <h4 class="SECT3"><a name="HIDE-FROM-HEADER" id="HIDE-FROM-HEADER">8.5.25. hide-from-header</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-REFERRER" id="HIDE-REFERRER">8.5.27. hide-referrer</a></h4><a name=
+ <h4 class="SECT3"><a name="HIDE-REFERRER" id="HIDE-REFERRER">8.5.26. hide-referrer</a></h4><a name=
"HIDE-REFERER" id="HIDE-REFERER"></a>
<div class="VARIABLELIST">
<dl>
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="HIDE-USER-AGENT" id="HIDE-USER-AGENT">8.5.28. hide-user-agent</a></h4>
+ <h4 class="SECT3"><a name="HIDE-USER-AGENT" id="HIDE-USER-AGENT">8.5.27. hide-user-agent</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
</dl>
</div>
</div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="HTTPS-INSPECTION" id="HTTPS-INSPECTION">8.5.28. https-inspection</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+ <dd>
+ <p>Filter encrypted requests and responses</p>
+ </dd>
+ <dt>Effect:</dt>
+ <dd>
+ <p>Encrypted requests are decrypted, filtered and forwarded encrypted.</p>
+ </dd>
+ <dt>Type:</dt>
+ <dd>
+ <p>Boolean.</p>
+ </dd>
+ <dt>Parameter:</dt>
+ <dd>
+ <p>N/A</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>This action allows <span class="APPLICATION">Privoxy</span> to filter encrypted requests and
+ responses. For this to work <span class="APPLICATION">Privoxy</span> has to generate a certificate and
+ send it to the client which has to accept it.</p>
+ <p>Before this works the directives in the <tt class="LITERAL"><a href="config.html#TLS" target=
+ "_top">TLS section</a></tt> of the config file have to be configured.</p>
+ <p>Note that the action has to be enabled based on the CONNECT request which doesn't contain a path.
+ Enabling it based on a pattern with path doesn't work as the path is only seen by <span class=
+ "APPLICATION">Privoxy</span> if the action is already enabled.</p>
+ </dd>
+ <dt>Example usage (section):</dt>
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN">{+https-inspection}
+www.example.com</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
<div class="SECT3">
<h4 class="SECT3"><a name="IGNORE-CERTIFICATE-ERRORS" id="IGNORE-CERTIFICATE-ERRORS">8.5.29.
ignore-certificate-errors</a></h4>
</dd>
<dt>Notes:</dt>
<dd>
- <p>When the <a href="actions-file.html#ENABLE-HTTPS-FILTERING"><span class=
- "QUOTE">"+enable-https-filtering"</span></a> action is used <span class="APPLICATION">Privoxy</span> by
- default verifies that the remote site uses a valid certificate.</p>
+ <p>When the <a href="actions-file.html#HTTPS-INSPECTION"><span class=
+ "QUOTE">"+https-inspection"</span></a> action is used <span class="APPLICATION">Privoxy</span> by default
+ verifies that the remote site uses a valid certificate.</p>
<p>If the certificate is invalid the connection is aborted.</p>
<p>This action disabled the certificate check allowing requests to sites with invalid certificates.</p>
</dd>
these. If not, you will get a friendly error message. Internet access is not necessary either.</p>
<ul>
<li>
- <p>Privoxy main page:</p><a name="AEN6270" id="AEN6270"></a>
+ <p>Privoxy main page:</p><a name="AEN6290" id="AEN6290"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/" target="_top">http://config.privoxy.org/</a></p>
</blockquote>
"APPLICATION">Privoxy</span>)</p>
</li>
<li>
- <p>View and toggle client tags:</p><a name="AEN6278" id="AEN6278"></a>
+ <p>View and toggle client tags:</p><a name="AEN6298" id="AEN6298"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/client-tags" target=
"_top">http://config.privoxy.org/client-tags</a></p>
</li>
<li>
<p>Show information about the current configuration, including viewing and editing of actions
- files:</p><a name="AEN6283" id="AEN6283"></a>
+ files:</p><a name="AEN6303" id="AEN6303"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-status" target=
"_top">http://config.privoxy.org/show-status</a></p>
</blockquote>
</li>
<li>
- <p>Show the browser's request headers:</p><a name="AEN6288" id="AEN6288"></a>
+ <p>Show the browser's request headers:</p><a name="AEN6308" id="AEN6308"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-request" target=
"_top">http://config.privoxy.org/show-request</a></p>
</blockquote>
</li>
<li>
- <p>Show which actions apply to a URL and why:</p><a name="AEN6293" id="AEN6293"></a>
+ <p>Show which actions apply to a URL and why:</p><a name="AEN6313" id="AEN6313"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-url-info" target=
"_top">http://config.privoxy.org/show-url-info</a></p>
<li>
<p>Toggle Privoxy on or off. This feature can be turned off/on in the main <tt class="FILENAME">config</tt>
file. When toggled <span class="QUOTE">"off"</span>, <span class="QUOTE">"Privoxy"</span> continues to run,
- but only as a pass-through proxy, with no actions taking place:</p><a name="AEN6301" id="AEN6301"></a>
+ but only as a pass-through proxy, with no actions taking place:</p><a name="AEN6321" id="AEN6321"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle" target="_top">http://config.privoxy.org/toggle</a></p>
</blockquote>
- <p>Short cuts. Turn off, then on:</p><a name="AEN6305" id="AEN6305"></a>
+ <p>Short cuts. Turn off, then on:</p><a name="AEN6325" id="AEN6325"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle?set=disable" target=
"_top">http://config.privoxy.org/toggle?set=disable</a></p>
- </blockquote><a name="AEN6308" id="AEN6308"></a>
+ </blockquote><a name="AEN6328" id="AEN6328"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle?set=enable" target=
"_top">http://config.privoxy.org/toggle?set=enable</a></p>
<p>If the address for the hostname isn't already known on the system (for example because it's in
/etc/hostname), this may result in DNS traffic.</p>
<p>If the specified address isn't available on the system, or if the hostname can't be resolved,
- <span class="APPLICATION">Privoxy</span> will fail to start.</p>
+ <span class="APPLICATION">Privoxy</span> will fail to start. On GNU/Linux, and other platforms that can
+ listen on not yet assigned IP addresses, Privoxy will start and will listen on the specified address
+ whenever the IP address is assigned to the system</p>
<p>IPv6 addresses containing colons have to be quoted by brackets. They can only be used if <span class=
"APPLICATION">Privoxy</span> has been compiled with IPv6 support. If you aren't sure if your version
supports it, have a look at <tt class="LITERAL">http://config.privoxy.org/show-status</tt>.</p>
<table border="0" bgcolor="#E0E0E0" width="90%">
<tr>
<td>
- <pre class="SCREEN">
- forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080
+ <pre class=
+ "SCREEN"> forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080
forward .example.com .</pre>
</td>
</tr>
<pre class="SCREEN"> # Define a couple of tags, the described effect requires action sections
