... which is more precise.
Sponsored by: Robert Klemme
W32_LIB = @WIN_ONLY@-lwsock32 -lcomctl32
W32_INIS = @WIN_ONLY@config.txt trust.txt
W32_LIB = @WIN_ONLY@-lwsock32 -lcomctl32
W32_INIS = @WIN_ONLY@config.txt trust.txt
-SSL_SRC = @FEATURE_HTTPS_FILTERING_ONLY@ssl.c
-SSL_OBJS = @FEATURE_HTTPS_FILTERING_ONLY@$(SSL_SRC:.c=.o)
-SSL_HDRS = @FEATURE_HTTPS_FILTERING_ONLY@$(SSL_SRC:.c=.h) project.h
+SSL_SRC = @FEATURE_HTTPS_INSPECTION_ONLY@ssl.c
+SSL_OBJS = @FEATURE_HTTPS_INSPECTION_ONLY@$(SSL_SRC:.c=.o)
+SSL_HDRS = @FEATURE_HTTPS_INSPECTION_ONLY@$(SSL_SRC:.c=.h) project.h
PCRS_SRC = @STATIC_PCRS_ONLY@pcrs.c
PCRS_OBJS = @STATIC_PCRS_ONLY@$(PCRS_SRC:.c=.@OBJEXT@)
PCRS_SRC = @STATIC_PCRS_ONLY@pcrs.c
PCRS_OBJS = @STATIC_PCRS_ONLY@$(PCRS_SRC:.c=.@OBJEXT@)
DEFINE_CGI_PARAM_NO_RADIO("delay-response", ACTION_DELAY_RESPONSE, ACTION_STRING_DELAY_RESPONSE, "100")
DEFINE_CGI_PARAM_RADIO ("deanimate-gifs", ACTION_DEANIMATE, ACTION_STRING_DEANIMATE, "last", 1)
DEFINE_ACTION_BOOL ("downgrade-http-version", ACTION_DOWNGRADE)
DEFINE_CGI_PARAM_NO_RADIO("delay-response", ACTION_DELAY_RESPONSE, ACTION_STRING_DELAY_RESPONSE, "100")
DEFINE_CGI_PARAM_RADIO ("deanimate-gifs", ACTION_DEANIMATE, ACTION_STRING_DEANIMATE, "last", 1)
DEFINE_ACTION_BOOL ("downgrade-http-version", ACTION_DOWNGRADE)
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
DEFINE_ACTION_BOOL ("enable-https-filtering", ACTION_ENABLE_HTTPS_FILTER)
#endif
#ifdef FEATURE_EXTERNAL_FILTERS
DEFINE_ACTION_BOOL ("enable-https-filtering", ACTION_ENABLE_HTTPS_FILTER)
#endif
#ifdef FEATURE_EXTERNAL_FILTERS
DEFINE_CGI_PARAM_CUSTOM ("hide-referrer", ACTION_HIDE_REFERER, ACTION_STRING_REFERER, "http://www.privoxy.org/")
DEFINE_ACTION_STRING ("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT)
DEFINE_CGI_PARAM_NO_RADIO("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT, "Privoxy " VERSION)
DEFINE_CGI_PARAM_CUSTOM ("hide-referrer", ACTION_HIDE_REFERER, ACTION_STRING_REFERER, "http://www.privoxy.org/")
DEFINE_ACTION_STRING ("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT)
DEFINE_CGI_PARAM_NO_RADIO("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT, "Privoxy " VERSION)
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
DEFINE_ACTION_BOOL ("ignore-certificate-errors", ACTION_IGNORE_CERTIFICATE_ERRORS)
#endif
DEFINE_ACTION_STRING ("limit-connect", ACTION_LIMIT_CONNECT, ACTION_STRING_LIMIT_CONNECT)
DEFINE_ACTION_BOOL ("ignore-certificate-errors", ACTION_IGNORE_CERTIFICATE_ERRORS)
#endif
DEFINE_ACTION_STRING ("limit-connect", ACTION_LIMIT_CONNECT, ACTION_STRING_LIMIT_CONNECT)
- "FEATURE_HTTPS_FILTERING",
-#ifdef FEATURE_HTTPS_FILTERING
+ "FEATURE_HTTPS_INSPECTION",
+#ifdef FEATURE_HTTPS_INSPECTION
AC_SUBST(STATIC_PCRE_ONLY)
AC_SUBST(STATIC_PCRS_ONLY)
AC_SUBST(STATIC_PCRE_ONLY)
AC_SUBST(STATIC_PCRS_ONLY)
-dnl =======================================================
-dnl check for mbedTLS which is required for https filtering
-dnl =======================================================
-FEATURE_HTTPS_FILTERING_ONLY=#
+dnl ========================================================
+dnl check for mbedTLS which is required for https inspection
+dnl ========================================================
+FEATURE_HTTPS_INSPECTION_ONLY=#
OPT_MBEDTLS=no
AC_ARG_WITH(mbedtls,dnl
OPT_MBEDTLS=no
AC_ARG_WITH(mbedtls,dnl
