Rename +enable-https-filtering to +https-inspection

... which is more precise.

Sponsored by: Robert Klemme

diff --git a/actionlist.h b/actionlist.h
index b21a1ef..5f94ea4 100644 (file)
--- a/actionlist.h
+++ b/actionlist.h
@@ -73,9 +73,6 @@ DEFINE_ACTION_STRING     ("delay-response",             ACTION_DELAY_RESPONSE,
 DEFINE_CGI_PARAM_NO_RADIO("delay-response",             ACTION_DELAY_RESPONSE,  ACTION_STRING_DELAY_RESPONSE, "100")
 DEFINE_CGI_PARAM_RADIO   ("deanimate-gifs",             ACTION_DEANIMATE,       ACTION_STRING_DEANIMATE,     "last",  1)
 DEFINE_ACTION_BOOL       ("downgrade-http-version",     ACTION_DOWNGRADE)
 DEFINE_CGI_PARAM_NO_RADIO("delay-response",             ACTION_DELAY_RESPONSE,  ACTION_STRING_DELAY_RESPONSE, "100")
 DEFINE_CGI_PARAM_RADIO   ("deanimate-gifs",             ACTION_DEANIMATE,       ACTION_STRING_DEANIMATE,     "last",  1)
 DEFINE_ACTION_BOOL       ("downgrade-http-version",     ACTION_DOWNGRADE)

-#ifdef FEATURE_HTTPS_INSPECTION
-DEFINE_ACTION_BOOL       ("enable-https-filtering",     ACTION_ENABLE_HTTPS_FILTER)
-#endif

 #ifdef FEATURE_EXTERNAL_FILTERS
 DEFINE_ACTION_MULTI      ("external-filter",            ACTION_MULTI_EXTERNAL_FILTER)
 #endif
 #ifdef FEATURE_EXTERNAL_FILTERS
 DEFINE_ACTION_MULTI      ("external-filter",            ACTION_MULTI_EXTERNAL_FILTER)
 #endif


@@ -111,6 +108,7 @@ DEFINE_CGI_PARAM_CUSTOM  ("hide-referrer",              ACTION_HIDE_REFERER,
 DEFINE_ACTION_STRING     ("hide-user-agent",            ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT)
 DEFINE_CGI_PARAM_NO_RADIO("hide-user-agent",            ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT,    "Privoxy " VERSION)
 #ifdef FEATURE_HTTPS_INSPECTION
 DEFINE_ACTION_STRING     ("hide-user-agent",            ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT)
 DEFINE_CGI_PARAM_NO_RADIO("hide-user-agent",            ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT,    "Privoxy " VERSION)
 #ifdef FEATURE_HTTPS_INSPECTION

+DEFINE_ACTION_BOOL       ("https-inspection",           ACTION_HTTPS_INSPECTION)

 DEFINE_ACTION_BOOL       ("ignore-certificate-errors",  ACTION_IGNORE_CERTIFICATE_ERRORS)
 #endif
 DEFINE_ACTION_STRING     ("limit-connect",              ACTION_LIMIT_CONNECT,   ACTION_STRING_LIMIT_CONNECT)
 DEFINE_ACTION_BOOL       ("ignore-certificate-errors",  ACTION_IGNORE_CERTIFICATE_ERRORS)
 #endif
 DEFINE_ACTION_STRING     ("limit-connect",              ACTION_LIMIT_CONNECT,   ACTION_STRING_LIMIT_CONNECT)

diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index 2c3a9cf..e2b205b 100644 (file)
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -4008,8 +4008,8 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
    </para>
    <para>
     The file is used by &my-app; to generate website certificates
    </para>
    <para>
     The file is used by &my-app; to generate website certificates

-    when https filtering is enabled with the
-    <literal><ulink url="actions-file.html#ENABLE-HTTPS-FILTERING">enable-https-filtering</ulink></literal>
+    when https inspection is enabled with the
+    <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>

     action.
    </para>
    <para>
     action.
    </para>
    <para>


@@ -4195,9 +4195,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
   <listitem>
    <para>
     This directive specifies the directory where generated
   <listitem>
    <para>
     This directive specifies the directory where generated

