]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/log
tlsproxy/tlsproxy.git
11 years agoUse memset() to zero sigaction struct.
Simon Ruderich [Mon, 29 Jul 2013 11:15:58 +0000 (13:15 +0200)]
Use memset() to zero sigaction struct.

11 years agotests/Makefile.am: Remove unnecessary client_SOURCES.
Simon Ruderich [Mon, 29 Jul 2013 11:14:28 +0000 (13:14 +0200)]
tests/Makefile.am: Remove unnecessary client_SOURCES.

It defaults to $(check_PROGRAMS).c.

11 years agoCheck library functions for success values.
Simon Ruderich [Mon, 29 Jul 2013 11:13:33 +0000 (13:13 +0200)]
Check library functions for success values.

11 years agoAdd basic digest authentication (-a option).
Simon Ruderich [Mon, 29 Jul 2013 11:08:47 +0000 (13:08 +0200)]
Add basic digest authentication (-a option).

11 years agotests: Fix tlsproxy_add() for `make distcheck`.
Simon Ruderich [Mon, 29 Jul 2013 11:01:06 +0000 (13:01 +0200)]
tests: Fix tlsproxy_add() for `make distcheck`.

Running tlsproxy_add() twice with the same hostname failed with `make
distcheck`.

11 years agotests: Call stop_servers when the shell terminates.
Simon Ruderich [Mon, 29 Jul 2013 10:58:17 +0000 (12:58 +0200)]
tests: Call stop_servers when the shell terminates.

For example when set -e terminates the shell due to a failed process or
the user sends SIGINT.

11 years agoLog messages to stderr.
Simon Ruderich [Mon, 29 Jul 2013 10:35:38 +0000 (12:35 +0200)]
Log messages to stderr.

11 years agoDon't display usage on errors.
Simon Ruderich [Mon, 29 Jul 2013 03:12:16 +0000 (05:12 +0200)]
Don't display usage on errors.

Display only the error message. The usage is distracting and requires
more time to read.

11 years agoPrepare HTTP_RESPONSE_FORMAT for additional headers.
Simon Ruderich [Mon, 29 Jul 2013 02:35:24 +0000 (04:35 +0200)]
Prepare HTTP_RESPONSE_FORMAT for additional headers.

11 years agoSimplify functions reporting errors to the client.
Simon Ruderich [Mon, 29 Jul 2013 02:26:33 +0000 (04:26 +0200)]
Simplify functions reporting errors to the client.

11 years agotests: Simplify redirection in tlsproxy_setup().
Simon Ruderich [Sun, 28 Jul 2013 23:48:22 +0000 (01:48 +0200)]
tests: Simplify redirection in tlsproxy_setup().

11 years agotests: Add tlsproxy_add() helper function.
Simon Ruderich [Sun, 28 Jul 2013 23:48:01 +0000 (01:48 +0200)]
tests: Add tlsproxy_add() helper function.

11 years agoREADME: Add C89 compiler to requirements.
Simon Ruderich [Sun, 28 Jul 2013 12:53:39 +0000 (14:53 +0200)]
README: Add C89 compiler to requirements.

11 years agotests: Add tlsproxy_setup() helper function.
Simon Ruderich [Sun, 28 Jul 2013 12:45:39 +0000 (14:45 +0200)]
tests: Add tlsproxy_setup() helper function.

11 years agoRename log level constants from LOG_* to just *.
Simon Ruderich [Sun, 28 Jul 2013 12:39:24 +0000 (14:39 +0200)]
Rename log level constants from LOG_* to just *.

11 years agoUse sem_del() to destroy semaphores.
Simon Ruderich [Sun, 28 Jul 2013 12:25:06 +0000 (14:25 +0200)]
Use sem_del() to destroy semaphores.

free() only works by accident and doesn't free the mutexes/condition
variables.

11 years agosem.c: Fix P() for negative start values.
Simon Ruderich [Sun, 28 Jul 2013 12:21:20 +0000 (14:21 +0200)]
sem.c: Fix P() for negative start values.