-AC_HELP_STRING([--with-mbedtls],[enable mbedTLS detection for https filtering.])
+AC_HELP_STRING([--with-mbedtls],[enable mbedTLS detection for https inspection.])
AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]),
OPT_MBEDTLS=$withval)
AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]),
OPT_MBEDTLS=$withval)
AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
[
AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
[
- AC_DEFINE(FEATURE_HTTPS_FILTERING, 1, [if mbedTLS is enabled])
- AC_SUBST(FEATURE_HTTPS_FILTERING, [1])
- FEATURE_HTTPS_FILTERING="yes"
+ AC_DEFINE(FEATURE_HTTPS_INSPECTION, 1, [if mbedTLS is enabled])
+ AC_SUBST(FEATURE_HTTPS_INSPECTION, [1])
+ FEATURE_HTTPS_INSPECTION="yes"
], [], -lmbedx509 -lmbedcrypto)
], [], -lmbedx509 -lmbedcrypto)
- if test "x$FEATURE_HTTPS_FILTERING" = "xyes"; then
- AC_MSG_NOTICE([Detected mbedTLS. Enabling https filtering.])
+ if test "x$FEATURE_HTTPS_INSPECTION" = "xyes"; then
+ AC_MSG_NOTICE([Detected mbedTLS. Enabling https inspection.])
LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
- FEATURE_HTTPS_FILTERING_ONLY=
+ FEATURE_HTTPS_INSPECTION_ONLY=
-AC_SUBST(FEATURE_HTTPS_FILTERING_ONLY)
+AC_SUBST(FEATURE_HTTPS_INSPECTION_ONLY)
dnl =================================================================
dnl =================================================================
struct url_actions *b;
int i;
struct url_actions *b;
int i;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
if (!csp->http->client_ssl)
#endif
{
if (!csp->http->client_ssl)
#endif
{
#include "project.h"
#include "list.h"
#include "jcc.h"
#include "project.h"
#include "list.h"
#include "jcc.h"
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
#include "ssl.h"
#endif
#include "filters.h"
#include "ssl.h"
#endif
#include "filters.h"
csp->ip_addr_str, http->ocmd, status_code, rsp->content_length);
/* Write the answer to the client */
csp->ip_addr_str, http->ocmd, status_code, rsp->content_length);
/* Write the answer to the client */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
if (client_use_ssl(csp))
{
if ((ssl_send_data(&(csp->mbedtls_client_attr.ssl),
if (client_use_ssl(csp))
{
if ((ssl_send_data(&(csp->mbedtls_client_attr.ssl),
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*********************************************************************
*
* Function : receive_and_send_encrypted_post_data
/*********************************************************************
*
* Function : receive_and_send_encrypted_post_data
long len = 0; /* for buffer sizes (and negative error codes) */
int buffer_and_filter_content = 0;
unsigned int write_delay;
long len = 0; /* for buffer sizes (and negative error codes) */
int buffer_and_filter_content = 0;
unsigned int write_delay;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
int ret = 0;
int use_ssl_tunnel = 0;
csp->dont_verify_certificate = 0;
int ret = 0;
int use_ssl_tunnel = 0;
csp->dont_verify_certificate = 0;
}
#endif /* FEATURE_CONNECTION_KEEP_ALIVE */
}
#endif /* FEATURE_CONNECTION_KEEP_ALIVE */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Test if some data from client or destination server are pending
* on TLS/SSL. We must work with them preferably. TLS/SSL data can
/*
* Test if some data from client or destination server are pending
* on TLS/SSL. We must work with them preferably. TLS/SSL data can