-    TLS/SSL keys and certificates are saved when https filtering
+    TLS/SSL keys and certificates are saved when https inspection

     is enabled with the
     is enabled with the

-    <literal><ulink url="actions-file.html#ENABLE-HTTPS-FILTERING">enable-https-filtering</ulink></literal>
+    <literal><ulink url="actions-file.html#HTTPS-INSPECTION">https-inspection</ulink></literal>

     action.
    </para>
    <para>
     action.
    </para>
    <para>

diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index a2a02b8..dc9c3d8 100644 (file)
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -3802,77 +3802,6 @@ problem-host.example.com</screen>
 </sect3>
 
 
 </sect3>
 
 

-<!--   ~~~~~       New section      ~~~~~     -->
-<sect3 renderas="sect4" id="enable-https-filtering">
-<title>enable-https-filtering</title>
-
-<variablelist>
- <varlistentry>
-  <term>Typical use:</term>
-  <listitem>
-   <para>Filter encrypted requests and responses</para>
-  </listitem>
- </varlistentry>
-
- <varlistentry>
-  <term>Effect:</term>
-  <listitem>
-   <para>
-    Encrypted requests are decrypted, filtered and forwarded encrypted.
-   </para>
-  </listitem>
- </varlistentry>
-
- <varlistentry>
-  <term>Type:</term>
-  <!-- boolean, parameterized, Multi-value -->
-  <listitem>
-   <para>Boolean.</para>
-  </listitem>
- </varlistentry>
-
- <varlistentry>
-  <term>Parameter:</term>
-  <listitem>
-   <para>
-    N/A
-   </para>
-  </listitem>
- </varlistentry>
-
-<varlistentry>
-  <term>Notes:</term>
-  <listitem>
-   <para>
-    This action allows &my-app; to filter encrypted requests and responses.
-    For this to work &my-app; has to generate a certificate and send it
-    to the client which has to accept it.
-   </para>
-   <para>
-    Before this works the directives in the
-    <literal><ulink url="config.html#TLS">TLS section</ulink></literal>
-    of the config file have to be configured.
-   </para>
-   <para>
-    Note that the action has to be enabled based on the CONNECT
-    request which doesn't contain a path. Enabling it based on
-    a pattern with path doesn't work as the path is only seen
-    by &my-app; if the action is already enabled.
-   </para>
-  </listitem>
- </varlistentry>
-
- <varlistentry>
-  <term>Example usage (section):</term>
-  <listitem>
-     <screen>{+enable-https-filtering}
-www.example.com</screen>
-  </listitem>
- </varlistentry>
-
-</variablelist>
-</sect3>
-

 <!--   ~~~~~       New section      ~~~~~     -->
 <sect3 renderas="sect4" id="external-filter">
 <title>external-filter</title>
 <!--   ~~~~~       New section      ~~~~~     -->
 <sect3 renderas="sect4" id="external-filter">
 <title>external-filter</title>


@@ -5218,6 +5147,78 @@ new action
 </sect3>
 
 
 </sect3>
 
 

+<!--   ~~~~~       New section      ~~~~~     -->
+<sect3 renderas="sect4" id="https-inspection">
+<title>https-inspection</title>
+
+<variablelist>
+ <varlistentry>
+  <term>Typical use:</term>
+  <listitem>
+   <para>Filter encrypted requests and responses</para>
+  </listitem>
+ </varlistentry>
+
+ <varlistentry>
+  <term>Effect:</term>
+  <listitem>
+   <para>
+    Encrypted requests are decrypted, filtered and forwarded encrypted.
+   </para>
+  </listitem>
+ </varlistentry>
+
+ <varlistentry>
+  <term>Type:</term>
+  <!-- boolean, parameterized, Multi-value -->
+  <listitem>
+   <para>Boolean.</para>
+  </listitem>
+ </varlistentry>
+
+ <varlistentry>
+  <term>Parameter:</term>
+  <listitem>
+   <para>
+    N/A
+   </para>
+  </listitem>
+ </varlistentry>
+
+<varlistentry>
+  <term>Notes:</term>
+  <listitem>
+   <para>
+    This action allows &my-app; to filter encrypted requests and responses.
+    For this to work &my-app; has to generate a certificate and send it
+    to the client which has to accept it.
+   </para>
+   <para>
+    Before this works the directives in the
+    <literal><ulink url="config.html#TLS">TLS section</ulink></literal>
+    of the config file have to be configured.
+   </para>
+   <para>
+    Note that the action has to be enabled based on the CONNECT
+    request which doesn't contain a path. Enabling it based on
+    a pattern with path doesn't work as the path is only seen
+    by &my-app; if the action is already enabled.
+   </para>
+  </listitem>
+ </varlistentry>
+
+ <varlistentry>
+  <term>Example usage (section):</term>
+  <listitem>
+     <screen>{+https-inspection}
+www.example.com</screen>
+  </listitem>
+ </varlistentry>
+
+</variablelist>
+</sect3>
+
+