11 years agotests: Wait until tlsproxy and gnutls-serv are ready.
Simon Ruderich [Sun, 28 Jul 2013 12:18:08 +0000 (14:18 +0200)]
tests: Wait until tlsproxy and gnutls-serv are ready.

Prevent failing tests on slower machines where sleep 1 is not enough.

11 years agoDon't use fdopen(socket, "a+").
Simon Ruderich [Sun, 28 Jul 2013 11:52:11 +0000 (13:52 +0200)]
Don't use fdopen(socket, "a+").

Using it with sockets is undefined behaviour as correct usage of a+
requires seeking which is not possible on sockets. Instead use separate
read and write FILE *.

11 years agotests/common.sh: Log output of tlsproxy to tlsproxy-log.
Simon Ruderich [Sun, 28 Jul 2013 11:51:23 +0000 (13:51 +0200)]
tests/common.sh: Log output of tlsproxy to tlsproxy-log.

11 years agotests: Remove tmp in cleanup().
Simon Ruderich [Sun, 28 Jul 2013 11:48:53 +0000 (13:48 +0200)]
tests: Remove tmp in cleanup().

11 years agotests: Kill PIDs in stop_servers(), not process names.
Simon Ruderich [Sun, 28 Jul 2013 11:44:09 +0000 (13:44 +0200)]
tests: Kill PIDs in stop_servers(), not process names.

11 years agotests: Improve error messages on test failure.
Simon Ruderich [Sun, 28 Jul 2013 11:21:07 +0000 (13:21 +0200)]
tests: Improve error messages on test failure.

11 years agotlsproxy.h: Sort includes.
Simon Ruderich [Sun, 28 Jul 2013 10:24:01 +0000 (12:24 +0200)]
tlsproxy.h: Sort includes.

11 years agoverify.c: Move fclose() to prevent overwrite of errno.
Simon Ruderich [Sun, 28 Jul 2013 10:23:15 +0000 (12:23 +0200)]
verify.c: Move fclose() to prevent overwrite of errno.

11 years agoverify.c: Increase buffer size for server certificates.
Simon Ruderich [Sun, 28 Jul 2013 10:22:26 +0000 (12:22 +0200)]
verify.c: Increase buffer size for server certificates.

11 years agolog.c: Prevent intermingled output from multiple log_message().
Simon Ruderich [Sun, 28 Jul 2013 10:21:21 +0000 (12:21 +0200)]
log.c: Prevent intermingled output from multiple log_message().

11 years agolog.c: Minor cleanup.
Simon Ruderich [Sun, 28 Jul 2013 10:20:44 +0000 (12:20 +0200)]
log.c: Minor cleanup.

11 years agoAdd missing fflush().
Simon Ruderich [Sun, 28 Jul 2013 10:19:54 +0000 (12:19 +0200)]
Add missing fflush().

Shouldn't be necessary but better play it safe.

11 years agoRemove function cast for worker_thread.
Simon Ruderich [Sun, 28 Jul 2013 10:13:54 +0000 (12:13 +0200)]
Remove function cast for worker_thread.

11 years agoMinor code cleanup.
Simon Ruderich [Sun, 28 Jul 2013 10:11:23 +0000 (12:11 +0200)]
Minor code cleanup.

11 years agoMinor documentation updates.
Simon Ruderich [Sun, 28 Jul 2013 10:06:31 +0000 (12:06 +0200)]
Minor documentation updates.

11 years agotests: make clean removes temporary files if a test fails.
Simon Ruderich [Sun, 28 Jul 2013 04:41:03 +0000 (06:41 +0200)]
tests: make clean removes temporary files if a test fails.

11 years agoFix error handling for getaddrinfo().
Simon Ruderich [Sun, 28 Jul 2013 04:32:40 +0000 (06:32 +0200)]
Fix error handling for getaddrinfo().