send_crunch_response(csp, error_response(csp, "connection-timeout"));
}
mark_server_socket_tainted(csp);
send_crunch_response(csp, error_response(csp, "connection-timeout"));
}
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
log_error(LOG_LEVEL_ERROR, "select() failed!: %E");
#endif
mark_server_socket_tainted(csp);
log_error(LOG_LEVEL_ERROR, "select() failed!: %E");
#endif
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
}
}
close_client_and_server_ssl_connections(csp);
#endif
return;
}
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
else
{
/* set FD if some data are pending on TLS/SSL connections */
else
{
/* set FD if some data are pending on TLS/SSL connections */
assert(max_bytes_to_read <= csp->receive_buffer_size);
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
assert(max_bytes_to_read <= csp->receive_buffer_size);
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Reading data from standard or secured connection (HTTP/HTTPS)
*/
/*
* Reading data from standard or secured connection (HTTP/HTTPS)
*/
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
len = read_socket(csp->cfd, csp->receive_buffer, max_bytes_to_read);
{
len = read_socket(csp->cfd, csp->receive_buffer, max_bytes_to_read);
{
log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host);
mark_server_socket_tainted(csp);
{
log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
log_error(LOG_LEVEL_CONNECT,
"The server still wants to talk, but the client hung up on us.");
mark_server_socket_tainted(csp);
log_error(LOG_LEVEL_CONNECT,
"The server still wants to talk, but the client hung up on us.");
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
}
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
}
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Reading data from standard or secured connection (HTTP/HTTPS)
*/
/*
* Reading data from standard or secured connection (HTTP/HTTPS)
*/
log_error(LOG_LEVEL_ERROR, "read from: %s failed: %E", http->host);
if ((http->ssl && (csp->fwd == NULL))
log_error(LOG_LEVEL_ERROR, "read from: %s failed: %E", http->host);
if ((http->ssl && (csp->fwd == NULL))
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
&& use_ssl_tunnel
#endif
)
&& use_ssl_tunnel
#endif
)
log_error(LOG_LEVEL_ERROR, "Already forwarded the original headers. "
"Unable to tell the client about the problem.");
mark_server_socket_tainted(csp);
log_error(LOG_LEVEL_ERROR, "Already forwarded the original headers. "
"Unable to tell the client about the problem.");
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
{
if (server_body || (http->ssl
{
if (server_body || (http->ssl
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
&& use_ssl_tunnel
#endif
))
&& use_ssl_tunnel
#endif
))
log_error(LOG_LEVEL_FATAL, "Out of memory parsing server header");
}
log_error(LOG_LEVEL_FATAL, "Out of memory parsing server header");
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
if (write_socket_delayed(csp->cfd, hdr, strlen(hdr), write_delay)
|| write_socket_delayed(csp->cfd, ((p != NULL) ? p : csp->iob->cur),
{
if (write_socket_delayed(csp->cfd, hdr, strlen(hdr), write_delay)
|| write_socket_delayed(csp->cfd, ((p != NULL) ? p : csp->iob->cur),
freez(hdr);
freez(p);
mark_server_socket_tainted(csp);
freez(hdr);
freez(p);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
* content-filtering.