 <!--   ~~~~~       New section      ~~~~~     -->
 <sect3 renderas="sect4" id="ignore-certificate-errors">
 <title>ignore-certificate-errors</title>
 <!--   ~~~~~       New section      ~~~~~     -->
 <sect3 renderas="sect4" id="ignore-certificate-errors">
 <title>ignore-certificate-errors</title>


@@ -5261,7 +5262,7 @@ new action
   <listitem>
    <para>
     When the
   <listitem>
    <para>
     When the

-    <link linkend="ENABLE-HTTPS-FILTERING"><quote>+enable-https-filtering</quote></link>
+    <link linkend="HTTPS-INSPECTION"><quote>+https-inspection</quote></link>

     action is used &my-app; by default verifies that the remote site uses a valid
     certificate.
    </para>
     action is used &my-app; by default verifies that the remote site uses a valid
     certificate.
    </para>

diff --git a/jcc.c b/jcc.c
index fc8db3d..a5174b3 100644 (file)
--- a/jcc.c
+++ b/jcc.c
@@ -2403,7 +2403,7 @@ static void handle_established_connection(struct client_state *csp)
    csp->ssl_with_server_is_opened = 0;
    csp->ssl_with_client_is_opened = 0;
 
    csp->ssl_with_server_is_opened = 0;
    csp->ssl_with_client_is_opened = 0;
 

-   if (csp->http->ssl && !(csp->action->flags & ACTION_ENABLE_HTTPS_FILTER))
+   if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION))

    {
       /* Pass encrypted content without filtering. */
       use_ssl_tunnel = 1;
    {
       /* Pass encrypted content without filtering. */
       use_ssl_tunnel = 1;


@@ -3573,7 +3573,7 @@ static void chat(struct client_state *csp)
     * Setting flags to use old solution with SSL tunnel and to disable
     * certificates verification.
     */
     * Setting flags to use old solution with SSL tunnel and to disable
     * certificates verification.
     */

-   if (csp->http->ssl && !(csp->action->flags & ACTION_ENABLE_HTTPS_FILTER))
+   if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION))

    {
       use_ssl_tunnel = 1;
    }
    {
       use_ssl_tunnel = 1;
    }

diff --git a/project.h b/project.h
index c0f69a8..1720e76 100644 (file)
--- a/project.h
+++ b/project.h
@@ -572,8 +572,8 @@ struct iob
 #define ACTION_LIMIT_COOKIE_LIFETIME                 0x08000000UL
 /** Action bitmap: Delay writes */
 #define ACTION_DELAY_RESPONSE                        0x10000000UL
 #define ACTION_LIMIT_COOKIE_LIFETIME                 0x08000000UL
 /** Action bitmap: Delay writes */
 #define ACTION_DELAY_RESPONSE                        0x10000000UL

-/** Action bitmap: Turn https filtering on */
-#define ACTION_ENABLE_HTTPS_FILTER                   0x20000000UL
+/** Action bitmap: Turn https inspection on */
+#define ACTION_HTTPS_INSPECTION                      0x20000000UL

 /** Action bitmap: Turn certificates verification off */
 #define ACTION_IGNORE_CERTIFICATE_ERRORS             0x40000000UL
 
 /** Action bitmap: Turn certificates verification off */
 #define ACTION_IGNORE_CERTIFICATE_ERRORS             0x40000000UL