Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy

diff --git a/INSTALL b/INSTALL
index 01b790d..7cba501 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -69,7 +69,7 @@ And then /etc/group, like:
 
 Some binary packages may do this for you.
 
-Then, to build from either unpacked tarball or CVS source:
+Then, to build from either unpacked tarball or Git checkout:
 
  autoheader
  autoconf

diff --git a/doc/source/buildsource.sgml b/doc/source/buildsource.sgml
index 4225a2c..81013cd 100644 (file)
--- a/doc/source/buildsource.sgml
+++ b/doc/source/buildsource.sgml
@@ -29,10 +29,6 @@
 
 <para>
  When building from a source tarball,
-<!-- no longer available ...
- <ulink url="http://cvs.sourceforge.net/cvstarballs/ijbswa-cvsroot.tar.gz">
- nightly CVS tarball</ulink>),
--->
  first unpack the source:
 </para>
 
@@ -94,7 +90,7 @@
 </para>
 
 <para>
- Then, to build from either unpacked tarball or CVS source:
+ Then, to build from either unpacked tarball or Git checkout:
 </para>
 
  <screen>

diff --git a/doc/source/developer-manual.sgml b/doc/source/developer-manual.sgml
index 4bfde09..da62dad 100644 (file)
--- a/doc/source/developer-manual.sgml
+++ b/doc/source/developer-manual.sgml
@@ -133,8 +133,8 @@ Hal.
     can be sent to the list for review too.
    </para>
     <para>
-     You will also need to have a git package installed, which will
-     entail having ssh installed as well, in order to access the git repository.
+     You will also need to have a git package installed,
+     in order to access the git repository.
      Having the GNU build tools is also going to be important (particularly,
      autoconf and gmake).
     </para>
@@ -2278,7 +2278,7 @@ for-privoxy-version=3.0.11
       <listitem>
        <para>
         Tag all files in Git with the version number with
-        <quote><command>cvs tag v_X_Y_Z</command></quote>.
+        <quote><command>git tag v_X_Y_Z</command></quote>.
         Don't use vX_Y_Z, ver_X_Y_Z, v_X.Y.Z (won't work) etc.
        </para>
       </listitem>
@@ -2312,8 +2312,9 @@ for-privoxy-version=3.0.11
       <programlisting>
   mkdir dist # delete or choose different name if it already exists
   cd dist
-  cvs -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa login
-  cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa export -r v_X_Y_Z current
+  git clone https://www.privoxy.org/git/privoxy.git
+  cd privoxy
+  git checkout v_X_Y_Z
 </programlisting>
 
     <para>

diff --git a/doc/source/webserver/index.sgml b/doc/source/webserver/index.sgml
index fbfb527..b0733e8 100644 (file)
--- a/doc/source/webserver/index.sgml
+++ b/doc/source/webserver/index.sgml
@@ -184,9 +184,6 @@
  <subscript>
   <ulink url="https://www.top10vpn.com">https://www.top10vpn.com</ulink>
  </subscript>
- <subscript>
-  <ulink url="https://www.vpnranks.com/">https://www.vpnranks.com/</ulink>
- </subscript>
 </para>
 <para>
  <subscript>

diff --git a/doc/webserver/developer-manual/introduction.html b/doc/webserver/developer-manual/introduction.html
index 3fe32d2..f029e78 100644 (file)
--- a/doc/webserver/developer-manual/introduction.html
+++ b/doc/webserver/developer-manual/introduction.html
@@ -38,9 +38,8 @@
       <p>The first step is to join the <a href="https://lists.privoxy.org/mailman/listinfo/privoxy-devel" target=
       "_top">privoxy-devel mailing list</a>. You can submit your ideas or, even better, patches. Patches are best
       submitted to the Sourceforge tracker set up for this purpose, but can be sent to the list for review too.</p>
-      <p>You will also need to have a git package installed, which will entail having ssh installed as well, in order
-      to access the git repository. Having the GNU build tools is also going to be important (particularly, autoconf
-      and gmake).</p>
+      <p>You will also need to have a git package installed, in order to access the git repository. Having the GNU
+      build tools is also going to be important (particularly, autoconf and gmake).</p>
       <p>For the time being (read, this section is under construction), you can also refer to the extensive comments in
       the source code. In fact, reading the code is recommended in any case.</p>
     </div>