11 years agotests: Use better readable order of arguments in if.
Simon Ruderich [Sun, 28 Jul 2013 04:14:41 +0000 (06:14 +0200)]
tests: Use better readable order of arguments in if.

Also simplify strcmp() condition in ifs.

11 years agoSort #includes and remove unnecessary comments.
Simon Ruderich [Sun, 28 Jul 2013 02:44:14 +0000 (04:44 +0200)]
Sort #includes and remove unnecessary comments.

11 years agoSimplify a few if conditions.
Simon Ruderich [Sun, 28 Jul 2013 02:39:12 +0000 (04:39 +0200)]
Simplify a few if conditions.

11 years agoSimplify str(n)cmp() if conditions.
Simon Ruderich [Sun, 28 Jul 2013 02:38:43 +0000 (04:38 +0200)]
Simplify str(n)cmp() if conditions.

11 years agoUse better readable order of arguments in if.
Simon Ruderich [Sun, 28 Jul 2013 02:37:45 +0000 (04:37 +0200)]
Use better readable order of arguments in if.

if (5 == x) as safeguard against if (x = 5) is no longer necessary as
modern compilers warn about if (x = 5).

11 years agotests/tests.sh: Remove.
Simon Ruderich [Fri, 12 Jul 2013 14:11:36 +0000 (16:11 +0200)]
tests/tests.sh: Remove.

Just run `make check`.

11 years agotests: Cleanup.
Simon Ruderich [Fri, 12 Jul 2013 14:07:25 +0000 (16:07 +0200)]
tests: Cleanup.

11 years agotests/common.sh: Abort on errors.
Simon Ruderich [Fri, 12 Jul 2013 14:06:48 +0000 (16:06 +0200)]
tests/common.sh: Abort on errors.

11 years agoconfigure.ac: Cleanup.
Simon Ruderich [Fri, 12 Jul 2013 14:04:09 +0000 (16:04 +0200)]
configure.ac: Cleanup.

Also replace old AC_HELP_STRING() with AS_HELP_STRING().

11 years agotlsproxy-setup: Fix --sec-param for older certtool versions.
Simon Ruderich [Fri, 12 Jul 2013 13:47:26 +0000 (15:47 +0200)]
tlsproxy-setup: Fix --sec-param for older certtool versions.

11 years agosrc/tlsproxy-setup: Use --sec-param=high.
Simon Ruderich [Fri, 12 Apr 2013 14:51:52 +0000 (16:51 +0200)]
src/tlsproxy-setup: Use --sec-param=high.

This creates a bigger RSA key. Not really relevant in our case because
the connection stays local (proxy to client), but it's a good example.

11 years agosrc/tlsproxy-add,src/tlsproxy-setup: Increase expiry date.
Simon Ruderich [Fri, 12 Apr 2013 14:49:39 +0000 (16:49 +0200)]
src/tlsproxy-add,src/tlsproxy-setup: Increase expiry date.

11 years agosrc/tlsproxy-add,src/tlsproxy-setup: Cleanup.
Simon Ruderich [Fri, 12 Apr 2013 14:47:42 +0000 (16:47 +0200)]
src/tlsproxy-add,src/tlsproxy-setup: Cleanup.

11 years agotests/common.sh: Simplify error redirection.
Simon Ruderich [Tue, 26 Feb 2013 23:42:42 +0000 (00:42 +0100)]
tests/common.sh: Simplify error redirection.

11 years agolog.c: Use one printf() instead of two in log_message().
Simon Ruderich [Tue, 26 Feb 2013 23:41:14 +0000 (00:41 +0100)]
log.c: Use one printf() instead of two in log_message().

11 years agosrc/*,tests/*: Update copyright year.
Simon Ruderich [Tue, 15 Jan 2013 19:59:36 +0000 (20:59 +0100)]
src/*,tests/*: Update copyright year.

11 years agoconfigure.ac: Remove --param=ssp-buffer-size=1.
Simon Ruderich [Tue, 15 Jan 2013 19:56:34 +0000 (20:56 +0100)]
configure.ac: Remove --param=ssp-buffer-size=1.

