]>
ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/log
Simon Ruderich [Thu, 8 Aug 2013 19:07:03 +0000 (21:07 +0200)]
Rename http_digest_authorization to global_http_digest_authorization.
Simon Ruderich [Thu, 8 Aug 2013 19:05:40 +0000 (21:05 +0200)]
Add missing free(http_digest_authorization).
Simon Ruderich [Thu, 8 Aug 2013 19:02:13 +0000 (21:02 +0200)]
Use pre-generated Diffie-Hellman parameters.
This is much faster than generation them on each start and allows us to
use larger parameter sizes.
Simon Ruderich [Thu, 8 Aug 2013 18:54:56 +0000 (20:54 +0200)]
NEWS: Add a few empty lines.
Simon Ruderich [Thu, 8 Aug 2013 16:46:49 +0000 (18:46 +0200)]
.gitignore: Add tests/proxy-*.pem.
Forgot in
de03b92112c497bb5d1d468a240da12ea0605e60 .
Simon Ruderich [Thu, 8 Aug 2013 16:45:13 +0000 (18:45 +0200)]
tests/Makefile.am: Wrap CLEANFILES list.
Simon Ruderich [Thu, 8 Aug 2013 16:42:27 +0000 (18:42 +0200)]
tests/common.sh: Don't remove proxy-*.pem after each test.
Running `tlsproxy-setup` takes quite some time. Don't rerun it on each
test run, just reuse the files from the first run.
Simon Ruderich [Thu, 8 Aug 2013 16:41:28 +0000 (18:41 +0200)]
tests/Makefile.am: Add proxy-invalid.pem to CLEANFILES.
Simon Ruderich [Thu, 8 Aug 2013 16:13:34 +0000 (18:13 +0200)]
Rename slurp_file() to slurp_text_file().
It can only handle text files.
Simon Ruderich [Thu, 8 Aug 2013 15:48:08 +0000 (17:48 +0200)]
Use gnutls_transport_set_int() if available.
Prevents an unnecessary warning (int to pointer cast).
Simon Ruderich [Thu, 8 Aug 2013 15:24:49 +0000 (17:24 +0200)]
Rename *_FILE constants to *_PATH.
Simon Ruderich [Thu, 8 Aug 2013 15:20:58 +0000 (17:20 +0200)]
Add initialize_tls_session_both() to reduce duplication.
Simon Ruderich [Tue, 6 Aug 2013 21:03:47 +0000 (23:03 +0200)]
README: Stderr is now used for logging.
Simon Ruderich [Tue, 6 Aug 2013 21:01:47 +0000 (23:01 +0200)]
Add basic man pages.
Simon Ruderich [Tue, 6 Aug 2013 20:43:52 +0000 (22:43 +0200)]
README: Add author and license sections.
Simon Ruderich [Tue, 6 Aug 2013 19:29:47 +0000 (21:29 +0200)]
NEWS: Update.
Simon Ruderich [Tue, 6 Aug 2013 04:16:15 +0000 (06:16 +0200)]
Add disabled debug functions for GnuTLS.
Simon Ruderich [Tue, 6 Aug 2013 04:15:47 +0000 (06:15 +0200)]
Fix test-suite for recent gnutls-serv.
Simon Ruderich [Tue, 6 Aug 2013 04:14:48 +0000 (06:14 +0200)]
Fix compile with --enable-debug.
Simon Ruderich [Tue, 6 Aug 2013 02:24:14 +0000 (04:24 +0200)]
Fix compile with current GnuTLS versions.
Simon Ruderich [Tue, 6 Aug 2013 02:21:22 +0000 (04:21 +0200)]
Rename DEBUG log level to DEBUG1.
Log level DEBUG conflicts with --enable-debug's DEBUG.
Simon Ruderich [Sun, 4 Aug 2013 20:41:44 +0000 (22:41 +0200)]
Reduce calls to LOG() in read_from_write_to() and read_from_write_to_tls().
Simon Ruderich [Sun, 4 Aug 2013 15:52:06 +0000 (17:52 +0200)]
Fix indentation of LOG() calls.
"Broken" in
8b2ed4a58229f9b377f3a4ae74af36c31c5db1c0 .
Simon Ruderich [Wed, 31 Jul 2013 16:19:40 +0000 (18:19 +0200)]
tests: Wait at most 20 seconds in wait_for_ports().
Prevents endless loop if the server failed to start.