diff --git a/doc/webserver/developer-manual/newrelease.html b/doc/webserver/developer-manual/newrelease.html
index 95ac34a..af54836 100644 (file)
--- a/doc/webserver/developer-manual/newrelease.html
+++ b/doc/webserver/developer-manual/newrelease.html
@@ -203,7 +203,7 @@ for-privoxy-version=3.0.11</pre>
           to be done manually.</p>
         </li>
         <li>
-          <p>Tag all files in Git with the version number with <span class="QUOTE">"<b class="COMMAND">cvs tag
+          <p>Tag all files in Git with the version number with <span class="QUOTE">"<b class="COMMAND">git tag
           v_X_Y_Z</b>"</span>. Don't use vX_Y_Z, ver_X_Y_Z, v_X.Y.Z (won't work) etc.</p>
         </li>
         <li>
@@ -227,8 +227,9 @@ for-privoxy-version=3.0.11</pre>
           <td>
             <pre class="PROGRAMLISTING">  mkdir dist # delete or choose different name if it already exists
   cd dist
-  cvs -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa login
-  cvs -z3 -d:pserver:anonymous@ijbswa.cvs.sourceforge.net:/cvsroot/ijbswa export -r v_X_Y_Z current</pre>
+  git clone https://www.privoxy.org/git/privoxy.git
+  cd privoxy
+  git checkout v_X_Y_Z</pre>
           </td>
         </tr>
       </table>

diff --git a/doc/webserver/index.html b/doc/webserver/index.html
index 2f82a7c..c8a6392 100644 (file)
--- a/doc/webserver/index.html
+++ b/doc/webserver/index.html
@@ -96,8 +96,6 @@
       <p style="text-align: center"><sub>Hosting and development is funded in part by:</sub></p>
       <p style="text-align: center"><sub><a href="https://www.top10vpn.com" target=
       "_top">https://www.top10vpn.com</a></sub></p>
-      <p style="text-align: center"><sub><a href="https://www.vpnranks.com/" target=
-      "_top">https://www.vpnranks.com/</a></sub></p>
       <p style="text-align: center"><sub><a href="/faq/general.html#SPONSOR" target="_top">Become a
       sponsor</a></sub></p>
     </div>

diff --git a/doc/webserver/sponsors/index.html b/doc/webserver/sponsors/index.html
index 64f05d1..5fe10db 100644 (file)
--- a/doc/webserver/sponsors/index.html
+++ b/doc/webserver/sponsors/index.html
@@ -13,7 +13,6 @@
   level</a> with the exception of sponsors that preferred not to be listed here.</p>
   <h3>Silver sponsors</h3>
   <p><a href="https://www.top10vpn.com">https://www.top10vpn.com</a></p>
-  <p><a href="https://www.vpnranks.com/">https://www.vpnranks.com/</a></p>
   <h3>Bronze sponsor</h3>
   <p><a href="https://www.betrugstest.com/">https://www.betrugstest.com/</a></p>
   <h3>Becoming a Privoxy sponsor</h3>

diff --git a/doc/webserver/user-manual/installation.html b/doc/webserver/user-manual/installation.html
index c49dca8..ec7bca8 100644 (file)
--- a/doc/webserver/user-manual/installation.html
+++ b/doc/webserver/user-manual/installation.html
@@ -179,7 +179,7 @@
         </tr>
       </table>
       <p>Some binary packages may do this for you.</p>
-      <p>Then, to build from either unpacked tarball or CVS source:</p>
+      <p>Then, to build from either unpacked tarball or Git checkout:</p>
       <table border="0" bgcolor="#E0E0E0" width="100%">
         <tr>
           <td>

diff --git a/jcc.c b/jcc.c
index 75be2d2..614c7f1 100644 (file)
--- a/jcc.c
+++ b/jcc.c
@@ -146,7 +146,7 @@ int g_terminate = 0;
 #if !defined(_WIN32) && !defined(__OS2__)
 static void sig_handler(int the_signal);
 #endif
-static int client_protocol_is_unsupported(const struct client_state *csp, char *req);
+static int client_protocol_is_unsupported(struct client_state *csp, char *req);
 static jb_err get_request_destination_elsewhere(struct client_state *csp, struct list *headers);
 static jb_err get_server_headers(struct client_state *csp);
 static const char *crunch_reason(const struct http_response *rsp);
@@ -445,7 +445,7 @@ static unsigned int get_write_delay(const struct client_state *csp)
  *                FALSE if the request doesn't look invalid.
  *
  *********************************************************************/
-static int client_protocol_is_unsupported(const struct client_state *csp, char *req)
+static int client_protocol_is_unsupported(struct client_state *csp, char *req)
 {
    /*
     * If it's a FTP or gopher request, we don't support it.
@@ -481,8 +481,19 @@ static int client_protocol_is_unsupported(const struct client_state *csp, char *
       log_error(LOG_LEVEL_CLF,
          "%s - - [%T] \"%s\" 400 0", csp->ip_addr_str, req);
       freez(req);
-      write_socket_delayed(csp->cfd, response, strlen(response),
-         get_write_delay(csp));
+
+#ifdef FEATURE_HTTPS_INSPECTION
+      if (client_use_ssl(csp))
+      {
+         ssl_send_data(&(csp->mbedtls_client_attr.ssl),
+            (const unsigned char *)response, strlen(response));
+      }
+      else
+#endif
+      {
+         write_socket_delayed(csp->cfd, response, strlen(response),
+            get_write_delay(csp));
+      }
 