-fstack-protector-all already protects all functions.

12 years agoconfigure.ac: Cleanup hardening flags.
Simon Ruderich [Tue, 31 Jul 2012 22:15:34 +0000 (00:15 +0200)]
configure.ac: Cleanup hardening flags.

12 years agoconfigure.ac: Use $CPPFLAGS for preprocessor flags.
Simon Ruderich [Tue, 31 Jul 2012 22:12:05 +0000 (00:12 +0200)]
configure.ac: Use $CPPFLAGS for preprocessor flags.

12 years agoNEWS: Use complete sentences.
Simon Ruderich [Tue, 31 Jul 2012 21:59:13 +0000 (23:59 +0200)]
NEWS: Use complete sentences.

12 years agoNEWS: Put latest versions on top.
Simon Ruderich [Tue, 31 Jul 2012 21:55:54 +0000 (23:55 +0200)]
NEWS: Put latest versions on top.

12 years agosrc/connection.c: Fix error check for gnutls_priority_set().
Simon Ruderich [Sun, 22 Jul 2012 01:26:45 +0000 (03:26 +0200)]
src/connection.c: Fix error check for gnutls_priority_set().

12 years agosrc/tlsproxy.c: Display value of invalid options.
Simon Ruderich [Sun, 11 Mar 2012 22:06:09 +0000 (23:06 +0100)]
src/tlsproxy.c: Display value of invalid options.

12 years agosrc/connection.c,src/verify.c: Use a constant for path length.
Simon Ruderich [Sun, 11 Mar 2012 22:01:04 +0000 (23:01 +0100)]
src/connection.c,src/verify.c: Use a constant for path length.

12 years agosrc/tlsproxy.c: Display version in help and debug startup message.
Simon Ruderich [Sun, 11 Mar 2012 21:58:51 +0000 (22:58 +0100)]
src/tlsproxy.c: Display version in help and debug startup message.

12 years agosrc/tlsproxy.c: Minor documentation update.
Simon Ruderich [Sun, 11 Mar 2012 21:51:16 +0000 (22:51 +0100)]
src/tlsproxy.c: Minor documentation update.

12 years agosrc/sem.c,src/tlsproxy.c: Minor cleanup.
Simon Ruderich [Sun, 11 Mar 2012 21:50:59 +0000 (22:50 +0100)]
src/sem.c,src/tlsproxy.c: Minor cleanup.

12 years agosrc/*,test/*: Add missing quotes to shell scripts.
Simon Ruderich [Sun, 11 Mar 2012 21:48:16 +0000 (22:48 +0100)]
src/*,test/*: Add missing quotes to shell scripts.

12 years agoREADME: Minor update.
Simon Ruderich [Sun, 11 Mar 2012 21:47:31 +0000 (22:47 +0100)]
README: Minor update.

12 years agosrc/*,tests/*: Update copyright year.
Simon Ruderich [Sun, 11 Mar 2012 21:46:51 +0000 (22:46 +0100)]
src/*,tests/*: Update copyright year.

12 years agoconfigure.ac: Add missing license.
Simon Ruderich [Sun, 11 Mar 2012 21:44:56 +0000 (22:44 +0100)]
configure.ac: Add missing license.

13 years agoconfigure.ac: Add more hardening flags for GCC.
Simon Ruderich [Tue, 15 Nov 2011 14:31:51 +0000 (15:31 +0100)]
configure.ac: Add more hardening flags for GCC.

Also move -pie to LDFLAGS, it's a linker flag.

13 years agosrc/verify.c: Better handle a missing proxy certificate.
Simon Ruderich [Sat, 17 Sep 2011 20:42:56 +0000 (22:42 +0200)]
src/verify.c: Better handle a missing proxy certificate.

If the server certificate exists but the proxy certificate is missing no
TLS connection to the client was established at all (only an unencrypted
connection). Now use the "invalid" certificate to send the message to
the client as it should be.