*/
if (server_body || (http->ssl
* content-filtering.
*/
if (server_body || (http->ssl
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
&& use_ssl_tunnel
#endif
))
&& use_ssl_tunnel
#endif
))
rsp = cgi_error_memory();
send_crunch_response(csp, rsp);
mark_server_socket_tainted(csp);
rsp = cgi_error_memory();
send_crunch_response(csp, rsp);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
}
hdrlen = strlen(hdr);
close_client_and_server_ssl_connections(csp);
#endif
return;
}
hdrlen = strlen(hdr);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
if (write_socket_delayed(csp->cfd, hdr, hdrlen, write_delay)
|| ((flushed = flush_iob(csp->cfd, csp->iob, write_delay)) < 0)
{
if (write_socket_delayed(csp->cfd, hdr, hdrlen, write_delay)
|| ((flushed = flush_iob(csp->cfd, csp->iob, write_delay)) < 0)
"Flush header and buffers to client failed: %E");
freez(hdr);
mark_server_socket_tainted(csp);
"Flush header and buffers to client failed: %E");
freez(hdr);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
if (write_socket_delayed(csp->cfd, csp->receive_buffer,
(size_t)len, write_delay))
{
log_error(LOG_LEVEL_ERROR, "write to client failed: %E");
mark_server_socket_tainted(csp);
{
if (write_socket_delayed(csp->cfd, csp->receive_buffer,
(size_t)len, write_delay))
{
log_error(LOG_LEVEL_ERROR, "write to client failed: %E");
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
rsp = cgi_error_memory();
send_crunch_response(csp, rsp);
mark_server_socket_tainted(csp);
rsp = cgi_error_memory();
send_crunch_response(csp, rsp);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
"Applying the MS IIS5 hack didn't help.");
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
"Applying the MS IIS5 hack didn't help.");
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
strlen(INVALID_SERVER_HEADERS_RESPONSE));
}
else
strlen(INVALID_SERVER_HEADERS_RESPONSE));
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
write_socket_delayed(csp->cfd,
INVALID_SERVER_HEADERS_RESPONSE,
strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay);
}
mark_server_socket_tainted(csp);
{
write_socket_delayed(csp->cfd,
INVALID_SERVER_HEADERS_RESPONSE,
strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay);
}
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
}
free_http_request(http);
mark_server_socket_tainted(csp);
}
free_http_request(http);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
csp->headers->first->str);
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
csp->headers->first->str);
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
strlen(INVALID_SERVER_HEADERS_RESPONSE));
}
else
strlen(INVALID_SERVER_HEADERS_RESPONSE));
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
write_socket_delayed(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE,
strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay);
}
free_http_request(http);
mark_server_socket_tainted(csp);
{
write_socket_delayed(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE,
strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay);
}
free_http_request(http);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
{
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
{
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
}
free_http_request(http);
mark_server_socket_tainted(csp);
}
free_http_request(http);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
*/
freez(hdr);
mark_server_socket_tainted(csp);
*/
freez(hdr);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
* may be in the buffer). Use standard or secured
* connection.
*/
* may be in the buffer). Use standard or secured
* connection.