       return TRUE;
    }
@@ -2123,7 +2134,6 @@ static int send_https_request(struct client_state *csp)
          "Failed sending encrypted request headers to: %s: %E",
          csp->http->hostport);
       mark_server_socket_tainted(csp);
-      close_client_and_server_ssl_connections(csp);
       return 1;
    }
 
@@ -2245,6 +2255,8 @@ static jb_err process_encrypted_request(struct client_state *csp)
    if (err != JB_ERR_OK)
    {
       /* XXX: Also used for JB_ERR_MEMORY */
+      log_error(LOG_LEVEL_ERROR, "Failed to receive encrypted request: %s",
+         jb_err_to_string(err));
       ssl_send_data(&(csp->mbedtls_client_attr.ssl),
          (const unsigned char *)CHEADER, strlen(CHEADER));
       return err;
@@ -2254,6 +2266,7 @@ static jb_err process_encrypted_request(struct client_state *csp)
    request_line = get_header(csp->client_iob);
    if (request_line == NULL)
    {
+      log_error(LOG_LEVEL_ERROR, "Failed to get the encrypted request line");
       ssl_send_data(&(csp->mbedtls_client_attr.ssl),
          (const unsigned char *)CHEADER, strlen(CHEADER));
       return JB_ERR_PARSE;
@@ -2262,8 +2275,11 @@ static jb_err process_encrypted_request(struct client_state *csp)
 
    if (client_protocol_is_unsupported(csp, request_line))
    {
-      ssl_send_data(&(csp->mbedtls_client_attr.ssl),
-         (const unsigned char *)CHEADER, strlen(CHEADER));
+      /*
+       * If the protocol is unsupported we're done here.
+       * client_protocol_is_unsupported() took care of sending
+       * the error response and logging the error message.
+       */
       return JB_ERR_PARSE;
    }
 
@@ -2317,6 +2333,8 @@ static jb_err process_encrypted_request(struct client_state *csp)
        * Our attempts to get the request destination
        * elsewhere failed.
        */
+      log_error(LOG_LEVEL_ERROR,
+         "Failed to get the encrypted request destination");
       ssl_send_data(&(csp->mbedtls_client_attr.ssl),
          (const unsigned char *)CHEADER, strlen(CHEADER));
       return JB_ERR_PARSE;
@@ -2521,62 +2539,60 @@ static void handle_established_connection(struct client_state *csp)
       }
 #endif  /* FEATURE_CONNECTION_KEEP_ALIVE */
 
-      {
 #ifdef HAVE_POLL
-         poll_fds[0].fd = csp->cfd;
+      poll_fds[0].fd = csp->cfd;
 #ifdef FEATURE_CONNECTION_KEEP_ALIVE
-         if (!watch_client_socket)
-         {
-            /*
-             * Ignore incoming data, but still watch out
-             * for disconnects etc. These flags are always
-             * implied anyway but explicitly setting them
-             * doesn't hurt.
-             */
-            poll_fds[0].events = POLLERR|POLLHUP;
-         }
-         else
+      if (!watch_client_socket)
+      {
+         /*
+          * Ignore incoming data, but still watch out
+          * for disconnects etc. These flags are always
+          * implied anyway but explicitly setting them
+          * doesn't hurt.
+          */
+         poll_fds[0].events = POLLERR|POLLHUP;
+      }
+      else
 #endif
-         {
-            poll_fds[0].events = POLLIN;
-         }
-         poll_fds[1].fd = csp->server_connection.sfd;
-         poll_fds[1].events = POLLIN;
-         n = poll(poll_fds, 2, csp->config->socket_timeout * 1000);
+      {
+         poll_fds[0].events = POLLIN;
+      }
+      poll_fds[1].fd = csp->server_connection.sfd;
+      poll_fds[1].events = POLLIN;
+      n = poll(poll_fds, 2, csp->config->socket_timeout * 1000);
 #else
-         timeout.tv_sec = csp->config->socket_timeout;
-         timeout.tv_usec = 0;
-         n = select((int)maxfd + 1, &rfds, NULL, NULL, &timeout);
+      timeout.tv_sec = csp->config->socket_timeout;
+      timeout.tv_usec = 0;
+      n = select((int)maxfd + 1, &rfds, NULL, NULL, &timeout);
 #endif /* def HAVE_POLL */
 