# that are enabled based on CLIENT-TAG patterns.
client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
- disable-content-filters Disable content-filters but do not affect other actions</pre>
+ client-specific-tag disable-content-filters Disable content-filters but do not affect other actions</pre>
</td>
</tr>
</table>
<dd>
<p>This directive specifies the directory where the CA key, the CA certificate and the trusted CAs file
are located.</p>
+ <p>The permissions should only let <span class="APPLICATION">Privoxy</span> and the <span class=
+ "APPLICATION">Privoxy</span> admin access the directory.</p>
</dd>
<dt>Examples:</dt>
<dd>
<dt>Notes:</dt>
<dd>
<p>This directive specifies the name of the CA certificate file in ".crt" format.</p>
- <p>It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt
- -days 3650</p>
+ <p>The file is used by <span class="APPLICATION">Privoxy</span> to generate website certificates when
+ https inspection is enabled with the <tt class="LITERAL"><a href="actions-file.html#HTTPS-INSPECTION"
+ target="_top">https-inspection</a></tt> action.</p>
+ <p><span class="APPLICATION">Privoxy</span> clients should import the certificate so that they can
+ validate the generated certificates.</p>
+ <p>The file can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out
+ cacert.crt -days 3650</p>
</dd>
<dt>Examples:</dt>
<dd>
</dd>
<dt>Notes:</dt>
<dd>
- <p>This directive specifies the directory where generated TLS/SSL keys and certificates are saved.</p>
+ <p>This directive specifies the directory where generated TLS/SSL keys and certificates are saved when
+ https inspection is enabled with the <tt class="LITERAL"><a href="actions-file.html#HTTPS-INSPECTION"
+ target="_top">https-inspection</a></tt> action.</p>
+ <p>The keys and certificates currently have to be deleted manually when changing the <a href=
+ "#CA-CERT-FILE" target="_top">ca-cert-file</a> and the <a href="#CA-CERT-KEY" target=
+ "_top">ca-cert-key</a>.</p>
+ <p>The permissions should only let <span class="APPLICATION">Privoxy</span> and the <span class=
+ "APPLICATION">Privoxy</span> admin access the directory.</p>
</dd>
<dt>Examples:</dt>
<dd>
<dt>Notes:</dt>
<dd>
<p>This directive specifies the trusted CAs file that is used when validating certificates for
- intercepted TLS/SSL request.</p>
+ intercepted TLS/SSL requests.</p>
<p>An example file can be downloaded from <a href="https://curl.haxx.se/ca/cacert.pem" target=
"_top">https://curl.haxx.se/ca/cacert.pem</a>.</p>
</dd>
<div class="ARTICLE">
<div class="TITLEPAGE">
<h1 class="TITLE"><a name="AEN2" id="AEN2">Privoxy 3.0.29 User Manual</a></h1>
- <p class="PUBDATE"><sub><a href="copyright.html">Copyright</a> © 2001-2019 by <a href=
+ <p class="PUBDATE"><sub><a href="copyright.html">Copyright</a> © 2001-2020 by <a href=
"https://www.privoxy.org/" target="_top">Privoxy Developers</a></sub><br></p>
<div>
<div class="ABSTRACT">
<dt>8.5.12. <a href="actions-file.html#DEANIMATE-GIFS">deanimate-gifs</a></dt>
<dt>8.5.13. <a href="actions-file.html#DELAY-RESPONSE">delay-response</a></dt>
<dt>8.5.14. <a href="actions-file.html#DOWNGRADE-HTTP-VERSION">downgrade-http-version</a></dt>
- <dt>8.5.15. <a href="actions-file.html#ENABLE-HTTPS-FILTERING">enable-https-filtering</a></dt>
- <dt>8.5.16. <a href="actions-file.html#EXTERNAL-FILTER">external-filter</a></dt>
- <dt>8.5.17. <a href="actions-file.html#FAST-REDIRECTS">fast-redirects</a></dt>
- <dt>8.5.18. <a href="actions-file.html#FILTER">filter</a></dt>
- <dt>8.5.19. <a href="actions-file.html#FORCE-TEXT-MODE">force-text-mode</a></dt>
- <dt>8.5.20. <a href="actions-file.html#FORWARD-OVERRIDE">forward-override</a></dt>
- <dt>8.5.21. <a href="actions-file.html#HANDLE-AS-EMPTY-DOCUMENT">handle-as-empty-document</a></dt>
- <dt>8.5.22. <a href="actions-file.html#HANDLE-AS-IMAGE">handle-as-image</a></dt>
- <dt>8.5.23. <a href="actions-file.html#HIDE-ACCEPT-LANGUAGE">hide-accept-language</a></dt>
- <dt>8.5.24. <a href="actions-file.html#HIDE-CONTENT-DISPOSITION">hide-content-disposition</a></dt>
- <dt>8.5.25. <a href="actions-file.html#HIDE-IF-MODIFIED-SINCE">hide-if-modified-since</a></dt>
- <dt>8.5.26. <a href="actions-file.html#HIDE-FROM-HEADER">hide-from-header</a></dt>
- <dt>8.5.27. <a href="actions-file.html#HIDE-REFERRER">hide-referrer</a></dt>
- <dt>8.5.28. <a href="actions-file.html#HIDE-USER-AGENT">hide-user-agent</a></dt>
+ <dt>8.5.15. <a href="actions-file.html#EXTERNAL-FILTER">external-filter</a></dt>
+ <dt>8.5.16. <a href="actions-file.html#FAST-REDIRECTS">fast-redirects</a></dt>
+ <dt>8.5.17. <a href="actions-file.html#FILTER">filter</a></dt>
+ <dt>8.5.18. <a href="actions-file.html#FORCE-TEXT-MODE">force-text-mode</a></dt>
+ <dt>8.5.19. <a href="actions-file.html#FORWARD-OVERRIDE">forward-override</a></dt>
+ <dt>8.5.20. <a href="actions-file.html#HANDLE-AS-EMPTY-DOCUMENT">handle-as-empty-document</a></dt>
+ <dt>8.5.21. <a href="actions-file.html#HANDLE-AS-IMAGE">handle-as-image</a></dt>
+ <dt>8.5.22. <a href="actions-file.html#HIDE-ACCEPT-LANGUAGE">hide-accept-language</a></dt>
+ <dt>8.5.23. <a href="actions-file.html#HIDE-CONTENT-DISPOSITION">hide-content-disposition</a></dt>
+ <dt>8.5.24. <a href="actions-file.html#HIDE-IF-MODIFIED-SINCE">hide-if-modified-since</a></dt>
+ <dt>8.5.25. <a href="actions-file.html#HIDE-FROM-HEADER">hide-from-header</a></dt>
+ <dt>8.5.26. <a href="actions-file.html#HIDE-REFERRER">hide-referrer</a></dt>
+ <dt>8.5.27. <a href="actions-file.html#HIDE-USER-AGENT">hide-user-agent</a></dt>
+ <dt>8.5.28. <a href="actions-file.html#HTTPS-INSPECTION">https-inspection</a></dt>
<dt>8.5.29. <a href="actions-file.html#IGNORE-CERTIFICATE-ERRORS">ignore-certificate-errors</a></dt>
<dt>8.5.30. <a href="actions-file.html#LIMIT-CONNECT">limit-connect</a></dt>
<dt>8.5.31. <a href="actions-file.html#LIMIT-COOKIE-LIFETIME">limit-cookie-lifetime</a></dt>
</table>
<p>This will create a directory named <tt class="FILENAME"><root-dir>/privoxy/</tt>, which will contain
the source tree.</p>
- <p>Note that source code in GIT is development quality, and may not be stable or well tested.</p>
+ <p>Note that source code in Git is development quality, and may not be stable or well tested.</p>
<p>It is strongly recommended to not run <span class="APPLICATION">Privoxy</span> as root. You should
configure/install/run <span class="APPLICATION">Privoxy</span> as an unprivileged user, preferably by creating a
<span class="QUOTE">"privoxy"</span> user and group just for this purpose. See your local documentation for the
* encode cookies and HTML text.
*
* Copyright : Written by and Copyright (C) 2001 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* encode cookies and HTML text.
*
* Copyright : Written by and Copyright (C) 2001 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* printf-like fashion.
*
* Copyright : Written by and Copyright (C) 2001-2014 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* printf-like fashion.
*
* Copyright : Written by and Copyright (C) 2001-2009 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* Purpose : Declares functions to parse/crunch headers and pages.
*
* Copyright : Written by and Copyright (C) 2001-2016 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
struct url_actions *b;
int i;
- init_current_action(csp->action);
+#ifdef FEATURE_HTTPS_INSPECTION
+ if (!csp->http->client_ssl)
+#endif
+ {
+ /*
+ * When filtering TLS traffic this function gets called a
+ * second time after the encrypted headers have been received.
+ *
+ * Only initialize the first time. The second time we apply
+ * the newly set actions on top of the ones that were set
+ * the first time.
+ */
+ init_current_action(csp->action);
+ }
for (i = 0; i < MAX_AF_FILES; i++)
{
* Purpose : Declares functions to parse/crunch headers and pages.
*
* Copyright : Written by and Copyright (C) 2001-2010 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* or SOCKS5 proxy).
*
* Copyright : Written by and Copyright (C) 2001-2017 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* proxy). Also contains the list of gateway types.
*
* Copyright : Written by and Copyright (C) 2001-2009 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* on many platforms.