*/
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
if (client_use_ssl(csp))
{
if ((ssl_send_data(&(csp->mbedtls_client_attr.ssl),
if (client_use_ssl(csp))
{
if ((ssl_send_data(&(csp->mbedtls_client_attr.ssl),
*/
freez(hdr);
mark_server_socket_tainted(csp);
*/
freez(hdr);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
}
}
else
close_client_and_server_ssl_connections(csp);
#endif
return;
}
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
if (write_socket_delayed(csp->cfd, hdr, strlen(hdr), write_delay)
|| ((len = flush_iob(csp->cfd, csp->iob, write_delay)) < 0))
{
if (write_socket_delayed(csp->cfd, hdr, strlen(hdr), write_delay)
|| ((len = flush_iob(csp->cfd, csp->iob, write_delay)) < 0))
*/
freez(hdr);
mark_server_socket_tainted(csp);
*/
freez(hdr);
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
"Applying the MS IIS5 hack didn't help.");
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
"Applying the MS IIS5 hack didn't help.");
log_error(LOG_LEVEL_CLF,
"%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
/*
* Sending data with standard or secured connection (HTTP/HTTPS)
*/
strlen(INVALID_SERVER_HEADERS_RESPONSE));
}
else
strlen(INVALID_SERVER_HEADERS_RESPONSE));
}
else
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
{
write_socket_delayed(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE,
strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay);
}
mark_server_socket_tainted(csp);
{
write_socket_delayed(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE,
strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay);
}
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return;
close_client_and_server_ssl_connections(csp);
#endif
return;
continue;
}
mark_server_socket_tainted(csp);
continue;
}
mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
return; /* huh? we should never get here */
}
close_client_and_server_ssl_connections(csp);
#endif
return; /* huh? we should never get here */
}
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
close_client_and_server_ssl_connections(csp);
#endif
if (csp->content_length == 0)
close_client_and_server_ssl_connections(csp);
#endif
if (csp->content_length == 0)
struct http_request *http;
/* Skeleton for HTTP response, if we should intercept the request */
struct http_response *rsp;
struct http_request *http;
/* Skeleton for HTTP response, if we should intercept the request */
struct http_response *rsp;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
int use_ssl_tunnel = 0;
#endif
int use_ssl_tunnel = 0;
#endif
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Setting flags to use old solution with SSL tunnel and to disable
* certificates verification.
/*
* Setting flags to use old solution with SSL tunnel and to disable
* certificates verification.
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Presetting SSL client and server flags
*/
/*
* Presetting SSL client and server flags
*/
csp->ip_addr_str, acceptable_connect_ports, csp->http->hostport);
csp->action->flags |= ACTION_BLOCK;
http->ssl = 0;
csp->ip_addr_str, acceptable_connect_ports, csp->http->hostport);
csp->action->flags |= ACTION_BLOCK;
http->ssl = 0;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
http->client_ssl = 0;
http->server_ssl = 0;
#endif
http->client_ssl = 0;
http->server_ssl = 0;
#endif
* response later.
*/
if (
* response later.
*/
if (
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
!client_use_ssl(csp) &&
#endif
crunch_response_triggered(csp, crunchers_all))
!client_use_ssl(csp) &&
#endif
crunch_response_triggered(csp, crunchers_all))
mark_connection_closed(&csp->server_connection);
}
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
mark_connection_closed(&csp->server_connection);
}
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
if (http->ssl && !use_ssl_tunnel)
{
int ret;
if (http->ssl && !use_ssl_tunnel)
{
int ret;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Creating TLS/SSL connections with destination server or parent
* proxy. If forwarding is enabled, we must send client request to
/*
* Creating TLS/SSL connections with destination server or parent
* proxy. If forwarding is enabled, we must send client request to
}
}
}/* -END- if (http->ssl) */
}
}
}/* -END- if (http->ssl) */
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
#ifdef FEATURE_CONNECTION_KEEP_ALIVE
save_connection_destination(csp->server_connection.sfd,
#ifdef FEATURE_CONNECTION_KEEP_ALIVE
save_connection_destination(csp->server_connection.sfd,
assert(csp->headers->last == NULL);
}