Simon Ruderich [Mon, 29 Jul 2013 11:31:39 +0000 (13:31 +0200)]
Add two assert()s.
Simon Ruderich [Mon, 29 Jul 2013 11:26:47 +0000 (13:26 +0200)]
tests: Add disabled valgrind command.
Makes it easy to run the tests with valgrind.
Simon Ruderich [Mon, 29 Jul 2013 11:22:01 +0000 (13:22 +0200)]
tests/client.c: Don't use fdopen(socket, "a+").
Simon Ruderich [Mon, 29 Jul 2013 11:17:02 +0000 (13:17 +0200)]
Don't initialize static variables to 0.
Simon Ruderich [Mon, 29 Jul 2013 11:15:58 +0000 (13:15 +0200)]
Use memset() to zero sigaction struct.
Simon Ruderich [Mon, 29 Jul 2013 11:14:28 +0000 (13:14 +0200)]
tests/Makefile.am: Remove unnecessary client_SOURCES.
It defaults to $(check_PROGRAMS).c.
Simon Ruderich [Mon, 29 Jul 2013 11:13:33 +0000 (13:13 +0200)]
Check library functions for success values.
Simon Ruderich [Mon, 29 Jul 2013 11:08:47 +0000 (13:08 +0200)]
Add basic digest authentication (-a option).
Simon Ruderich [Mon, 29 Jul 2013 11:01:06 +0000 (13:01 +0200)]
tests: Fix tlsproxy_add() for `make distcheck`.
Running tlsproxy_add() twice with the same hostname failed with `make
distcheck`.
Simon Ruderich [Mon, 29 Jul 2013 10:58:17 +0000 (12:58 +0200)]
tests: Call stop_servers when the shell terminates.
For example when set -e terminates the shell due to a failed process or
the user sends SIGINT.
Simon Ruderich [Mon, 29 Jul 2013 10:35:38 +0000 (12:35 +0200)]
Log messages to stderr.
Simon Ruderich [Mon, 29 Jul 2013 03:12:16 +0000 (05:12 +0200)]
Don't display usage on errors.
Display only the error message. The usage is distracting and requires
more time to read.
Simon Ruderich [Mon, 29 Jul 2013 02:35:24 +0000 (04:35 +0200)]
Prepare HTTP_RESPONSE_FORMAT for additional headers.
Simon Ruderich [Mon, 29 Jul 2013 02:26:33 +0000 (04:26 +0200)]
Simplify functions reporting errors to the client.
Simon Ruderich [Sun, 28 Jul 2013 23:48:22 +0000 (01:48 +0200)]
tests: Simplify redirection in tlsproxy_setup().
Simon Ruderich [Sun, 28 Jul 2013 23:48:01 +0000 (01:48 +0200)]
tests: Add tlsproxy_add() helper function.
Simon Ruderich [Sun, 28 Jul 2013 12:53:39 +0000 (14:53 +0200)]
README: Add C89 compiler to requirements.
Simon Ruderich [Sun, 28 Jul 2013 12:45:39 +0000 (14:45 +0200)]
tests: Add tlsproxy_setup() helper function.
Simon Ruderich [Sun, 28 Jul 2013 12:39:24 +0000 (14:39 +0200)]
Rename log level constants from LOG_* to just *.
Simon Ruderich [Sun, 28 Jul 2013 12:25:06 +0000 (14:25 +0200)]
Use sem_del() to destroy semaphores.
free() only works by accident and doesn't free the mutexes/condition
variables.
Simon Ruderich [Sun, 28 Jul 2013 12:21:20 +0000 (14:21 +0200)]
sem.c: Fix P() for negative start values.
Simon Ruderich [Sun, 28 Jul 2013 12:18:08 +0000 (14:18 +0200)]
tests: Wait until tlsproxy and gnutls-serv are ready.
Prevent failing tests on slower machines where sleep 1 is not enough.
Simon Ruderich [Sun, 28 Jul 2013 11:52:11 +0000 (13:52 +0200)]
Don't use fdopen(socket, "a+").
Using it with sockets is undefined behaviour as correct usage of a+
requires seeking which is not possible on sockets. Instead use separate
read and write FILE *.
Simon Ruderich [Sun, 28 Jul 2013 11:51:23 +0000 (13:51 +0200)]
tests/common.sh: Log output of tlsproxy to tlsproxy-log.
Simon Ruderich [Sun, 28 Jul 2013 11:48:53 +0000 (13:48 +0200)]
tests: Remove tmp in cleanup().