-         /*server or client not responding in timeout */
-         if (n == 0)
+      /*server or client not responding in timeout */
+      if (n == 0)
+      {
+         log_error(LOG_LEVEL_CONNECT, "Socket timeout %d reached: %s",
+            csp->config->socket_timeout, http->url);
+         if ((byte_count == 0) && (http->ssl == 0))
          {
-            log_error(LOG_LEVEL_CONNECT, "Socket timeout %d reached: %s",
-               csp->config->socket_timeout, http->url);
-            if ((byte_count == 0) && (http->ssl == 0))
-            {
-               send_crunch_response(csp, error_response(csp, "connection-timeout"));
-            }
-            mark_server_socket_tainted(csp);
+            send_crunch_response(csp, error_response(csp, "connection-timeout"));
+         }
+         mark_server_socket_tainted(csp);
 #ifdef FEATURE_HTTPS_INSPECTION
-            close_client_and_server_ssl_connections(csp);
+         close_client_and_server_ssl_connections(csp);
 #endif
-            return;
-         }
-         else if (n < 0)
-         {
+         return;
+      }
+      else if (n < 0)
+      {
 #ifdef HAVE_POLL
-            log_error(LOG_LEVEL_ERROR, "poll() failed!: %E");
+         log_error(LOG_LEVEL_ERROR, "poll() failed!: %E");
 #else
-            log_error(LOG_LEVEL_ERROR, "select() failed!: %E");
+         log_error(LOG_LEVEL_ERROR, "select() failed!: %E");
 #endif
-            mark_server_socket_tainted(csp);
+         mark_server_socket_tainted(csp);
 #ifdef FEATURE_HTTPS_INSPECTION
-            close_client_and_server_ssl_connections(csp);
+         close_client_and_server_ssl_connections(csp);
 #endif
-            return;
-         }
+         return;
       }
 
       /*
@@ -2714,9 +2730,6 @@ static void handle_established_connection(struct client_state *csp)
             {
                log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host);
                mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_INSPECTION
-               close_client_and_server_ssl_connections(csp);
-#endif
                return;
             }
          }
@@ -2957,9 +2970,6 @@ static void handle_established_connection(struct client_state *csp)
                         freez(hdr);
                         freez(p);
                         mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_INSPECTION
-                        close_client_and_server_ssl_connections(csp);
-#endif
                         return;
                      }
                   }
@@ -3063,9 +3073,6 @@ static void handle_established_connection(struct client_state *csp)
                            "Flush header and buffers to client failed: %E");
                         freez(hdr);
                         mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_INSPECTION
-                        close_client_and_server_ssl_connections(csp);
-#endif
                         return;
                      }
                   }
@@ -3108,9 +3115,6 @@ static void handle_established_connection(struct client_state *csp)
                   {
                      log_error(LOG_LEVEL_ERROR, "write to client failed: %E");
                      mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_INSPECTION
-                     close_client_and_server_ssl_connections(csp);
-#endif
                      return;
                   }
                }
@@ -3385,9 +3389,6 @@ static void handle_established_connection(struct client_state *csp)
                       */
                      freez(hdr);
                      mark_server_socket_tainted(csp);
-#ifdef FEATURE_HTTPS_INSPECTION
-                     close_client_and_server_ssl_connections(csp);
-#endif
                      return;
                   }
                }
@@ -3775,6 +3776,9 @@ static void chat(struct client_state *csp)
           * client body in the buffer (if there is one) and to
           * continue parsing the bytes that follow.
           */
+#ifdef FEATURE_HTTPS_INSPECTION
+         close_client_ssl_connection(csp);
+#endif
          drain_and_close_socket(csp->cfd);
          csp->cfd = JB_INVALID_SOCKET;