*
* Copyright : Written by and Copyright (C) 2001-2017 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof(one));
#endif /* ndef _WIN32 */
+#ifdef IP_FREEBIND
+ setsockopt(fd, IPPROTO_IP, IP_FREEBIND, (char *)&one, sizeof(one));
+#endif
+
#ifdef HAVE_RFC2553
if (bind(fd, rp->ai_addr, rp->ai_addrlen) < 0)
#else
* on many platforms.
*
* Copyright : Written by and Copyright (C) 2001-2014 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* Purpose : Main file. Contains main() method, main loop, and
* the main connection-handling function.
*
- * Copyright : Written by and Copyright (C) 2001-2019 the
- * Privoxy team. http://www.privoxy.org/
+ * Copyright : Written by and Copyright (C) 2001-2020 the
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
#include "project.h"
#include "list.h"
#include "jcc.h"
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
#include "ssl.h"
#endif
#include "filters.h"
privoxy_mutex_t connection_reuse_mutex;
#ifdef LIMIT_MUTEX_NUMBER
- privoxy_mutex_t certificates_mutexes[32];
+privoxy_mutex_t certificates_mutexes[32];
#else
- privoxy_mutex_t certificates_mutexes[65536];
+privoxy_mutex_t certificates_mutexes[65536];
#endif /* LIMIT_MUTEX_NUMBER */
- privoxy_mutex_t rng_mutex;
+privoxy_mutex_t rng_mutex;
#ifdef FEATURE_EXTERNAL_FILTERS
privoxy_mutex_t external_filter_mutex;
csp->ip_addr_str, http->ocmd, status_code, rsp->content_length);
/* Write the answer to the client */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
if (client_use_ssl(csp))
{
if ((ssl_send_data(&(csp->mbedtls_client_attr.ssl),
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
+/*********************************************************************
+ *
+ * Function : receive_and_send_encrypted_post_data
+ *
+ * Description : Reads remaining POST data from the client and sends
+ * it to the server.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : 0 on success, anything else is an error.
+ *
+ *********************************************************************/
+static jb_err receive_and_send_encrypted_post_data(struct client_state *csp)
+{
+ unsigned char buf[BUFFER_SIZE];
+ int len;
+
+ while (is_ssl_pending(&(csp->mbedtls_client_attr.ssl)))
+ {
+ len = ssl_recv_data(&(csp->mbedtls_client_attr.ssl), buf, sizeof(buf));
+ if (len == -1)
+ {
+ return 1;
+ }
+ if (len == 0)
+ {
+ /* XXX: Does this actually happen? */
+ break;
+ }
+ log_error(LOG_LEVEL_HEADER, "Forwarding %d bytes of encrypted POST data",
+ len);
+ len = ssl_send_data(&(csp->mbedtls_server_attr.ssl), buf, (size_t)len);
+ if (len == -1)
+ {
+ return 1;
+ }
+ if (csp->expected_client_content_length != 0)
+ {
+ if (csp->expected_client_content_length >= len)
+ {
+ csp->expected_client_content_length -= (unsigned)len;
+ }
+ }
+ }
+
+ log_error(LOG_LEVEL_HEADER, "Done forwarding encrypted POST data");
+
+ return 0;
+
+}
+
+
/*********************************************************************
*
* Function : send_https_request
"Flushed %d bytes of request body while expecting %llu",
flushed, csp->expected_client_content_length);
csp->expected_client_content_length -= (unsigned)flushed;
+ if (receive_and_send_encrypted_post_data(csp))
+ {
+ return 1;
+ }
}
}
else
init_domain_components(csp->http);
#endif
- /*
- * Determine the actions for this URL
- */
#ifdef FEATURE_TOGGLE
- if (!(csp->flags & CSP_FLAG_TOGGLED_ON))
- {
- /* Most compatible set of actions (i.e. none) */
- init_current_action(csp->action);
- }
- else
-#endif /* ndef FEATURE_TOGGLE */
+ if ((csp->flags & CSP_FLAG_TOGGLED_ON) != 0)
+#endif
{
+ /* Determine the actions for this URL */
get_url_actions(csp, csp->http);
}
}
log_error(LOG_LEVEL_HEADER, "Encrypted request processed");
+ log_applied_actions(csp->action);
return err;
long len = 0; /* for buffer sizes (and negative error codes) */
int buffer_and_filter_content = 0;
unsigned int write_delay;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
int ret = 0;
int use_ssl_tunnel = 0;
csp->dont_verify_certificate = 0;
csp->ssl_with_server_is_opened = 0;
csp->ssl_with_client_is_opened = 0;
- if (csp->http->ssl && !(csp->action->flags & ACTION_ENABLE_HTTPS_FILTER))
+ if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION))
{
/* Pass encrypted content without filtering. */
use_ssl_tunnel = 1;
}
#endif /* FEATURE_CONNECTION_KEEP_ALIVE */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Test if some data from client or destination server are pending
* on TLS/SSL. We must work with them preferably. TLS/SSL data can
send_crunch_response(csp, error_response(csp, "connection-timeout"));
}
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
log_error(LOG_LEVEL_ERROR, "select() failed!: %E");
#endif
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
}
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
else
{
/* set FD if some data are pending on TLS/SSL connections */
assert(max_bytes_to_read <= csp->receive_buffer_size);
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Reading data from standard or secured connection (HTTP/HTTPS)
*/
}
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
len = read_socket(csp->cfd, csp->receive_buffer, max_bytes_to_read);
{
log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
log_error(LOG_LEVEL_CONNECT,
"The server still wants to talk, but the client hung up on us.");
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
}
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Reading data from standard or secured connection (HTTP/HTTPS)
*/
log_error(LOG_LEVEL_ERROR, "read from: %s failed: %E", http->host);
if ((http->ssl && (csp->fwd == NULL))
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
&& use_ssl_tunnel
#endif
)
log_error(LOG_LEVEL_ERROR, "Already forwarded the original headers. "
"Unable to tell the client about the problem.");
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
{
if (server_body || (http->ssl
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
&& use_ssl_tunnel
#endif
))
log_error(LOG_LEVEL_FATAL, "Out of memory parsing server header");
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
}
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
if (write_socket_delayed(csp->cfd, hdr, strlen(hdr), write_delay)
|| write_socket_delayed(csp->cfd, ((p != NULL) ? p : csp->iob->cur),
freez(hdr);
freez(p);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
* content-filtering.
*/
if (server_body || (http->ssl
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
&& use_ssl_tunnel
#endif
))
rsp = cgi_error_memory();
send_crunch_response(csp, rsp);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
}
hdrlen = strlen(hdr);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
}
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
if (write_socket_delayed(csp->cfd, hdr, hdrlen, write_delay)
|| ((flushed = flush_iob(csp->cfd, csp->iob, write_delay)) < 0)
"Flush header and buffers to client failed: %E");
freez(hdr);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
}
else
{
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
}
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
if (write_socket_delayed(csp->cfd, csp->receive_buffer,
(size_t)len, write_delay))
{
log_error(LOG_LEVEL_ERROR, "write to client failed: %E");
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
rsp = cgi_error_memory();
send_crunch_response(csp, rsp);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
"Applying the MS IIS5 hack didn't help.");
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
strlen(INVALID_SERVER_HEADERS_RESPONSE));
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
write_socket_delayed(csp->cfd,
INVALID_SERVER_HEADERS_RESPONSE,
strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay);
}
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
}
free_http_request(http);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
csp->headers->first->str);
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
strlen(INVALID_SERVER_HEADERS_RESPONSE));
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
write_socket_delayed(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE,
strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay);
}
free_http_request(http);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
{
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
}
free_http_request(http);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
*/
freez(hdr);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
* may be in the buffer). Use standard or secured
* connection.
