X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=project.h;h=e8bb6788fda36d221e32782bfd2417dda03686bd;hp=7918780f2e389a7e8a48c4de5de3437a3d4d4646;hb=d128e6aa419ebf45411003e0e0276038e67d0b33;hpb=01f1bf28d61df7ae3ef376ca6ae4432d68cddd24

diff --git a/project.h b/project.h
index 7918780f..e8bb6788 100644
--- a/project.h
+++ b/project.h
@@ -8,7 +8,7 @@
  *                project.  Does not define any variables or functions
  *                (though it does declare some macros).
  *
- * Copyright   :  Written by and Copyright (C) 2001-2014 the
+ * Copyright   :  Written by and Copyright (C) 2001-2021 the
  *                Privoxy team. https://www.privoxy.org/
  *
  *                Based on the Internet Junkbuster originally written
@@ -49,21 +49,10 @@
 * Macros for SSL structures
 */
 #define CERT_INFO_BUF_SIZE         4096
-#define CERT_FILE_BUF_SIZE         16384
 #define ISSUER_NAME_BUF_SIZE       2048
 #define HASH_OF_HOST_BUF_SIZE      16
 #endif /* FEATURE_HTTPS_INSPECTION */
 
-#ifdef FEATURE_PTHREAD
-#  include <pthread.h>
-   typedef pthread_mutex_t privoxy_mutex_t;
-#else
-#  ifdef _WIN32
-#     include <windows.h>
-#  endif
-   typedef CRITICAL_SECTION privoxy_mutex_t;
-#endif
-
 #ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/entropy.h"
@@ -311,6 +300,7 @@ typedef struct {
    mbedtls_x509_crt         server_cert;
    mbedtls_x509_crt         ca_cert;
    mbedtls_pk_context       prim_key;
+   int                     *ciphersuites_list;
 
    #if defined(MBEDTLS_SSL_CACHE_C)
       mbedtls_ssl_cache_context cache;
@@ -323,7 +313,7 @@ typedef struct {
  * Struct of attributes necessary for TLS/SSL connection
  */
 typedef struct {
-   SSL_CTX* ctx;
+   SSL_CTX *ctx;
    BIO *bio;
 } openssl_connection_attr;
 #endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */
@@ -344,11 +334,10 @@ struct http_request
    char *version;  /**< Protocol version */
    int status;     /**< HTTP Status */
 
-   char *host;     /**< Host part of URL */
    int   port;     /**< Port of URL or 80 (default) */
+   char *host;     /**< Host part of URL */
    char *path;     /**< Path of URL */
    char *hostport; /**< host[:port] */
-   int   ssl;      /**< Flag if protocol is https */
 
    char *host_ip_addr_str; /**< String with dotted decimal representation
                                 of host's IP. NULL before connect_to() */
@@ -363,6 +352,7 @@ struct http_request
    unsigned char hash_of_host_hex[(HASH_OF_HOST_BUF_SIZE * 2) + 1]; /**< chars for hash in hex string and one for '\0'       */
    unsigned char hash_of_host[HASH_OF_HOST_BUF_SIZE+1];             /**< chars for bytes of hash and one for '\0'            */
 #endif
+   short int   ssl;      /**< Flag if protocol is https */
 };
 
 
@@ -372,7 +362,7 @@ struct http_request
  */
 typedef struct certs_chain {
    char info_buf[CERT_INFO_BUF_SIZE];    /* text info about properties of certificate               */
-   char file_buf[CERT_FILE_BUF_SIZE];    /* buffer for whole certificate - format to save in file   */
+   char *file_buf;                       /* buffer for whole certificate - format to save in file   */
    struct certs_chain *next;             /* next certificate in chain of trust                      */
 } certs_chain_t;
 #endif
@@ -420,9 +410,9 @@ struct url_spec
    regex_t *host_regex;/**< Regex for host matching                          */
    enum host_regex_type { VANILLA_HOST_PATTERN, PCRE_HOST_PATTERN } host_regex_type;
 #endif /* defined FEATURE_PCRE_HOST_PATTERNS */
+   int    dcount;      /**< How many parts to this domain? (length of dvec)   */
    char  *dbuffer;     /**< Buffer with '\0'-delimited domain name, or NULL to match all hosts. */
    char **dvec;        /**< List of pointers to the strings in dbuffer.       */
-   int    dcount;      /**< How many parts to this domain? (length of dvec)   */
    int    unanchored;  /**< Bitmap - flags are ANCHOR_LEFT and ANCHOR_RIGHT.  */
 
    char  *port_list;   /**< List of acceptable ports, or NULL to match all ports */
@@ -648,8 +638,14 @@ struct iob
 #define ACTION_MULTI_SERVER_HEADER_TAGGER    5
 /** Number of multi-string actions. */
 #define ACTION_MULTI_EXTERNAL_FILTER         6
+/** Index into current_action_spec::multi[] for tags to suppress. */
+#define ACTION_MULTI_SUPPRESS_TAG            7
+/** Index into current_action_spec::multi[] for client body filters to apply. */
+#define ACTION_MULTI_CLIENT_BODY_FILTER      8
+/** Index into current_action_spec::multi[] for client body taggers to apply. */
+#define ACTION_MULTI_CLIENT_BODY_TAGGER      9
 /** Number of multi-string actions. */
-#define ACTION_MULTI_COUNT                   7
+#define ACTION_MULTI_COUNT                  10
 
