]>
ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/log
Simon Ruderich [Mon, 29 Jul 2013 11:15:58 +0000 (13:15 +0200)]
Use memset() to zero sigaction struct.
Simon Ruderich [Mon, 29 Jul 2013 11:14:28 +0000 (13:14 +0200)]
tests/Makefile.am: Remove unnecessary client_SOURCES.
It defaults to $(check_PROGRAMS).c.
Simon Ruderich [Mon, 29 Jul 2013 11:13:33 +0000 (13:13 +0200)]
Check library functions for success values.
Simon Ruderich [Mon, 29 Jul 2013 11:08:47 +0000 (13:08 +0200)]
Add basic digest authentication (-a option).
Simon Ruderich [Mon, 29 Jul 2013 11:01:06 +0000 (13:01 +0200)]
tests: Fix tlsproxy_add() for `make distcheck`.
Running tlsproxy_add() twice with the same hostname failed with `make
distcheck`.
Simon Ruderich [Mon, 29 Jul 2013 10:58:17 +0000 (12:58 +0200)]
tests: Call stop_servers when the shell terminates.
For example when set -e terminates the shell due to a failed process or
the user sends SIGINT.
Simon Ruderich [Mon, 29 Jul 2013 10:35:38 +0000 (12:35 +0200)]
Log messages to stderr.
Simon Ruderich [Mon, 29 Jul 2013 03:12:16 +0000 (05:12 +0200)]
Don't display usage on errors.
Display only the error message. The usage is distracting and requires
more time to read.
Simon Ruderich [Mon, 29 Jul 2013 02:35:24 +0000 (04:35 +0200)]
Prepare HTTP_RESPONSE_FORMAT for additional headers.
Simon Ruderich [Mon, 29 Jul 2013 02:26:33 +0000 (04:26 +0200)]
Simplify functions reporting errors to the client.
Simon Ruderich [Sun, 28 Jul 2013 23:48:22 +0000 (01:48 +0200)]
tests: Simplify redirection in tlsproxy_setup().
Simon Ruderich [Sun, 28 Jul 2013 23:48:01 +0000 (01:48 +0200)]
tests: Add tlsproxy_add() helper function.
Simon Ruderich [Sun, 28 Jul 2013 12:53:39 +0000 (14:53 +0200)]
README: Add C89 compiler to requirements.
Simon Ruderich [Sun, 28 Jul 2013 12:45:39 +0000 (14:45 +0200)]
tests: Add tlsproxy_setup() helper function.
Simon Ruderich [Sun, 28 Jul 2013 12:39:24 +0000 (14:39 +0200)]
Rename log level constants from LOG_* to just *.
Simon Ruderich [Sun, 28 Jul 2013 12:25:06 +0000 (14:25 +0200)]
Use sem_del() to destroy semaphores.
free() only works by accident and doesn't free the mutexes/condition
variables.
Simon Ruderich [Sun, 28 Jul 2013 12:21:20 +0000 (14:21 +0200)]
sem.c: Fix P() for negative start values.
Simon Ruderich [Sun, 28 Jul 2013 12:18:08 +0000 (14:18 +0200)]
tests: Wait until tlsproxy and gnutls-serv are ready.
Prevent failing tests on slower machines where sleep 1 is not enough.
Simon Ruderich [Sun, 28 Jul 2013 11:52:11 +0000 (13:52 +0200)]
Don't use fdopen(socket, "a+").
Using it with sockets is undefined behaviour as correct usage of a+
requires seeking which is not possible on sockets. Instead use separate
read and write FILE *.
Simon Ruderich [Sun, 28 Jul 2013 11:51:23 +0000 (13:51 +0200)]
tests/common.sh: Log output of tlsproxy to tlsproxy-log.
Simon Ruderich [Sun, 28 Jul 2013 11:48:53 +0000 (13:48 +0200)]
tests: Remove tmp in cleanup().
Simon Ruderich [Sun, 28 Jul 2013 11:44:09 +0000 (13:44 +0200)]
tests: Kill PIDs in stop_servers(), not process names.
Simon Ruderich [Sun, 28 Jul 2013 11:21:07 +0000 (13:21 +0200)]
tests: Improve error messages on test failure.
Simon Ruderich [Sun, 28 Jul 2013 10:24:01 +0000 (12:24 +0200)]
tlsproxy.h: Sort includes.