*/
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
if (client_use_ssl(csp))
{
if ((ssl_send_data(&(csp->mbedtls_client_attr.ssl),
*/
freez(hdr);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
}
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
if (write_socket_delayed(csp->cfd, hdr, strlen(hdr), write_delay)
|| ((len = flush_iob(csp->cfd, csp->iob, write_delay)) < 0))
*/
freez(hdr);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
"Applying the MS IIS5 hack didn't help.");
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
strlen(INVALID_SERVER_HEADERS_RESPONSE));
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
write_socket_delayed(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE,
strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay);
}
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
continue;
}
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return; /* huh? we should never get here */
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
if (csp->content_length == 0)
struct http_request *http;
/* Skeleton for HTTP response, if we should intercept the request */
struct http_response *rsp;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
int use_ssl_tunnel = 0;
#endif
return;
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Setting flags to use old solution with SSL tunnel and to disable
* certificates verification.
*/
- if (csp->http->ssl && !(csp->action->flags & ACTION_ENABLE_HTTPS_FILTER))
+ if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION))
{
use_ssl_tunnel = 1;
}
*
*/
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Presetting SSL client and server flags
*/
csp->ip_addr_str, acceptable_connect_ports, csp->http->hostport);
csp->action->flags |= ACTION_BLOCK;
http->ssl = 0;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
http->client_ssl = 0;
http->server_ssl = 0;
#endif
build_request_line(csp, fwd, &csp->headers->first->str);
/*
- * We have a request. Check if one of the crunchers wants it.
+ * We have a request. Check if one of the crunchers wants it
+ * unless the client wants to use TLS/SSL in which case we
+ * haven't setup the TLS context yet and will send the crunch
+ * response later.
*/
- if (crunch_response_triggered(csp, crunchers_all))
+ if (
+#ifdef FEATURE_HTTPS_INSPECTION
+ !client_use_ssl(csp) &&
+#endif
+ crunch_response_triggered(csp, crunchers_all))
{
/*
* Yes. The client got the crunch response and we're done here.
mark_connection_closed(&csp->server_connection);
}
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
if (http->ssl && !use_ssl_tunnel)
{
int ret;
return;
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Creating TLS/SSL connections with destination server or parent
* proxy. If forwarding is enabled, we must send client request to
/*
* If TLS/SSL connection wasn't created and invalid certificate
- * wasn't detected, we can interrupt this fuction. Otherwise, we
+ * wasn't detected, we can interrupt this function. Otherwise, we
* must inform the client about invalid server certificate.
*/
if (ret != 0
* with destination server
*/
int ret = create_server_ssl_connection(csp);
- /*
- * If TLS/SSL connection wasn't created and invalid certificate
- * wasn't detected, we can interrupt this function. Otherwise, we
- * must inform client about invalid server certificate.
- */
- if (ret != 0
- && (csp->server_cert_verification_result == SSL_CERT_NOT_VERIFIED
- || csp->server_cert_verification_result == SSL_CERT_VALID))
+ if (ret != 0)
{
- rsp = error_response(csp, "connect-failed");
- if (rsp)
+ if (csp->server_cert_verification_result != SSL_CERT_VALID &&
+ csp->server_cert_verification_result != SSL_CERT_NOT_VERIFIED)
{
- send_crunch_response(csp, rsp);
+ /*
+ * If the server certificate is invalid, we must inform
+ * the client and then close connection to the client.
+ */
+ ssl_send_certificate_error(csp);
+ close_client_and_server_ssl_connections(csp);
+ return;
+ }
+ if (csp->server_cert_verification_result == SSL_CERT_NOT_VERIFIED
+ || csp->server_cert_verification_result == SSL_CERT_VALID)
+ {
+ /*
+ * The TLS/SSL connection wasn't created but an invalid
+ * certificate wasn't detected. Report it as connection
+ * failure.
+ */
+ rsp = error_response(csp, "connect-failed");
+ if (rsp)
+ {
+ send_crunch_response(csp, rsp);
+ }
+ return;
}
- return;
}
}
}/* -END- if (http->ssl) */
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
#ifdef FEATURE_CONNECTION_KEEP_ALIVE
save_connection_destination(csp->server_connection.sfd,
assert(csp->headers->last == NULL);
}
else if (http->ssl == 0 || (fwd->forward_host
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
&& use_ssl_tunnel
#endif
))
* Using old solution with SSL tunnel or new solution with SSL proxy
*/
list_remove_all(csp->headers);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
if (use_ssl_tunnel)
#endif
{
return;
}
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
else
{
/*
rsp = error_response(csp, "connect-failed");
if (rsp)
{
- send_crunch_response(csp, rsp); /* XXX: use ssl*/
+ send_crunch_response(csp, rsp);
}
close_client_and_server_ssl_connections(csp);
return;
}
}
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
clear_iob(csp->client_iob);
}/* -END- else ... if (http->ssl == 1) */
/* NOTREACHED unless FEATURE_GRACEFUL_TERMINATION is defined */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/* Clean up. Aim: free all memory (no leaks) */
if (rng_seeded == 1)
{
* the main connection-handling function.
*
* Copyright : Written by and Copyright (C) 2001-2014 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
#endif /* ndef HAVE_RANDOM */
#ifdef LIMIT_MUTEX_NUMBER
- extern privoxy_mutex_t certificates_mutexes[32];
+extern privoxy_mutex_t certificates_mutexes[32];
#else
- extern privoxy_mutex_t certificates_mutexes[65536];
+extern privoxy_mutex_t certificates_mutexes[65536];
#endif /* LIMIT_MUTEX_NUMBER */
extern privoxy_mutex_t rng_mutex;
* Purpose : Declares functions to handle lists.
*
* Copyright : Written by and Copyright (C) 2001-2007 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* `destroy_list', `enlist' and `list_to_text'
*
* Copyright : Written by and Copyright (C) 2001-2007 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* variables it writes to.
*
* Copyright : Written by and Copyright (C) 2001-2017 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
freez(config->usermanual);
freez(config->trusted_cgi_referrer);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
freez(config->ca_password);
freez(config->ca_directory);
freez(config->ca_cert_file);
unsigned long linenum = 0;
int i;
char *logfile = NULL;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
char *ca_cert_file = NULL;
char *ca_key_file = NULL;
char *ca_directory = NULL;
config->usermanual = strdup_or_die(USER_MANUAL_URL);
config->proxy_args = strdup_or_die("");
config->forwarded_connect_retries = 0;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
config->ca_password = strdup("");
ca_cert_file = strdup("cacert.crt");
ca_key_file = strdup("cakey.pem");
config->usermanual = strdup_or_die(arg);
break;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/* *************************************************************************
* ca private key file password
* *************************************************************************/
}
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Setting SSL parameters from loaded values into structures
*/
* variables it writes to.
*
* Copyright : Written by and Copyright (C) 2001 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* unload files that are no longer in use.
*
* Copyright : Written by and Copyright (C) 2001-2014 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* unload files that are no longer in use.
*
* Copyright : Written by and Copyright (C) 2001-2010 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* any other file.
*
* Copyright : Written by and Copyright (C) 2001-2018 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* any other file.
*
* Copyright : Written by and Copyright (C) 2001-2011 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* Purpose : Declares functions to parse/crunch headers and pages.
*
* Copyright : Written by and Copyright (C) 2001-2017 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*********************************************************************
*
* Function : sed_https
return err;
}
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
/*********************************************************************
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*********************************************************************
*
* Function : get_destination_from_https_headers
return JB_ERR_OK;
}
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
/*********************************************************************
* and `server_set_cookie'.
*
* Copyright : Written by and Copyright (C) 2001 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
extern char *get_header(struct iob *iob);
extern char *get_header_value(const struct list *header_list, const char *header_name);
extern jb_err sed(struct client_state *csp, int filter_server_headers);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
extern jb_err sed_https(struct client_state *csp);
#endif
extern jb_err update_server_headers(struct client_state *csp);
extern void get_http_time(int time_offset, char *buf, size_t buffer_size);
extern jb_err get_destination_from_headers(const struct list *headers, struct http_request *http);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
extern jb_err get_destination_from_https_headers(const struct list *headers, struct http_request *http);
#endif
extern unsigned long long get_expected_content_length(struct list *headers);
* Copyright (C) 2006, 2007 Fabian Keil <fk@fabiankeil.de>
*
* This program is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser
- * General Public License (LGPL), version 2.1, which should
- * be included in this distribution (see LICENSE.txt), with
- * the exception that the permission to replace that license
- * with the GNU General Public License (GPL) given in section
- * 3 is restricted to version 2 of the GPL.