else if (http->ssl == 0 || (fwd->forward_host
assert(csp->headers->last == NULL);
}
else if (http->ssl == 0 || (fwd->forward_host
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
&& use_ssl_tunnel
#endif
))
&& use_ssl_tunnel
#endif
))
* Using old solution with SSL tunnel or new solution with SSL proxy
*/
list_remove_all(csp->headers);
* Using old solution with SSL tunnel or new solution with SSL proxy
*/
list_remove_all(csp->headers);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
if (use_ssl_tunnel)
#endif
{
if (use_ssl_tunnel)
#endif
{
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
clear_iob(csp->client_iob);
}/* -END- else ... if (http->ssl == 1) */
clear_iob(csp->client_iob);
}/* -END- else ... if (http->ssl == 1) */
/* NOTREACHED unless FEATURE_GRACEFUL_TERMINATION is defined */
/* NOTREACHED unless FEATURE_GRACEFUL_TERMINATION is defined */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/* Clean up. Aim: free all memory (no leaks) */
if (rng_seeded == 1)
{
/* Clean up. Aim: free all memory (no leaks) */
if (rng_seeded == 1)
{
freez(config->usermanual);
freez(config->trusted_cgi_referrer);
freez(config->usermanual);
freez(config->trusted_cgi_referrer);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
freez(config->ca_password);
freez(config->ca_directory);
freez(config->ca_cert_file);
freez(config->ca_password);
freez(config->ca_directory);
freez(config->ca_cert_file);
unsigned long linenum = 0;
int i;
char *logfile = NULL;
unsigned long linenum = 0;
int i;
char *logfile = NULL;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
char *ca_cert_file = NULL;
char *ca_key_file = NULL;
char *ca_directory = NULL;
char *ca_cert_file = NULL;
char *ca_key_file = NULL;
char *ca_directory = NULL;
config->usermanual = strdup_or_die(USER_MANUAL_URL);
config->proxy_args = strdup_or_die("");
config->forwarded_connect_retries = 0;
config->usermanual = strdup_or_die(USER_MANUAL_URL);
config->proxy_args = strdup_or_die("");
config->forwarded_connect_retries = 0;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
config->ca_password = strdup("");
ca_cert_file = strdup("cacert.crt");
ca_key_file = strdup("cakey.pem");
config->ca_password = strdup("");
ca_cert_file = strdup("cacert.crt");
ca_key_file = strdup("cakey.pem");
config->usermanual = strdup_or_die(arg);
break;
config->usermanual = strdup_or_die(arg);
break;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/* *************************************************************************
* ca private key file password
* *************************************************************************/
/* *************************************************************************
* ca private key file password
* *************************************************************************/
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Setting SSL parameters from loaded values into structures
*/
/*
* Setting SSL parameters from loaded values into structures
*/
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*********************************************************************
*
* Function : sed_https
/*********************************************************************
*
* Function : sed_https
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
/*********************************************************************
/*********************************************************************
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*********************************************************************
*
* Function : get_destination_from_https_headers
/*********************************************************************
*
* Function : get_destination_from_https_headers
-#endif /* def FEATURE_HTTPS_FILTERING */
+#endif /* def FEATURE_HTTPS_INSPECTION */
/*********************************************************************
/*********************************************************************
extern char *get_header(struct iob *iob);
extern char *get_header_value(const struct list *header_list, const char *header_name);
extern jb_err sed(struct client_state *csp, int filter_server_headers);
extern char *get_header(struct iob *iob);
extern char *get_header_value(const struct list *header_list, const char *header_name);
extern jb_err sed(struct client_state *csp, int filter_server_headers);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
extern jb_err sed_https(struct client_state *csp);
#endif
extern jb_err update_server_headers(struct client_state *csp);
extern void get_http_time(int time_offset, char *buf, size_t buffer_size);