13 years agotests/tests-*.sh: Remove unnecessary calls to tlsproxy-add.
Simon Ruderich [Sat, 17 Sep 2011 20:30:50 +0000 (22:30 +0200)]
tests/tests-*.sh: Remove unnecessary calls to tlsproxy-add.

13 years agotests/tests.sh: If the first test fails abort.
Simon Ruderich [Sat, 17 Sep 2011 20:07:20 +0000 (22:07 +0200)]
tests/tests.sh: If the first test fails abort.

A failure in the first test was ignored until now!

13 years agosrc/connection.c: Minor cleanup.
Simon Ruderich [Sat, 17 Sep 2011 19:42:52 +0000 (21:42 +0200)]
src/connection.c: Minor cleanup.

13 years agoRename server_certificate_path() to server_certificate_file().
Simon Ruderich [Sat, 17 Sep 2011 19:33:52 +0000 (21:33 +0200)]
Rename server_certificate_path() to server_certificate_file().

13 years agosrc/connection.c: Correctly log suggested buffer size.
Simon Ruderich [Sat, 17 Sep 2011 19:30:17 +0000 (21:30 +0200)]
src/connection.c: Correctly log suggested buffer size.

13 years agosrc/verify.c: Remove duplicated code.
Simon Ruderich [Sat, 17 Sep 2011 19:26:21 +0000 (21:26 +0200)]
src/verify.c: Remove duplicated code.

Moved to new helper function get_certificate_path().

13 years agosrc/connection.c: Move code to get proxy certificate path to verify.c.
Simon Ruderich [Sat, 17 Sep 2011 18:59:01 +0000 (20:59 +0200)]
src/connection.c: Move code to get proxy certificate path to verify.c.

Moved to new function proxy_certificate_path() in verify.c.

13 years agosrc/connection.c: Reduce calls to gnutls_record_get_max_size().
Simon Ruderich [Thu, 8 Sep 2011 13:55:58 +0000 (15:55 +0200)]
src/connection.c: Reduce calls to gnutls_record_get_max_size().

Calling it once per connection is sufficient.

13 years agosrc/*.c: Minor documentation updates.
Simon Ruderich [Tue, 6 Sep 2011 14:31:11 +0000 (16:31 +0200)]
src/*.c: Minor documentation updates.

13 years agoREADME: Minor documentation updates.
Simon Ruderich [Tue, 6 Sep 2011 14:30:01 +0000 (16:30 +0200)]
README: Minor documentation updates.

13 years agosrc/log.c: Fix build without DEBUG.
Simon Ruderich [Tue, 6 Sep 2011 14:20:09 +0000 (16:20 +0200)]
src/log.c: Fix build without DEBUG.

Broken in 64bfebde76d568808b6fa8a8d09b4b5afe13dc15.

13 years agoCheck return value of snprintf().
Simon Ruderich [Tue, 6 Sep 2011 14:13:12 +0000 (16:13 +0200)]
Check return value of snprintf().

13 years agoconfigure.ac: Compile with additional security features if GCC is used.
Simon Ruderich [Fri, 19 Aug 2011 00:14:00 +0000 (02:14 +0200)]
configure.ac: Compile with additional security features if GCC is used.

See http://wiki.debian.org/Hardening for more information.

13 years agoImplement cleaner logging approach.
Simon Ruderich [Thu, 18 Aug 2011 23:53:52 +0000 (01:53 +0200)]
Implement cleaner logging approach.

13 years agoRelease 0.2. 0.2
Simon Ruderich [Wed, 23 Mar 2011 22:42:28 +0000 (23:42 +0100)]
Release 0.2.

13 years agosrc/verify.c: Print server certificate in case of an error.
Simon Ruderich [Wed, 23 Mar 2011 22:34:52 +0000 (23:34 +0100)]
src/verify.c: Print server certificate in case of an error.

13 years agoREADME: Fix typo.
Simon Ruderich [Wed, 23 Mar 2011 22:34:13 +0000 (23:34 +0100)]
README: Fix typo.