+ * and/or modify it under the terms of the GNU General
+ * Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at
+ * your option) any later version.
*
* This program is distributed in the hope that it will
* be useful, but WITHOUT ANY WARRANTY; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the license for more details.
+ * PARTICULAR PURPOSE. See the GNU General Public
+ * License for more details.
*
- * The GNU Lesser General Public License should be included
- * with this file. If not, you can view it at
- * http://www.gnu.org/licenses/lgpl.html
+ * The GNU General Public License should be included with
+ * this file. If not, you can view it at
+ * http://www.gnu.org/copyleft/gpl.html
* or write to the Free Software Foundation, Inc., 59
* Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
*
* Purpose : Header file for pcrs.c
*
- * Copyright : see pcrs.c
+ * Copyright : Written and Copyright (C) 2000, 2001 by Andreas S. Oesterhelt
+ * <andreas@oesterhelt.org>
+ *
+ * Copyright (C) 2006, 2007 Fabian Keil <fk@fabiankeil.de>
+ *
+ * This program is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU General
+ * Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will
+ * be useful, but WITHOUT ANY WARRANTY; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public
+ * License for more details.
+ *
+ * The GNU General Public License should be included with
+ * this file. If not, you can view it at
+ * http://www.gnu.org/copyleft/gpl.html
+ * or write to the Free Software Foundation, Inc., 59
+ * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
*********************************************************************/
# this one.
#
# Copyright : Written by and Copyright (C) 2001,2002 the
-# Privoxy team. http://www.privoxy.org/
+# Privoxy team. https://www.privoxy.org/
#
# This program is free software; you can redistribute it
# and/or modify it under the terms of the GNU General
* (though it does declare some macros).
*
* Copyright : Written by and Copyright (C) 2001-2014 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
/* Needed for pcre choice */
#include "config.h"
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
#ifdef FEATURE_PTHREAD
# include <pthread.h>
typedef pthread_mutex_t privoxy_mutex_t;
struct map_entry *last;
};
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Struct of attributes necessary for TLS/SSL connection
*/
int dcount; /**< How many parts to this domain? (length of dvec) */
#endif /* ndef FEATURE_EXTENDED_HOST_PATTERNS */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
int client_ssl; /**< Flag if we should comunicate with slient over ssl */
int server_ssl; /**< Flag if we should comunicate with server over ssl */
unsigned char hash_of_host_hex[(HASH_OF_HOST_BUF_SIZE * 2) + 1]; /**< chars for hash in hex string and one for '\0' */
};
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
- * Properties of cert for generating
- */
-typedef struct{
- char *issuer_crt; /* filename of the issuer certificate */
- char *subject_key; /* filename of the subject key file */
- char *issuer_key; /* filename of the issuer key file */
- const char *subject_pwd; /* password for the subject key file */
- const char *issuer_pwd; /* password for the issuer key file */
- char *output_file; /* where to store the constructed key file */
- const char *subject_name; /* subject name for certificate */
- char issuer_name[ISSUER_NAME_BUF_SIZE]; /* issuer name for certificate */
- const char *not_before; /* validity period not before */
- const char *not_after; /* validity period not after */
- const char *serial; /* serial number string */
- int is_ca; /* is a CA certificate */
- int max_pathlen; /* maximum CA path length */
-} cert_options;
-
-/*
- * Properties of key for generating
+ * If this macro is defined, mutexes count for generating
+ * private keys is changed from 65536 to 32.
*/
-typedef struct{
- mbedtls_pk_type_t type; /* type of key to generate */
- int rsa_keysize; /* length of key in bits */
- char *key_file_path; /* filename of the key file */
-} key_options;
-
+#define LIMIT_MUTEX_NUMBER
/*
* Struct for linked list containing certificates
*/
char text_buf[CERT_INFO_BUF_SIZE]; /* text info about properties of certificate */
char file_buf[CERT_FILE_BUF_SIZE]; /* buffer for whole certificate - format to save in file */
struct certs_chain *next; /* next certificate in chain of trust */
-}certs_chain_t;
+} certs_chain_t;
#endif
/**
#define ACTION_LIMIT_COOKIE_LIFETIME 0x08000000UL
/** Action bitmap: Delay writes */
#define ACTION_DELAY_RESPONSE 0x10000000UL
-/** Action bitmap: Turn https filtering on */
-#define ACTION_ENABLE_HTTPS_FILTER 0x20000000UL
+/** Action bitmap: Turn https inspection on */
+#define ACTION_HTTPS_INSPECTION 0x20000000UL
/** Action bitmap: Turn certificates verification off */
#define ACTION_IGNORE_CERTIFICATE_ERRORS 0x40000000UL
/* XXX: should be renamed to server_iob */
struct iob iob[1];
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
mbedtls_connection_attr mbedtls_server_attr; /* attributes for connection to server */
mbedtls_connection_attr mbedtls_client_attr; /* attributes for connection to client */
#endif
/** List of all headers for this request */
struct list headers[1];
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/** List of all encrypted headers for this request */
struct list https_headers[1];
#endif
*/
char *error_message;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/* Result of server certificate verification */
uint32_t server_cert_verification_result;
/** Nonzero if we need to bind() to the new port. */
int need_bind;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/** Password for proxy ca file **/
char * ca_password;
/*********************************************************************
-*
-* File : $Source: /cvsroot/ijbswa/current/ssl.c,v $
-*
-* Purpose : File with TLS/SSL extension. Contains methods for
-* creating, using and closing TLS/SSL connections.
-*
-* Copyright : Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT.
-* Copyright (C) 2018-2019 by Fabian Keil <fk@fabiankeil.de>
-*
-* This program is free software; you can redistribute it
-* and/or modify it under the terms of the GNU General
-* Public License as published by the Free Software
-* Foundation; either version 2 of the License, or (at
-* your option) any later version.
-*
-* This program is distributed in the hope that it will
-* be useful, but WITHOUT ANY WARRANTY; without even the
-* implied warranty of MERCHANTABILITY or FITNESS FOR A
-* PARTICULAR PURPOSE. See the GNU General Public
-* License for more details.
-*
-* The GNU General Public License should be included with
-* this file. If not, you can view it at
-* http://www.gnu.org/copyleft/gpl.html
-* or write to the Free Software Foundation, Inc., 59
-* Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*
-*********************************************************************/
+ *
+ * File : $Source: /cvsroot/ijbswa/current/ssl.c,v $
+ *
+ * Purpose : File with TLS/SSL extension. Contains methods for
+ * creating, using and closing TLS/SSL connections.
+ *
+ * Copyright : Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT.
+ * Copyright (C) 2018-2020 by Fabian Keil <fk@fabiankeil.de>
+ *
+ * This program is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU General
+ * Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will
+ * be useful, but WITHOUT ANY WARRANTY; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU General Public
+ * License for more details.