Simon Ruderich [Sun, 28 Jul 2013 10:23:15 +0000 (12:23 +0200)]
verify.c: Move fclose() to prevent overwrite of errno.
Simon Ruderich [Sun, 28 Jul 2013 10:22:26 +0000 (12:22 +0200)]
verify.c: Increase buffer size for server certificates.
Simon Ruderich [Sun, 28 Jul 2013 10:21:21 +0000 (12:21 +0200)]
log.c: Prevent intermingled output from multiple log_message().
Simon Ruderich [Sun, 28 Jul 2013 10:20:44 +0000 (12:20 +0200)]
log.c: Minor cleanup.
Simon Ruderich [Sun, 28 Jul 2013 10:19:54 +0000 (12:19 +0200)]
Add missing fflush().
Shouldn't be necessary but better play it safe.
Simon Ruderich [Sun, 28 Jul 2013 10:13:54 +0000 (12:13 +0200)]
Remove function cast for worker_thread.
Simon Ruderich [Sun, 28 Jul 2013 10:11:23 +0000 (12:11 +0200)]
Minor code cleanup.
Simon Ruderich [Sun, 28 Jul 2013 10:06:31 +0000 (12:06 +0200)]
Minor documentation updates.
Simon Ruderich [Sun, 28 Jul 2013 04:41:03 +0000 (06:41 +0200)]
tests: make clean removes temporary files if a test fails.
Simon Ruderich [Sun, 28 Jul 2013 04:32:40 +0000 (06:32 +0200)]
Fix error handling for getaddrinfo().
Simon Ruderich [Sun, 28 Jul 2013 04:14:41 +0000 (06:14 +0200)]
tests: Use better readable order of arguments in if.
Also simplify strcmp() condition in ifs.
Simon Ruderich [Sun, 28 Jul 2013 02:44:14 +0000 (04:44 +0200)]
Sort #includes and remove unnecessary comments.
Simon Ruderich [Sun, 28 Jul 2013 02:39:12 +0000 (04:39 +0200)]
Simplify a few if conditions.
Simon Ruderich [Sun, 28 Jul 2013 02:38:43 +0000 (04:38 +0200)]
Simplify str(n)cmp() if conditions.
Simon Ruderich [Sun, 28 Jul 2013 02:37:45 +0000 (04:37 +0200)]
Use better readable order of arguments in if.
if (5 == x) as safeguard against if (x = 5) is no longer necessary as
modern compilers warn about if (x = 5).
Simon Ruderich [Fri, 12 Jul 2013 14:11:36 +0000 (16:11 +0200)]
tests/tests.sh: Remove.
Just run `make check`.
Simon Ruderich [Fri, 12 Jul 2013 14:07:25 +0000 (16:07 +0200)]
tests: Cleanup.
Simon Ruderich [Fri, 12 Jul 2013 14:06:48 +0000 (16:06 +0200)]
tests/common.sh: Abort on errors.
Simon Ruderich [Fri, 12 Jul 2013 14:04:09 +0000 (16:04 +0200)]
configure.ac: Cleanup.
Also replace old AC_HELP_STRING() with AS_HELP_STRING().
Simon Ruderich [Fri, 12 Jul 2013 13:47:26 +0000 (15:47 +0200)]
tlsproxy-setup: Fix --sec-param for older certtool versions.
Simon Ruderich [Fri, 12 Apr 2013 14:51:52 +0000 (16:51 +0200)]
src/tlsproxy-setup: Use --sec-param=high.
This creates a bigger RSA key. Not really relevant in our case because
the connection stays local (proxy to client), but it's a good example.
Simon Ruderich [Fri, 12 Apr 2013 14:49:39 +0000 (16:49 +0200)]
src/tlsproxy-add,src/tlsproxy-setup: Increase expiry date.
Simon Ruderich [Fri, 12 Apr 2013 14:47:42 +0000 (16:47 +0200)]
src/tlsproxy-add,src/tlsproxy-setup: Cleanup.
Simon Ruderich [Tue, 26 Feb 2013 23:42:42 +0000 (00:42 +0100)]
tests/common.sh: Simplify error redirection.
Simon Ruderich [Tue, 26 Feb 2013 23:41:14 +0000 (00:41 +0100)]
log.c: Use one printf() instead of two in log_message().
Simon Ruderich [Tue, 15 Jan 2013 19:59:36 +0000 (20:59 +0100)]
src/*,tests/*: Update copyright year.