Simon Ruderich [Sun, 28 Jul 2013 11:44:09 +0000 (13:44 +0200)]
tests: Kill PIDs in stop_servers(), not process names.
Simon Ruderich [Sun, 28 Jul 2013 11:21:07 +0000 (13:21 +0200)]
tests: Improve error messages on test failure.
Simon Ruderich [Sun, 28 Jul 2013 10:24:01 +0000 (12:24 +0200)]
tlsproxy.h: Sort includes.
Simon Ruderich [Sun, 28 Jul 2013 10:23:15 +0000 (12:23 +0200)]
verify.c: Move fclose() to prevent overwrite of errno.
Simon Ruderich [Sun, 28 Jul 2013 10:22:26 +0000 (12:22 +0200)]
verify.c: Increase buffer size for server certificates.
Simon Ruderich [Sun, 28 Jul 2013 10:21:21 +0000 (12:21 +0200)]
log.c: Prevent intermingled output from multiple log_message().
Simon Ruderich [Sun, 28 Jul 2013 10:20:44 +0000 (12:20 +0200)]
log.c: Minor cleanup.
Simon Ruderich [Sun, 28 Jul 2013 10:19:54 +0000 (12:19 +0200)]
Add missing fflush().
Shouldn't be necessary but better play it safe.
Simon Ruderich [Sun, 28 Jul 2013 10:13:54 +0000 (12:13 +0200)]
Remove function cast for worker_thread.
Simon Ruderich [Sun, 28 Jul 2013 10:11:23 +0000 (12:11 +0200)]
Minor code cleanup.
Simon Ruderich [Sun, 28 Jul 2013 10:06:31 +0000 (12:06 +0200)]
Minor documentation updates.
Simon Ruderich [Sun, 28 Jul 2013 04:41:03 +0000 (06:41 +0200)]
tests: make clean removes temporary files if a test fails.
Simon Ruderich [Sun, 28 Jul 2013 04:32:40 +0000 (06:32 +0200)]
Fix error handling for getaddrinfo().
Simon Ruderich [Sun, 28 Jul 2013 04:14:41 +0000 (06:14 +0200)]
tests: Use better readable order of arguments in if.
Also simplify strcmp() condition in ifs.
Simon Ruderich [Sun, 28 Jul 2013 02:44:14 +0000 (04:44 +0200)]
Sort #includes and remove unnecessary comments.
Simon Ruderich [Sun, 28 Jul 2013 02:39:12 +0000 (04:39 +0200)]
Simplify a few if conditions.
Simon Ruderich [Sun, 28 Jul 2013 02:38:43 +0000 (04:38 +0200)]
Simplify str(n)cmp() if conditions.
Simon Ruderich [Sun, 28 Jul 2013 02:37:45 +0000 (04:37 +0200)]
Use better readable order of arguments in if.
if (5 == x) as safeguard against if (x = 5) is no longer necessary as
modern compilers warn about if (x = 5).
Simon Ruderich [Fri, 12 Jul 2013 14:11:36 +0000 (16:11 +0200)]
tests/tests.sh: Remove.
Just run `make check`.
Simon Ruderich [Fri, 12 Jul 2013 14:07:25 +0000 (16:07 +0200)]
tests: Cleanup.
Simon Ruderich [Fri, 12 Jul 2013 14:06:48 +0000 (16:06 +0200)]
tests/common.sh: Abort on errors.
Simon Ruderich [Fri, 12 Jul 2013 14:04:09 +0000 (16:04 +0200)]
configure.ac: Cleanup.
Also replace old AC_HELP_STRING() with AS_HELP_STRING().
Simon Ruderich [Fri, 12 Jul 2013 13:47:26 +0000 (15:47 +0200)]
tlsproxy-setup: Fix --sec-param for older certtool versions.
Simon Ruderich [Fri, 12 Apr 2013 14:51:52 +0000 (16:51 +0200)]
src/tlsproxy-setup: Use --sec-param=high.
This creates a bigger RSA key. Not really relevant in our case because
the connection stays local (proxy to client), but it's a good example.
Simon Ruderich [Fri, 12 Apr 2013 14:49:39 +0000 (16:49 +0200)]
src/tlsproxy-add,src/tlsproxy-setup: Increase expiry date.
Simon Ruderich [Fri, 12 Apr 2013 14:47:42 +0000 (16:47 +0200)]
src/tlsproxy-add,src/tlsproxy-setup: Cleanup.