+ *
+ * The GNU General Public License should be included with
+ * this file. If not, you can view it at
+ * http://www.gnu.org/copyleft/gpl.html
+ * or write to the Free Software Foundation, Inc., 59
+ * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ *********************************************************************/
#include <string.h>
#include <unistd.h>
#include "mbedtls/base64.h"
#include "mbedtls/error.h"
+#include "config.h"
#include "project.h"
#include "miscutil.h"
#include "errlog.h"
#include "jcc.h"
-#include "config.h"
#include "ssl.h"
#define RSA_KEY_PUBLIC_EXPONENT 65537 /* Public exponent for RSA private key generating */
#define RSA_KEYSIZE 2048 /* Size of generated RSA keys */
#define GENERATED_CERT_VALID_FROM "20100101000000" /* Date and time, which will be set in generated certificates as parameter valid from */
-#define GENERATED_CERT_VALID_TO "20401231235959" /* Date and time, which will be setted in generated certificates as parameter valid to */
+#define GENERATED_CERT_VALID_TO "20401231235959" /* Date and time, which will be set in generated certificates as parameter valid to */
#define CERT_SIGNATURE_ALGORITHM MBEDTLS_MD_SHA256 /* The MD algorithm to use for the signature */
#define CERT_SERIAL_NUM_LENGTH 4 /* Bytes of hash to be used for creating serial number of certificate. Min=2 and max=16 */
-#define LIMIT_MUTEX_NUMBER /* If this macro is defined, mutexes count for generating private keys is changed from 65536 to 32 */
#define INVALID_CERT_INFO_BUF_SIZE 2048 /* Size of buffer for message with information about reason of certificate invalidity. Data after the end of buffer will not be saved */
#define CERT_PARAM_COMMON_NAME "CN="
#define CERT_PARAM_ORGANIZATION ",O="
#define CERT_SUBJECT_PASSWORD ""
#define CERT_INFO_PREFIX ""
+/*
+ * Properties of cert for generating
+ */
+typedef struct {
+ char *issuer_crt; /* filename of the issuer certificate */
+ char *subject_key; /* filename of the subject key file */
+ char *issuer_key; /* filename of the issuer key file */
+ const char *subject_pwd; /* password for the subject key file */
+ const char *issuer_pwd; /* password for the issuer key file */
+ char *output_file; /* where to store the constructed key file */
+ const char *subject_name; /* subject name for certificate */
+ char issuer_name[ISSUER_NAME_BUF_SIZE]; /* issuer name for certificate */
+ const char *not_before; /* validity period not before */
+ const char *not_after; /* validity period not after */
+ const char *serial; /* serial number string */
+ int is_ca; /* is a CA certificate */
+ int max_pathlen; /* maximum CA path length */
+} cert_options;
-extern int generate_webpage_certificate(struct client_state * csp);
-static char * make_certs_path(const char * conf_dir, const char * file_name, const char * suffix);
-static int file_exists(const char * path);
+/*
+ * Properties of key for generating
+ */
+typedef struct {
+ mbedtls_pk_type_t type; /* type of key to generate */
+ int rsa_keysize; /* length of key in bits */
+ char *key_file_path; /* filename of the key file */
+} key_options;
+
+static int generate_webpage_certificate(struct client_state *csp);
+static char *make_certs_path(const char *conf_dir, const char *file_name, const char *suffix);
+static int file_exists(const char *path);
static int host_to_hash(struct client_state *csp);
static int ssl_verify_callback(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags);
static void free_certificate_chain(struct client_state *csp);
/*********************************************************************
-*
-* Function : is_ssl_pending
-*
-* Description : Tests if there are some waitting data on ssl connection
-*
-* Parameters :
-* 1 : ssl = SSL context to test
-*
-* Returns : 0 => No data are pending
-* >0 => Pending data length
-*
-*********************************************************************/
+ *
+ * Function : is_ssl_pending
+ *
+ * Description : Tests if there are some waiting data on ssl connection
+ *
+ * Parameters :
+ * 1 : ssl = SSL context to test
+ *
+ * Returns : 0 => No data are pending
+ * >0 => Pending data length
+ *
+ *********************************************************************/
extern size_t is_ssl_pending(mbedtls_ssl_context *ssl)
{
if (ssl == NULL)
send_len = (int)max_fragment_size;
}
+ log_error(LOG_LEVEL_WRITING, "TLS: %N", send_len, buf+pos);
+
/*
* Sending one part of the buffer
*/
{
char err_buf[ERROR_BUF_SIZE];
- memset(err_buf, 0, sizeof(err_buf));
mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR,
"Sending data over TLS/SSL failed: %s", err_buf);
* 2 : buf = Pointer to buffer where data will be written
* 3 : max_length = Maximum number of bytes to read
*
- * Returns : Number of bytes read, 0 for EOF, or negative
- * value on error.
+ * Returns : Number of bytes read, 0 for EOF, or -1
+ * on error.
*
*********************************************************************/
extern int ssl_recv_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t max_length)
{
char err_buf[ERROR_BUF_SIZE];
- memset(err_buf, 0, sizeof(err_buf));
+ if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
+ {
+ log_error(LOG_LEVEL_CONNECT,
+ "The peer notified us that the connection is going to be closed");
+ return 0;
+ }
mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR,
"Receiving data over TLS/SSL failed: %s", err_buf);
+
+ return -1;
}
+ log_error(LOG_LEVEL_RECEIVED, "TLS: %N", ret, buf);
+
return ret;
}
int ret = 0;
char err_buf[ERROR_BUF_SIZE];
- memset(err_buf, 0, sizeof(err_buf));
-
/*
* Initializing mbedtls structures for TLS/SSL connection
*/
char *trusted_cas_file = NULL;
int auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
- memset(err_buf, 0, sizeof(err_buf));
-
csp->server_cert_verification_result = SSL_CERT_NOT_VERIFIED;
csp->server_certs_chain.next = NULL;
mbedtls_net_init(&(csp->mbedtls_server_attr.socket_fd));
mbedtls_ssl_init(&(csp->mbedtls_server_attr.ssl));
mbedtls_ssl_config_init(&(csp->mbedtls_server_attr.conf));
- mbedtls_x509_crt_init( &(csp->mbedtls_server_attr.ca_cert));
+ mbedtls_x509_crt_init(&(csp->mbedtls_server_attr.ca_cert));
/*
* Setting socket fd in mbedtls_net_context structure. This structure
* Handshake with server
*/
log_error(LOG_LEVEL_CONNECT,
- "Performing the TLS/SSL handshake with server");
+ "Performing the TLS/SSL handshake with the server");
while ((ret = mbedtls_ssl_handshake(&(csp->mbedtls_server_attr.ssl))) != 0)
{
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED)
{
- log_error(LOG_LEVEL_ERROR,
- "Server certificate verification failed: %s", err_buf);
+ char reason[INVALID_CERT_INFO_BUF_SIZE];
+
csp->server_cert_verification_result =
mbedtls_ssl_get_verify_result(&(csp->mbedtls_server_attr.ssl));
+ mbedtls_x509_crt_verify_info(reason, sizeof(reason), "",
+ csp->server_cert_verification_result);
+ /* Log the reason without the trailing new line */
+ log_error(LOG_LEVEL_ERROR,
+ "The X509 certificate verification failed: %N",
+ strlen(reason)-1, reason);
ret = -1;
}
else
* function, we change fd to -1, which is the same what does
* rest of mbedtls_net_free function.
*/
- csp->mbedtls_client_attr.socket_fd.fd = -1;
+ csp->mbedtls_server_attr.socket_fd.fd = -1;
mbedtls_x509_crt_free(&(csp->mbedtls_server_attr.ca_cert));
mbedtls_ssl_free(&(csp->mbedtls_server_attr.ssl));
int ret = 0;
char err_buf[ERROR_BUF_SIZE];
- memset(err_buf, 0, sizeof(err_buf));
memset(cert_buf, 0, sizeof(cert_buf));
/*
- * Writing certificate into PEM string. If buffer is too small, fuction
+ * Writing certificate into PEM string. If buffer is too small, function
* returns specific error and no buffer overflow can happen.
*/
if ((ret = mbedtls_x509write_crt_pem(crt, cert_buf,
int ret = 0;
char err_buf[ERROR_BUF_SIZE];
- memset(err_buf, 0, sizeof(err_buf));
-
/* Initializing buffer for key file content */
- *ret_buf = (unsigned char *)malloc(PRIVATE_KEY_BUF_SIZE + 1);
- if (*ret_buf == NULL)
- {
- log_error(LOG_LEVEL_ERROR,
- "Creating buffer for private key failed: malloc fail");
- ret = -1;
- goto exit;
- }
- memset(*ret_buf, 0, PRIVATE_KEY_BUF_SIZE + 1);
+ *ret_buf = zalloc_or_die(PRIVATE_KEY_BUF_SIZE + 1);
/*
* Writing private key into PEM string
* contain NULL and no private key is generated.
*
* Parameters :
- * 1 : key_buf = buffer to save new generated key
- * 2 : csp = Current client state (buffers, headers, etc...)
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : key_buf = buffer to save new generated key
*
* Returns : -1 => Error while generating private key
* 0 => Key already exists
* >0 => Length of generated private key
*
*********************************************************************/
-static int generate_key(unsigned char **key_buf, struct client_state *csp)
+static int generate_key(struct client_state *csp, unsigned char **key_buf)
{
mbedtls_pk_context key;
key_options key_opt;
char err_buf[ERROR_BUF_SIZE];
key_opt.key_file_path = NULL;
- memset(err_buf, 0, sizeof(err_buf));
/*
* Initializing structures for key generating
* 1 : csp = Current client state (buffers, headers, etc...)