 
 /**
@@ -769,13 +765,14 @@ struct reusable_connection
    char *host;
    int  port;
    enum forwarder_type forwarder_type;
-   char *gateway_host;
+   char *forward_host;
+   int  forward_port;
+
    int  gateway_port;
+   char *gateway_host;
    char *auth_username;
    char *auth_password;
 
-   char *forward_host;
-   int  forward_port;
 };
 
 
@@ -1009,6 +1006,9 @@ struct client_state
    /** Multi-purpose flag container, see CSP_FLAG_* above */
    unsigned int flags;
 
+   /** MIME-Type key, see CT_* above */
+   unsigned int content_type;
+
    /** Client PC's IP address, as reported by the accept() function.
        As a string. */
    char *ip_addr_str;
@@ -1074,9 +1074,6 @@ struct client_state
    char *client_address;
 #endif
 
-   /** MIME-Type key, see CT_* above */
-   unsigned int content_type;
-
    /** Actions files associated with this client */
    struct file_list *actions_list[MAX_AF_FILES];
 
@@ -1139,8 +1136,8 @@ struct client_state
     * Thanks to this flags, we can call function to close both connections
     * and we don't have to care about more details.
     */
-   int ssl_with_server_is_opened;
-   int ssl_with_client_is_opened;
+   short int ssl_with_server_is_opened;
+   short int ssl_with_client_is_opened;
 
    /*
     * Server certificate chain of trust including strings with certificates
@@ -1268,12 +1265,12 @@ struct forward_spec
    /** Connection type.  Must be SOCKS_NONE, SOCKS_4, SOCKS_4A or SOCKS_5. */
    enum forwarder_type type;
 
-   /** SOCKS server hostname.  Only valid if "type" is SOCKS_4 or SOCKS_4A. */
-   char *gateway_host;
-
    /** SOCKS server port. */
    int   gateway_port;
 
+   /** SOCKS server hostname.  Only valid if "type" is SOCKS_4 or SOCKS_4A. */
+   char *gateway_host;
+
    /** SOCKS5 username. */
    char *auth_username;
 
@@ -1299,16 +1296,20 @@ enum filter_type
    FT_SERVER_HEADER_FILTER = 2,
    FT_CLIENT_HEADER_TAGGER = 3,
    FT_SERVER_HEADER_TAGGER = 4,
+   FT_SUPPRESS_TAG = 5,
+   FT_CLIENT_BODY_FILTER = 6,
+   FT_CLIENT_BODY_TAGGER = 7,
+   FT_ADD_HEADER = 8,
 #ifdef FEATURE_EXTERNAL_FILTERS
-   FT_EXTERNAL_CONTENT_FILTER = 5,
+   FT_EXTERNAL_CONTENT_FILTER = 9,
 #endif
    FT_INVALID_FILTER       = 42,
 };
 
 #ifdef FEATURE_EXTERNAL_FILTERS
-#define MAX_FILTER_TYPES        6
+#define MAX_FILTER_TYPES        9
 #else
-#define MAX_FILTER_TYPES        5
+#define MAX_FILTER_TYPES        8
 #endif
 
 /**
@@ -1360,7 +1361,7 @@ struct access_control_list
    struct access_control_addr src[1];  /**< Client IP address */
    struct access_control_addr dst[1];  /**< Website or parent proxy IP address */
 #ifdef HAVE_RFC2553
-   int wildcard_dst;                   /** < dst address is wildcard */
+   short wildcard_dst;                 /** < dst address is wildcard */
 #endif
 
    short action;                       /**< ACL_PERMIT or ACL_DENY */
@@ -1438,6 +1439,9 @@ struct configuration_spec
    /** Bitmask of features that can be controlled through the config file. */
    unsigned feature_flags;
 
+   /** Nonzero if we need to bind() to the new port. */
+   int need_bind;
+
    /** The log file name. */
    const char *logfile;
 
@@ -1569,27 +1573,27 @@ struct configuration_spec
    /** List of loaders */
    int (*loaders[NLOADERS])(struct client_state *);
 
-   /** Nonzero if we need to bind() to the new port. */
-   int need_bind;
-
 #ifdef FEATURE_HTTPS_INSPECTION
    /** Password for proxy ca file **/
-   char * ca_password;
+   char *ca_password;
 
    /** Directory with files of ca **/
    char *ca_directory;
 
    /** Filename of ca certificate **/
-   char * ca_cert_file;
+   char *ca_cert_file;
 
    /** Filename of ca key **/
-   char * ca_key_file;
+   char *ca_key_file;
 
    /** Directory for saving certificates and keys for each webpage **/
    char *certificate_directory;
 
+   /** Cipher list to use **/
+   char *cipher_list;
+
    /** Filename of trusted CAs certificates **/
-   char * trusted_cas_file;
+   char *trusted_cas_file;
 #endif
 };
 
@@ -1641,8 +1645,13 @@ struct configuration_spec
  * The prefix for CGI pages.  Written out in generated HTML.
  * INCLUDES the trailing slash.
  */
+#ifdef FEATURE_HTTPS_INSPECTION
+#define CGI_PREFIX  "//" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
+#define CGI_PREFIX_HTTPS "https:" CGI_PREFIX
+#else
 #define CGI_PREFIX  "http://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
-#define CGI_PREFIX_HTTPS "https://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
+#endif
+#define CGI_PREFIX_HTTP  "http://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
 
 #endif /* ndef PROJECT_H_INCLUDED */