extern jb_err get_destination_from_headers(const struct list *headers, struct http_request *http);
extern jb_err sed_https(struct client_state *csp);
#endif
extern jb_err update_server_headers(struct client_state *csp);
extern void get_http_time(int time_offset, char *buf, size_t buffer_size);
extern jb_err get_destination_from_headers(const struct list *headers, struct http_request *http);
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
extern jb_err get_destination_from_https_headers(const struct list *headers, struct http_request *http);
#endif
extern unsigned long long get_expected_content_length(struct list *headers);
extern jb_err get_destination_from_https_headers(const struct list *headers, struct http_request *http);
#endif
extern unsigned long long get_expected_content_length(struct list *headers);
/* Needed for pcre choice */
#include "config.h"
/* Needed for pcre choice */
#include "config.h"
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
#ifdef FEATURE_PTHREAD
# include <pthread.h>
typedef pthread_mutex_t privoxy_mutex_t;
#ifdef FEATURE_PTHREAD
# include <pthread.h>
typedef pthread_mutex_t privoxy_mutex_t;
struct map_entry *last;
};
struct map_entry *last;
};
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* Struct of attributes necessary for TLS/SSL connection
*/
/*
* Struct of attributes necessary for TLS/SSL connection
*/
int dcount; /**< How many parts to this domain? (length of dvec) */
#endif /* ndef FEATURE_EXTENDED_HOST_PATTERNS */
int dcount; /**< How many parts to this domain? (length of dvec) */
#endif /* ndef FEATURE_EXTENDED_HOST_PATTERNS */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
int client_ssl; /**< Flag if we should comunicate with slient over ssl */
int server_ssl; /**< Flag if we should comunicate with server over ssl */
unsigned char hash_of_host_hex[(HASH_OF_HOST_BUF_SIZE * 2) + 1]; /**< chars for hash in hex string and one for '\0' */
int client_ssl; /**< Flag if we should comunicate with slient over ssl */
int server_ssl; /**< Flag if we should comunicate with server over ssl */
unsigned char hash_of_host_hex[(HASH_OF_HOST_BUF_SIZE * 2) + 1]; /**< chars for hash in hex string and one for '\0' */
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/*
* If this macro is defined, mutexes count for generating
* private keys is changed from 65536 to 32.
/*
* If this macro is defined, mutexes count for generating
* private keys is changed from 65536 to 32.
/* XXX: should be renamed to server_iob */
struct iob iob[1];
/* XXX: should be renamed to server_iob */
struct iob iob[1];
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
mbedtls_connection_attr mbedtls_server_attr; /* attributes for connection to server */
mbedtls_connection_attr mbedtls_client_attr; /* attributes for connection to client */
#endif
mbedtls_connection_attr mbedtls_server_attr; /* attributes for connection to server */
mbedtls_connection_attr mbedtls_client_attr; /* attributes for connection to client */
#endif
/** List of all headers for this request */
struct list headers[1];
/** List of all headers for this request */
struct list headers[1];
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/** List of all encrypted headers for this request */
struct list https_headers[1];
#endif
/** List of all encrypted headers for this request */
struct list https_headers[1];
#endif
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/* Result of server certificate verification */
uint32_t server_cert_verification_result;
/* Result of server certificate verification */
uint32_t server_cert_verification_result;
/** Nonzero if we need to bind() to the new port. */
int need_bind;
/** Nonzero if we need to bind() to the new port. */
int need_bind;
-#ifdef FEATURE_HTTPS_FILTERING
+#ifdef FEATURE_HTTPS_INSPECTION
/** Password for proxy ca file **/
char * ca_password;
/** Password for proxy ca file **/
char * ca_password;
<td>Allows to shutdown Privoxy through the web interface.</td>
</tr>
<tr>
<td>Allows to shutdown Privoxy through the web interface.</td>
</tr>
<tr>
- <td><code>FEATURE_HTTPS_FILTERING</code></td>
- <td>@if-FEATURE_HTTPS_FILTERING-then@ Yes @else-not-FEATURE_HTTPS_FILTERING@ No @endif-FEATURE_HTTPS_FILTERING@</td>
+ <td><code>FEATURE_HTTPS_INSPECTION</code></td>
+ <td>@if-FEATURE_HTTPS_INSPECTION-then@ Yes @else-not-FEATURE_HTTPS_INSPECTION@ No @endif-FEATURE_HTTPS_INSPECTION@</td>
<td>Allows to intercept and filter HTTPS traffic.</td>
</tr>
<tr>
<td>Allows to intercept and filter HTTPS traffic.</td>
</tr>
<tr>