*
* Returns : -1 => Error while creating certificate.
- * 0 => Certificate alreaday exist.
+ * 0 => Certificate already exists.
* >0 => Length of created certificate.
*
*********************************************************************/
-extern int generate_webpage_certificate(struct client_state * csp)
+static int generate_webpage_certificate(struct client_state *csp)
{
mbedtls_x509_crt issuer_cert;
mbedtls_pk_context loaded_issuer_key, loaded_subject_key;
char err_buf[ERROR_BUF_SIZE];
cert_options cert_opt;
- memset(err_buf, 0, sizeof(err_buf));
-
/* Paths to keys and certificates needed to create certificate */
cert_opt.issuer_key = NULL;
cert_opt.subject_key = NULL;
/*
* Create key for requested host
*/
- int subject_key_len = generate_key(&key_buf, csp);
+ int subject_key_len = generate_key(csp, &key_buf);
if (subject_key_len < 0)
{
log_error(LOG_LEVEL_ERROR, "Key generating failed");
* Initializing structures for certificate generating
*/
mbedtls_x509write_crt_init(&cert);
- mbedtls_x509write_crt_set_md_alg( &cert, CERT_SIGNATURE_ALGORITHM);
+ mbedtls_x509write_crt_set_md_alg(&cert, CERT_SIGNATURE_ALGORITHM);
mbedtls_pk_init(&loaded_issuer_key);
mbedtls_pk_init(&loaded_subject_key);
mbedtls_mpi_init(&serial);
sizeof(cert_opt.issuer_name), &issuer_cert.subject);
if (ret < 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR, "mbedtls_x509_dn_gets failed: %s", err_buf);
ret = -1;
goto exit;
if (!mbedtls_pk_can_do(&issuer_cert.pk, MBEDTLS_PK_RSA) ||
mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->N,
&mbedtls_pk_rsa(*issuer_key)->N) != 0 ||
- mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa(issuer_cert.pk)->E,
- &mbedtls_pk_rsa(*issuer_key )->E) != 0)
+ mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->E,
+ &mbedtls_pk_rsa(*issuer_key)->E) != 0)
{
log_error(LOG_LEVEL_ERROR,
"Issuer key doesn't match issuer certificate");
ret = mbedtls_x509write_crt_set_subject_name(&cert, cert_opt.subject_name);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR,
"Setting subject name in signed certificate failed: %s", err_buf);
ret = -1;
ret = mbedtls_x509write_crt_set_issuer_name(&cert, cert_opt.issuer_name);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR,
"Setting issuer name in signed certificate failed: %s", err_buf);
ret = -1;
cert_opt.not_after);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR,
"Setting validity in signed certificate failed: %s", err_buf);
ret = -1;
cert_opt.max_pathlen);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR, "Setting the basicConstraints extension "
"in signed certificate failed: %s", err_buf);
ret = -1;
ret = mbedtls_x509write_crt_set_subject_key_identifier(&cert);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR, "mbedtls_x509write_crt_set_subject_key_"
"identifier failed: %s", err_buf);
ret = -1;
ret = mbedtls_x509write_crt_set_authority_key_identifier(&cert);
if (ret != 0)
{
- mbedtls_strerror( ret, err_buf, sizeof(err_buf));
+ mbedtls_strerror(ret, err_buf, sizeof(err_buf));
log_error(LOG_LEVEL_ERROR, "mbedtls_x509write_crt_set_authority_key_"
"identifier failed: %s", err_buf);
ret = -1;
*
* Function : make_certs_path
*
- * Description : Creates path to file from three pieces. This fuction
+ * Description : Creates path to file from three pieces. This function
* takes parameters and puts them in one new mallocated
* char * in correct order. Returned variable must be freed
* by caller. This function is mainly used for creating
* absolute path to cwd.
*/
path_size += strlen(basedir) + 2;
- path = (char *)malloc(path_size);
- if (path == NULL)
- {
- log_error(LOG_LEVEL_ERROR, "make_certs_path failed: malloc fail");
- return NULL;
- }
- memset(path, 0, path_size);
+ path = zalloc_or_die(path_size);
strlcpy(path, basedir, path_size);
strlcat(path, delim, path_size);
else
#endif /* defined unix */
{
- path = (char *)malloc(path_size);
- if (path == NULL)
- {
- log_error(LOG_LEVEL_ERROR, "make_certs_path failed: malloc fail");
- return NULL;
- }
- memset(path, 0, path_size);
+ path = zalloc_or_die(path_size);
strlcpy(path, conf_dir, path_size);
strlcat(path, delim, path_size);
* Returns : Serial number for new certificate
*
*********************************************************************/
-static unsigned long get_certificate_serial(struct client_state *csp) {
+static unsigned long get_certificate_serial(struct client_state *csp)
+{
unsigned long exp = 1;
unsigned long serial = 0;
ssl_send_data(&(csp->mbedtls_client_attr.ssl),
(const unsigned char *)message, strlen(message));
/*
- * Waiting before closing connection. Some browsers doesn't show received
+ * Waiting before closing connection. Some browsers don't show received
* message if there isn't this delay.
*/
sleep(1);
/*
* Preparing next item in linked list for next certificate
- * If malloc fails, we are continuing without this certificate
*/
- last->next = (struct certs_chain *)malloc(sizeof(struct certs_chain));
- if (last->next != NULL)
- {
- last->next->next = NULL;
- memset(last->next->text_buf, 0, sizeof(last->next->text_buf));
- memset(last->next->file_buf, 0, sizeof(last->next->file_buf));
-
- /*
- * Saving certificate file into buffer
- */
- if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT,
- crt->raw.p, crt->raw.len, (unsigned char *)last->file_buf,
- sizeof(last->file_buf)-1, &olen)) != 0)
- {
- return(ret);
- }
+ last->next = malloc_or_die(sizeof(struct certs_chain));
+ last->next->next = NULL;
+ memset(last->next->text_buf, 0, sizeof(last->next->text_buf));
+ memset(last->next->file_buf, 0, sizeof(last->next->file_buf));
- /*
- * Saving certificate information into buffer
- */
- mbedtls_x509_crt_info(last->text_buf, sizeof(last->text_buf) - 1,
- CERT_INFO_PREFIX, crt);
- }
- else
+ /*
+ * Saving certificate file into buffer
+ */
+ if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT,
+ crt->raw.p, crt->raw.len, (unsigned char *)last->file_buf,
+ sizeof(last->file_buf)-1, &olen)) != 0)
{
- log_error(LOG_LEVEL_ERROR,
- "Malloc memory for server certificate informations failed");
- return -1;
+ return(ret);
}
+ /*
+ * Saving certificate information into buffer
+ */
+ mbedtls_x509_crt_info(last->text_buf, sizeof(last->text_buf) - 1,
+ CERT_INFO_PREFIX, crt);
+
return 0;
}
/* Cleaning buffers */
memset(csp->server_certs_chain.text_buf, 0,
sizeof(csp->server_certs_chain.text_buf));
- memset(csp->server_certs_chain.text_buf, 0,
+ memset(csp->server_certs_chain.file_buf, 0,
sizeof(csp->server_certs_chain.file_buf));
csp->server_certs_chain.next = NULL;
/*********************************************************************
-*
-* Function : file_exists
-*
-* Description : Tests if file exists and is readable.
-*
-* Parameters :
-* 1 : path = Path to tested file.
-*
-* Returns : 1 => File exists and is readable.
-* 0 => File doesn't exist or is not readable.
-*
-*********************************************************************/
+ *
+ * Function : file_exists
+ *
+ * Description : Tests if file exists and is readable.
+ *
+ * Parameters :
+ * 1 : path = Path to tested file.
+ *
+ * Returns : 1 => File exists and is readable.
+ * 0 => File doesn't exist or is not readable.