Simon Ruderich [Tue, 15 Jan 2013 19:56:34 +0000 (20:56 +0100)]
configure.ac: Remove --param=ssp-buffer-size=1.
-fstack-protector-all already protects all functions.
Simon Ruderich [Tue, 31 Jul 2012 22:15:34 +0000 (00:15 +0200)]
configure.ac: Cleanup hardening flags.
Simon Ruderich [Tue, 31 Jul 2012 22:12:05 +0000 (00:12 +0200)]
configure.ac: Use $CPPFLAGS for preprocessor flags.
Simon Ruderich [Tue, 31 Jul 2012 21:59:13 +0000 (23:59 +0200)]
NEWS: Use complete sentences.
Simon Ruderich [Tue, 31 Jul 2012 21:55:54 +0000 (23:55 +0200)]
NEWS: Put latest versions on top.
Simon Ruderich [Sun, 22 Jul 2012 01:26:45 +0000 (03:26 +0200)]
src/connection.c: Fix error check for gnutls_priority_set().
Simon Ruderich [Sun, 11 Mar 2012 22:06:09 +0000 (23:06 +0100)]
src/tlsproxy.c: Display value of invalid options.
Simon Ruderich [Sun, 11 Mar 2012 22:01:04 +0000 (23:01 +0100)]
src/connection.c,src/verify.c: Use a constant for path length.
Simon Ruderich [Sun, 11 Mar 2012 21:58:51 +0000 (22:58 +0100)]
src/tlsproxy.c: Display version in help and debug startup message.
Simon Ruderich [Sun, 11 Mar 2012 21:51:16 +0000 (22:51 +0100)]
src/tlsproxy.c: Minor documentation update.
Simon Ruderich [Sun, 11 Mar 2012 21:50:59 +0000 (22:50 +0100)]
src/sem.c,src/tlsproxy.c: Minor cleanup.
Simon Ruderich [Sun, 11 Mar 2012 21:48:16 +0000 (22:48 +0100)]
src/*,test/*: Add missing quotes to shell scripts.
Simon Ruderich [Sun, 11 Mar 2012 21:47:31 +0000 (22:47 +0100)]
README: Minor update.
Simon Ruderich [Sun, 11 Mar 2012 21:46:51 +0000 (22:46 +0100)]
src/*,tests/*: Update copyright year.
Simon Ruderich [Sun, 11 Mar 2012 21:44:56 +0000 (22:44 +0100)]
configure.ac: Add missing license.
Simon Ruderich [Tue, 15 Nov 2011 14:31:51 +0000 (15:31 +0100)]
configure.ac: Add more hardening flags for GCC.
Also move -pie to LDFLAGS, it's a linker flag.
Simon Ruderich [Sat, 17 Sep 2011 20:42:56 +0000 (22:42 +0200)]
src/verify.c: Better handle a missing proxy certificate.
If the server certificate exists but the proxy certificate is missing no
TLS connection to the client was established at all (only an unencrypted
connection). Now use the "invalid" certificate to send the message to
the client as it should be.
Simon Ruderich [Sat, 17 Sep 2011 20:30:50 +0000 (22:30 +0200)]
tests/tests-*.sh: Remove unnecessary calls to tlsproxy-add.
Simon Ruderich [Sat, 17 Sep 2011 20:07:20 +0000 (22:07 +0200)]
tests/tests.sh: If the first test fails abort.
A failure in the first test was ignored until now!
Simon Ruderich [Sat, 17 Sep 2011 19:42:52 +0000 (21:42 +0200)]
src/connection.c: Minor cleanup.
Simon Ruderich [Sat, 17 Sep 2011 19:33:52 +0000 (21:33 +0200)]
Rename server_certificate_path() to server_certificate_file().
Simon Ruderich [Sat, 17 Sep 2011 19:30:17 +0000 (21:30 +0200)]
src/connection.c: Correctly log suggested buffer size.
Simon Ruderich [Sat, 17 Sep 2011 19:26:21 +0000 (21:26 +0200)]
src/verify.c: Remove duplicated code.
Moved to new helper function get_certificate_path().
Simon Ruderich [Sat, 17 Sep 2011 18:59:01 +0000 (20:59 +0200)]
src/connection.c: Move code to get proxy certificate path to verify.c.
Moved to new function proxy_certificate_path() in verify.c.
Simon Ruderich [Thu, 8 Sep 2011 13:55:58 +0000 (15:55 +0200)]
src/connection.c: Reduce calls to gnutls_record_get_max_size().