Simon Ruderich [Tue, 26 Feb 2013 23:42:42 +0000 (00:42 +0100)]
tests/common.sh: Simplify error redirection.
Simon Ruderich [Tue, 26 Feb 2013 23:41:14 +0000 (00:41 +0100)]
log.c: Use one printf() instead of two in log_message().
Simon Ruderich [Tue, 15 Jan 2013 19:59:36 +0000 (20:59 +0100)]
src/*,tests/*: Update copyright year.
Simon Ruderich [Tue, 15 Jan 2013 19:56:34 +0000 (20:56 +0100)]
configure.ac: Remove --param=ssp-buffer-size=1.
-fstack-protector-all already protects all functions.
Simon Ruderich [Tue, 31 Jul 2012 22:15:34 +0000 (00:15 +0200)]
configure.ac: Cleanup hardening flags.
Simon Ruderich [Tue, 31 Jul 2012 22:12:05 +0000 (00:12 +0200)]
configure.ac: Use $CPPFLAGS for preprocessor flags.
Simon Ruderich [Tue, 31 Jul 2012 21:59:13 +0000 (23:59 +0200)]
NEWS: Use complete sentences.
Simon Ruderich [Tue, 31 Jul 2012 21:55:54 +0000 (23:55 +0200)]
NEWS: Put latest versions on top.
Simon Ruderich [Sun, 22 Jul 2012 01:26:45 +0000 (03:26 +0200)]
src/connection.c: Fix error check for gnutls_priority_set().
Simon Ruderich [Sun, 11 Mar 2012 22:06:09 +0000 (23:06 +0100)]
src/tlsproxy.c: Display value of invalid options.
Simon Ruderich [Sun, 11 Mar 2012 22:01:04 +0000 (23:01 +0100)]
src/connection.c,src/verify.c: Use a constant for path length.
Simon Ruderich [Sun, 11 Mar 2012 21:58:51 +0000 (22:58 +0100)]
src/tlsproxy.c: Display version in help and debug startup message.
Simon Ruderich [Sun, 11 Mar 2012 21:51:16 +0000 (22:51 +0100)]
src/tlsproxy.c: Minor documentation update.
Simon Ruderich [Sun, 11 Mar 2012 21:50:59 +0000 (22:50 +0100)]
src/sem.c,src/tlsproxy.c: Minor cleanup.
Simon Ruderich [Sun, 11 Mar 2012 21:48:16 +0000 (22:48 +0100)]
src/*,test/*: Add missing quotes to shell scripts.
Simon Ruderich [Sun, 11 Mar 2012 21:47:31 +0000 (22:47 +0100)]
README: Minor update.
Simon Ruderich [Sun, 11 Mar 2012 21:46:51 +0000 (22:46 +0100)]
src/*,tests/*: Update copyright year.
Simon Ruderich [Sun, 11 Mar 2012 21:44:56 +0000 (22:44 +0100)]
configure.ac: Add missing license.
Simon Ruderich [Tue, 15 Nov 2011 14:31:51 +0000 (15:31 +0100)]
configure.ac: Add more hardening flags for GCC.
Also move -pie to LDFLAGS, it's a linker flag.
Simon Ruderich [Sat, 17 Sep 2011 20:42:56 +0000 (22:42 +0200)]
src/verify.c: Better handle a missing proxy certificate.
If the server certificate exists but the proxy certificate is missing no
TLS connection to the client was established at all (only an unencrypted
connection). Now use the "invalid" certificate to send the message to
the client as it should be.
Simon Ruderich [Sat, 17 Sep 2011 20:30:50 +0000 (22:30 +0200)]
tests/tests-*.sh: Remove unnecessary calls to tlsproxy-add.
Simon Ruderich [Sat, 17 Sep 2011 20:07:20 +0000 (22:07 +0200)]
tests/tests.sh: If the first test fails abort.
A failure in the first test was ignored until now!
Simon Ruderich [Sat, 17 Sep 2011 19:42:52 +0000 (21:42 +0200)]
src/connection.c: Minor cleanup.
Simon Ruderich [Sat, 17 Sep 2011 19:33:52 +0000 (21:33 +0200)]
Rename server_certificate_path() to server_certificate_file().
Simon Ruderich [Sat, 17 Sep 2011 19:30:17 +0000 (21:30 +0200)]
src/connection.c: Correctly log suggested buffer size.