+ *
+ *********************************************************************/
static int file_exists(const char *path)
{
FILE *f;
* 0 => Hash created successfully
*
*********************************************************************/
-static int host_to_hash(struct client_state * csp)
+static int host_to_hash(struct client_state *csp)
{
int ret = 0;
int ret = 0;
char err_buf[ERROR_BUF_SIZE];
- memset(err_buf, 0, sizeof(err_buf));
-
if (rng_seeded == 0)
{
privoxy_mutex_lock(&rng_mutex);
/*
* Values for flag determining certificate validity.
* These values are compatible with return value of function
- * mbedtls_ssl_get_verify_result. There is not value for invalid
- * certificate, this value is setted by function
- * mbedtls_ssl_get_verify_result.
+ * mbedtls_ssl_get_verify_result(). There is no value for
+ * "invalid certificate", this value is set by the function
+ * mbedtls_ssl_get_verify_result().
*/
#define SSL_CERT_VALID 0
#define SSL_CERT_NOT_VERIFIED 0xFFFFFFFF
static mbedtls_entropy_context entropy;
static int rng_seeded;
-/* Boolean functions to get informations about TLS/SSL connections */
+/* Boolean functions to get information about TLS/SSL connections */
extern int client_use_ssl(const struct client_state *csp);
extern int server_use_ssl(const struct client_state *csp);
extern size_t is_ssl_pending(mbedtls_ssl_context *ssl);
-extern int tunnel_established_successfully(const char * response, unsigned int response_len);
+extern int tunnel_established_successfully(const char *response, unsigned int response_len);
/* Functions for sending and receiving data over TLS/SSL connections */
-extern int ssl_send_data(mbedtls_ssl_context * ssl, const unsigned char * buf, size_t len);
-extern int ssl_recv_data(mbedtls_ssl_context * ssl, unsigned char * buf, size_t maxLen);
-extern long ssl_flush_socket(mbedtls_ssl_context * ssl, struct iob *iob);
+extern int ssl_send_data(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len);
+extern int ssl_recv_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t maxLen);
+extern long ssl_flush_socket(mbedtls_ssl_context *ssl, struct iob *iob);
extern void ssl_send_certificate_error(struct client_state *csp);
/* Functions for opening and closing TLS/SSL connections */
* Purpose : A function to split a string at specified delimiters.
*
* Copyright : Written by and Copyright (C) 2001-2012 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* Purpose : A function to split a string at specified deliminters.
*
* Copyright : Written by and Copyright (C) 2001 members of the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
<td>Allows to shutdown Privoxy through the web interface.</td>
</tr>
<tr>
- <td><code>FEATURE_HTTPS_FILTERING</code></td>
- <td>@if-FEATURE_HTTPS_FILTERING-then@ Yes @else-not-FEATURE_HTTPS_FILTERING@ No @endif-FEATURE_HTTPS_FILTERING@</td>
+ <td><code>FEATURE_HTTPS_INSPECTION</code></td>
+ <td>@if-FEATURE_HTTPS_INSPECTION-then@ Yes @else-not-FEATURE_HTTPS_INSPECTION@ No @endif-FEATURE_HTTPS_INSPECTION@</td>
<td>Allows to intercept and filter HTTPS traffic.</td>
</tr>
<tr>
# techniques).
#
# Copyright : Written by and Copyright
-# Privoxy team. http://www.privoxy.org/
+# Privoxy team. https://www.privoxy.org/
#
# Based on the Internet Junkbuster originally written
# by and Copyright (C) 1997 Anonymous Coders and
# Trustfiles are an experimental feature used for building "whitelists"
# of "trusted" sites (versus the usual "blacklists" technique). For more
-# detail, see http://www.privoxy.org/user-manual/config.html#TRUSTFILE.
+# detail, see https://www.privoxy.org/user-manual/config.html#TRUSTFILE.
# List trusted domains here. The default is to block any URL that is NOT
# referenced. Access to trusted domains includes all paths within that
* patterns.
*
* Copyright : Written by and Copyright (C) 2001-2014
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* patterns.
*
* Copyright : Written by and Copyright (C) 2001-2002, 2006 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
# ********************************************************************
-#
+#
# File : user.filter
-#
+#
# Purpose : Rules to process the content of web pages
-#
+#
# Copyright : Written by and Copyright (C) 2006-2008 the
-# Privoxy team. http://www.privoxy.org/
+# Privoxy team. https://www.privoxy.org/
#
# We value your feedback. However, to provide you with the best support,
# please note:
-#
+#
# * Use the support forum to get help:
# http://sourceforge.net/tracker/?group_id=11118&atid=211118
# * Submit bugs only thru our bug forum:
-# http://sourceforge.net/tracker/?group_id=11118&atid=111118
+# http://sourceforge.net/tracker/?group_id=11118&atid=111118
# Make sure that the bug has not already been submitted. Please try
# to verify that it is a Privoxy bug, and not a browser or site
# bug first. If you are using your own custom configuration, please
# please try the latest one. Or even better, CVS sources.
# * Submit feature requests only thru our feature request forum:
# http://sourceforge.net/tracker/?atid=361118&group_id=11118&func=browse
-#
+#
# For any other issues, feel free to use the mailing lists:
# http://sourceforge.net/mail/?group_id=11118
-#
+#
# Anyone interested in actively participating in development and related
# discussions can join the appropriate mailing list here:
# http://sourceforge.net/mail/?group_id=11118. Archives are available
# here too.
-#
+#
#################################################################################
#
# Syntax:
#
# Note2: In addition to the Perl options gimsx, the following nonstandard
# options are supported:
-#
+#
# 'U' turns the default to ungreedy matching. Add ? to quantifiers to
# switch back to greedy.
#
# escaping anything, therefore you also have to be careful not to chose
# delimiters that appear in the replacement text. For example '<' should
# be save, while '?' will sooner or later cause conflicts with $url.
-#
+#
#################################################################################
* Purpose : Windows GUI resource script.
*
* Copyright : Written by and Copyright (C) 2001-2009 members of
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* ouputting strings, processing messages and so on.
*
* Copyright : Written by and Copyright (C) 2001-2009 members of
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Written by and Copyright (C) 1999 Adam Lock
* <locka@iol.ie>
* ouputting strings, processing messages and so on.
*
* Copyright : Written by and Copyright (C) 2001-2009 members of
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Written by and Copyright (C) 1999 Adam Lock
* <locka@iol.ie>
* Purpose : Identifiers for Windows GUI resources.
*
* Copyright : Written by and Copyright (C) 2001-2002 members of
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
* doing to provide that isolation.
*
* Copyright : Written by and Copyright (C) 2003, 2006 members of
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Written by and Copyright (C) 2003 Ian Cummings
* <ian_a_c@hotmail.com>
* doing to provide that isolation.
*
* Copyright : Written by and Copyright (C) 2003 members of
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Written by and Copyright (C) 2003 Ian Cummings
* <ian_a_c@hotmail.com>
* workspace tray icon
*
* Copyright : Written by and Copyright (C) 2001-2002 members of
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Written by and Copyright (C) 1999 Adam Lock
* <locka@iol.ie>
* workspace tray icon
*
* Copyright : Written by and Copyright (C) 2001-2002 members of
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Written by and Copyright (C) 1999 Adam Lock
* <locka@iol.ie>
* Purpose : Win32 User Interface initialization and message loop
*
* Copyright : Written by and Copyright (C) 2001-2002 members of
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Written by and Copyright (C) 1999 Adam Lock
* <locka@iol.ie>
* Purpose : Win32 User Interface initialization and message loop
*
* Copyright : Written by and Copyright (C) 2001-2002 members of
- * the Privoxy team. http://www.privoxy.org/
+ * the Privoxy team. https://www.privoxy.org/
*
* Written by and Copyright (C) 1999 Adam Lock
* <locka@iol.ie>
##########################################################################
#
# Written by and Copyright (C) 2002-2018 the Privoxy team.
-# http://www.privoxy.org/
+# https://www.privoxy.org/
#
# This script originally written by and Copyright (C) 2002
# Jonathan Foster
;
; Copyright:
; Written by and Copyright (C) 2007-2009 the Privoxy team.
-; http://www.privoxy.org/
+; https://www.privoxy.org/
;
; This script originally written by and Copyright (C) 2002
; Jonathan Foster