From: Fabian Keil <fk@fabiankeil.de> Date: Tue, 25 Feb 2020 21:07:41 +0000 (+0100) Subject: Rename +enable-https-filtering to +https-inspection X-Git-Tag: v_3_0_29~478 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/@default-cgi@edit-actions-add-url-form?a=commitdiff_plain;h=662c02e3ab1cab69b67f869aba490c147fc7741e;p=privoxy.git Rename +enable-https-filtering to +https-inspection ... which is more precise. Sponsored by: Robert Klemme --- diff --git a/actionlist.h b/actionlist.h index b21a1ef4..5f94ea4f 100644 --- a/actionlist.h +++ b/actionlist.h @@ -73,9 +73,6 @@ DEFINE_ACTION_STRING ("delay-response", ACTION_DELAY_RESPONSE, DEFINE_CGI_PARAM_NO_RADIO("delay-response", ACTION_DELAY_RESPONSE, ACTION_STRING_DELAY_RESPONSE, "100") DEFINE_CGI_PARAM_RADIO ("deanimate-gifs", ACTION_DEANIMATE, ACTION_STRING_DEANIMATE, "last", 1) DEFINE_ACTION_BOOL ("downgrade-http-version", ACTION_DOWNGRADE) -#ifdef FEATURE_HTTPS_INSPECTION -DEFINE_ACTION_BOOL ("enable-https-filtering", ACTION_ENABLE_HTTPS_FILTER) -#endif #ifdef FEATURE_EXTERNAL_FILTERS DEFINE_ACTION_MULTI ("external-filter", ACTION_MULTI_EXTERNAL_FILTER) #endif @@ -111,6 +108,7 @@ DEFINE_CGI_PARAM_CUSTOM ("hide-referrer", ACTION_HIDE_REFERER, DEFINE_ACTION_STRING ("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT) DEFINE_CGI_PARAM_NO_RADIO("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT, "Privoxy " VERSION) #ifdef FEATURE_HTTPS_INSPECTION +DEFINE_ACTION_BOOL ("https-inspection", ACTION_HTTPS_INSPECTION) DEFINE_ACTION_BOOL ("ignore-certificate-errors", ACTION_IGNORE_CERTIFICATE_ERRORS) #endif DEFINE_ACTION_STRING ("limit-connect", ACTION_LIMIT_CONNECT, ACTION_STRING_LIMIT_CONNECT) diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml index 2c3a9cf4..e2b205bc 100644 --- a/doc/source/p-config.sgml +++ b/doc/source/p-config.sgml @@ -4008,8 +4008,8 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title> </para> <para> The file is used by &my-app; to generate website certificates - when https filtering is enabled with the - <literal><ulink url="actions-file.html#ENABLE-HTTPS-FILTERING">enable-https-filtering</ulink></literal> + when https inspection is enabled with the + <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal> action. </para> <para> @@ -4195,9 +4195,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title> <listitem> <para> This directive specifies the directory where generated - TLS/SSL keys and certificates are saved when https filtering + TLS/SSL keys and certificates are saved when https inspection is enabled with the - <literal><ulink url="actions-file.html#ENABLE-HTTPS-FILTERING">enable-https-filtering</ulink></literal> + <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal> action. </para> <para> diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml index a2a02b81..dc9c3d8e 100644 --- a/doc/source/user-manual.sgml +++ b/doc/source/user-manual.sgml @@ -3802,77 +3802,6 @@ problem-host.example.com</screen> </sect3> -<!-- ~~~~~ New section ~~~~~ --> -<sect3 renderas="sect4" id="enable-https-filtering"> -<title>enable-https-filtering</title> - -<variablelist> - <varlistentry> - <term>Typical use:</term> - <listitem> - <para>Filter encrypted requests and responses</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Effect:</term> - <listitem> - <para> - Encrypted requests are decrypted, filtered and forwarded encrypted. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Type:</term> - <!-- boolean, parameterized, Multi-value --> - <listitem> - <para>Boolean.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Parameter:</term> - <listitem> - <para> - N/A - </para> - </listitem> - </varlistentry> - -<varlistentry> - <term>Notes:</term> - <listitem> - <para> - This action allows &my-app; to filter encrypted requests and responses. - For this to work &my-app; has to generate a certificate and send it - to the client which has to accept it. - </para> - <para> - Before this works the directives in the - <literal><ulink url="config.html#TLS">TLS section</ulink></literal> - of the config file have to be configured. - </para> - <para> - Note that the action has to be enabled based on the CONNECT - request which doesn't contain a path. Enabling it based on - a pattern with path doesn't work as the path is only seen - by &my-app; if the action is already enabled. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Example usage (section):</term> - <listitem> - <screen>{+enable-https-filtering} -www.example.com</screen> - </listitem> - </varlistentry> - -</variablelist> -</sect3> - <!-- ~~~~~ New section ~~~~~ --> <sect3 renderas="sect4" id="external-filter"> <title>external-filter</title> @@ -5218,6 +5147,78 @@ new action </sect3> +<!-- ~~~~~ New section ~~~~~ --> +<sect3 renderas="sect4" id="https-inspection"> +<title>https-inspection</title> + +<variablelist> + <varlistentry> + <term>Typical use:</term> + <listitem> + <para>Filter encrypted requests and responses</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Effect:</term> + <listitem> + <para> + Encrypted requests are decrypted, filtered and forwarded encrypted. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Type:</term> + <!-- boolean, parameterized, Multi-value --> + <listitem> + <para>Boolean.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Parameter:</term> + <listitem> + <para> + N/A + </para> + </listitem> + </varlistentry> + +<varlistentry> + <term>Notes:</term> + <listitem> + <para> + This action allows &my-app; to filter encrypted requests and responses. + For this to work &my-app; has to generate a certificate and send it + to the client which has to accept it. + </para> + <para> + Before this works the directives in the + <literal><ulink url="config.html#TLS">TLS section</ulink></literal> + of the config file have to be configured. + </para> + <para> + Note that the action has to be enabled based on the CONNECT + request which doesn't contain a path. Enabling it based on + a pattern with path doesn't work as the path is only seen + by &my-app; if the action is already enabled. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Example usage (section):</term> + <listitem> + <screen>{+https-inspection} +www.example.com</screen> + </listitem> + </varlistentry> + +</variablelist> +</sect3> + + <!-- ~~~~~ New section ~~~~~ --> <sect3 renderas="sect4" id="ignore-certificate-errors"> <title>ignore-certificate-errors</title> @@ -5261,7 +5262,7 @@ new action <listitem> <para> When the - <link linkend="ENABLE-HTTPS-FILTERING"><quote>+enable-https-filtering</quote></link> + <link linkend="HTTPS-INSPECTION"><quote>+https-inspection</quote></link> action is used &my-app; by default verifies that the remote site uses a valid certificate. </para> diff --git a/jcc.c b/jcc.c index fc8db3d9..a5174b30 100644 --- a/jcc.c +++ b/jcc.c @@ -2403,7 +2403,7 @@ static void handle_established_connection(struct client_state *csp) csp->ssl_with_server_is_opened = 0; csp->ssl_with_client_is_opened = 0; - if (csp->http->ssl && !(csp->action->flags & ACTION_ENABLE_HTTPS_FILTER)) + if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION)) { /* Pass encrypted content without filtering. */ use_ssl_tunnel = 1; @@ -3573,7 +3573,7 @@ static void chat(struct client_state *csp) * Setting flags to use old solution with SSL tunnel and to disable * certificates verification. */ - if (csp->http->ssl && !(csp->action->flags & ACTION_ENABLE_HTTPS_FILTER)) + if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION)) { use_ssl_tunnel = 1; } diff --git a/project.h b/project.h index c0f69a8e..1720e768 100644 --- a/project.h +++ b/project.h @@ -572,8 +572,8 @@ struct iob #define ACTION_LIMIT_COOKIE_LIFETIME 0x08000000UL /** Action bitmap: Delay writes */ #define ACTION_DELAY_RESPONSE 0x10000000UL -/** Action bitmap: Turn https filtering on */ -#define ACTION_ENABLE_HTTPS_FILTER 0x20000000UL +/** Action bitmap: Turn https inspection on */ +#define ACTION_HTTPS_INSPECTION 0x20000000UL /** Action bitmap: Turn certificates verification off */ #define ACTION_IGNORE_CERTIFICATE_ERRORS 0x40000000UL