Calling it once per connection is sufficient.
Simon Ruderich [Tue, 6 Sep 2011 14:31:11 +0000 (16:31 +0200)]
src/*.c: Minor documentation updates.
Simon Ruderich [Tue, 6 Sep 2011 14:30:01 +0000 (16:30 +0200)]
README: Minor documentation updates.
Simon Ruderich [Tue, 6 Sep 2011 14:20:09 +0000 (16:20 +0200)]
src/log.c: Fix build without DEBUG.
Broken in
64bfebde76d568808b6fa8a8d09b4b5afe13dc15 .
Simon Ruderich [Tue, 6 Sep 2011 14:13:12 +0000 (16:13 +0200)]
Check return value of snprintf().
Simon Ruderich [Fri, 19 Aug 2011 00:14:00 +0000 (02:14 +0200)]
configure.ac: Compile with additional security features if GCC is used.
See http://wiki.debian.org/Hardening for more information.
Simon Ruderich [Thu, 18 Aug 2011 23:53:52 +0000 (01:53 +0200)]
Implement cleaner logging approach.
Simon Ruderich [Wed, 23 Mar 2011 22:42:28 +0000 (23:42 +0100)]
Release 0.2.
Simon Ruderich [Wed, 23 Mar 2011 22:34:52 +0000 (23:34 +0100)]
src/verify.c: Print server certificate in case of an error.
Simon Ruderich [Wed, 23 Mar 2011 22:34:13 +0000 (23:34 +0100)]
README: Fix typo.
Simon Ruderich [Tue, 22 Mar 2011 16:09:32 +0000 (17:09 +0100)]
src/connection.c: Remove unnecessary check.
Simon Ruderich [Tue, 22 Mar 2011 16:09:15 +0000 (17:09 +0100)]
src/tlsproxy.c: Initialize done with 0 for clarity.
Simon Ruderich [Tue, 22 Mar 2011 16:08:02 +0000 (17:08 +0100)]
Minor whitespace fixes.
Simon Ruderich [Tue, 22 Mar 2011 16:07:44 +0000 (17:07 +0100)]
Minor source comment fixes.
Simon Ruderich [Wed, 16 Mar 2011 21:29:10 +0000 (22:29 +0100)]
README: Add KNOWN ISSUES with a minor Firefox problem.
Simon Ruderich [Wed, 16 Mar 2011 21:26:37 +0000 (22:26 +0100)]
src/tlsproxy.h: Prepend global_ to tls_priority_cache and tls_dh_params.
Simon Ruderich [Wed, 16 Mar 2011 16:58:42 +0000 (17:58 +0100)]
src/connection.c: Send HTML in error messages.
Simon Ruderich [Wed, 16 Mar 2011 13:25:45 +0000 (14:25 +0100)]
README: Improve -u description.
Simon Ruderich [Tue, 15 Mar 2011 21:31:50 +0000 (22:31 +0100)]
README: Add information about -u option.
Simon Ruderich [Tue, 15 Mar 2011 21:01:28 +0000 (22:01 +0100)]
tests/test-*.sh: Minor comment update.
Simon Ruderich [Tue, 15 Mar 2011 20:52:43 +0000 (21:52 +0100)]
Add -u option to pass through unknown hostnames.
Also add tests.
If -d 2 is used then use SO_REUSEADDR, necessary for the test suite as
we have to restart the proxy and otherwise we have to wait for the
timeout.
Simon Ruderich [Tue, 15 Mar 2011 20:35:21 +0000 (21:35 +0100)]
tests/client.c: Exit with EXIT_FAILURE if hostname doesn't match.
Simon Ruderich [Tue, 15 Mar 2011 20:34:33 +0000 (21:34 +0100)]
tests: Correctly handle cleanup of (temporary) files.
Simon Ruderich [Tue, 15 Mar 2011 20:27:49 +0000 (21:27 +0100)]
tests: Separate common test data, move tests in tests-normal.sh.
Simon Ruderich [Tue, 15 Mar 2011 18:05:26 +0000 (19:05 +0100)]
README: Clarify use of `proxy-invalid.pem`.
No client data is sent to the server in case of an error.
Simon Ruderich [Tue, 15 Mar 2011 16:12:11 +0000 (17:12 +0100)]
src/tlsproxy.c: Add missing htonl() for INADDR_ANY.
Not really necessary as INADDR_ANY is normally 0.