13 years agosrc/connection.c: Remove unnecessary check.
Simon Ruderich [Tue, 22 Mar 2011 16:09:32 +0000 (17:09 +0100)]
src/connection.c: Remove unnecessary check.

13 years agosrc/tlsproxy.c: Initialize done with 0 for clarity.
Simon Ruderich [Tue, 22 Mar 2011 16:09:15 +0000 (17:09 +0100)]
src/tlsproxy.c: Initialize done with 0 for clarity.

13 years agoMinor whitespace fixes.
Simon Ruderich [Tue, 22 Mar 2011 16:08:02 +0000 (17:08 +0100)]
Minor whitespace fixes.

13 years agoMinor source comment fixes.
Simon Ruderich [Tue, 22 Mar 2011 16:07:44 +0000 (17:07 +0100)]
Minor source comment fixes.

13 years agoREADME: Add KNOWN ISSUES with a minor Firefox problem.
Simon Ruderich [Wed, 16 Mar 2011 21:29:10 +0000 (22:29 +0100)]
README: Add KNOWN ISSUES with a minor Firefox problem.

13 years agosrc/tlsproxy.h: Prepend global_ to tls_priority_cache and tls_dh_params.
Simon Ruderich [Wed, 16 Mar 2011 21:26:37 +0000 (22:26 +0100)]
src/tlsproxy.h: Prepend global_ to tls_priority_cache and tls_dh_params.

13 years agosrc/connection.c: Send HTML in error messages.
Simon Ruderich [Wed, 16 Mar 2011 16:58:42 +0000 (17:58 +0100)]
src/connection.c: Send HTML in error messages.

13 years agoREADME: Improve -u description.
Simon Ruderich [Wed, 16 Mar 2011 13:25:45 +0000 (14:25 +0100)]
README: Improve -u description.

13 years agoREADME: Add information about -u option.
Simon Ruderich [Tue, 15 Mar 2011 21:31:50 +0000 (22:31 +0100)]
README: Add information about -u option.

13 years agotests/test-*.sh: Minor comment update.
Simon Ruderich [Tue, 15 Mar 2011 21:01:28 +0000 (22:01 +0100)]
tests/test-*.sh: Minor comment update.

13 years agoAdd -u option to pass through unknown hostnames.
Simon Ruderich [Tue, 15 Mar 2011 20:52:43 +0000 (21:52 +0100)]
Add -u option to pass through unknown hostnames.

Also add tests.

If -d 2 is used then use SO_REUSEADDR, necessary for the test suite as
we have to restart the proxy and otherwise we have to wait for the
timeout.

13 years agotests/client.c: Exit with EXIT_FAILURE if hostname doesn't match.
Simon Ruderich [Tue, 15 Mar 2011 20:35:21 +0000 (21:35 +0100)]
tests/client.c: Exit with EXIT_FAILURE if hostname doesn't match.

13 years agotests: Correctly handle cleanup of (temporary) files.
Simon Ruderich [Tue, 15 Mar 2011 20:34:33 +0000 (21:34 +0100)]
tests: Correctly handle cleanup of (temporary) files.

13 years agotests: Separate common test data, move tests in tests-normal.sh.
Simon Ruderich [Tue, 15 Mar 2011 20:27:49 +0000 (21:27 +0100)]
tests: Separate common test data, move tests in tests-normal.sh.

13 years agoREADME: Clarify use of `proxy-invalid.pem`.
Simon Ruderich [Tue, 15 Mar 2011 18:05:26 +0000 (19:05 +0100)]
README: Clarify use of `proxy-invalid.pem`.

No client data is sent to the server in case of an error.

13 years agosrc/tlsproxy.c: Add missing htonl() for INADDR_ANY.
Simon Ruderich [Tue, 15 Mar 2011 16:12:11 +0000 (17:12 +0100)]
src/tlsproxy.c: Add missing htonl() for INADDR_ANY.

Not really necessary as INADDR_ANY is normally 0.