From: Fabian Keil Date: Tue, 25 Feb 2020 21:07:41 +0000 (+0100) Subject: Rename +enable-https-filtering to +https-inspection X-Git-Tag: v_3_0_29~478 X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=662c02e3ab1cab69b67f869aba490c147fc7741e Rename +enable-https-filtering to +https-inspection ... which is more precise. Sponsored by: Robert Klemme --- diff --git a/actionlist.h b/actionlist.h index b21a1ef4..5f94ea4f 100644 --- a/actionlist.h +++ b/actionlist.h @@ -73,9 +73,6 @@ DEFINE_ACTION_STRING ("delay-response", ACTION_DELAY_RESPONSE, DEFINE_CGI_PARAM_NO_RADIO("delay-response", ACTION_DELAY_RESPONSE, ACTION_STRING_DELAY_RESPONSE, "100") DEFINE_CGI_PARAM_RADIO ("deanimate-gifs", ACTION_DEANIMATE, ACTION_STRING_DEANIMATE, "last", 1) DEFINE_ACTION_BOOL ("downgrade-http-version", ACTION_DOWNGRADE) -#ifdef FEATURE_HTTPS_INSPECTION -DEFINE_ACTION_BOOL ("enable-https-filtering", ACTION_ENABLE_HTTPS_FILTER) -#endif #ifdef FEATURE_EXTERNAL_FILTERS DEFINE_ACTION_MULTI ("external-filter", ACTION_MULTI_EXTERNAL_FILTER) #endif @@ -111,6 +108,7 @@ DEFINE_CGI_PARAM_CUSTOM ("hide-referrer", ACTION_HIDE_REFERER, DEFINE_ACTION_STRING ("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT) DEFINE_CGI_PARAM_NO_RADIO("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT, "Privoxy " VERSION) #ifdef FEATURE_HTTPS_INSPECTION +DEFINE_ACTION_BOOL ("https-inspection", ACTION_HTTPS_INSPECTION) DEFINE_ACTION_BOOL ("ignore-certificate-errors", ACTION_IGNORE_CERTIFICATE_ERRORS) #endif DEFINE_ACTION_STRING ("limit-connect", ACTION_LIMIT_CONNECT, ACTION_STRING_LIMIT_CONNECT) diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml index 2c3a9cf4..e2b205bc 100644 --- a/doc/source/p-config.sgml +++ b/doc/source/p-config.sgml @@ -4008,8 +4008,8 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t The file is used by &my-app; to generate website certificates - when https filtering is enabled with the - enable-https-filtering + when https inspection is enabled with the + https-inspection action. @@ -4195,9 +4195,9 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t This directive specifies the directory where generated - TLS/SSL keys and certificates are saved when https filtering + TLS/SSL keys and certificates are saved when https inspection is enabled with the - enable-https-filtering + https-inspection action. diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml index a2a02b81..dc9c3d8e 100644 --- a/doc/source/user-manual.sgml +++ b/doc/source/user-manual.sgml @@ -3802,77 +3802,6 @@ problem-host.example.com - - -enable-https-filtering - - - - Typical use: - - Filter encrypted requests and responses - - - - - Effect: - - - Encrypted requests are decrypted, filtered and forwarded encrypted. - - - - - - Type: - - - Boolean. - - - - - Parameter: - - - N/A - - - - - - Notes: - - - This action allows &my-app; to filter encrypted requests and responses. - For this to work &my-app; has to generate a certificate and send it - to the client which has to accept it. - - - Before this works the directives in the - TLS section - of the config file have to be configured. - - - Note that the action has to be enabled based on the CONNECT - request which doesn't contain a path. Enabling it based on - a pattern with path doesn't work as the path is only seen - by &my-app; if the action is already enabled. - - - - - - Example usage (section): - - {+enable-https-filtering} -www.example.com - - - - - - external-filter @@ -5218,6 +5147,78 @@ new action + + +https-inspection + + + + Typical use: + + Filter encrypted requests and responses + + + + + Effect: + + + Encrypted requests are decrypted, filtered and forwarded encrypted. + + + + + + Type: + + + Boolean. + + + + + Parameter: + + + N/A + + + + + + Notes: + + + This action allows &my-app; to filter encrypted requests and responses. + For this to work &my-app; has to generate a certificate and send it + to the client which has to accept it. + + + Before this works the directives in the + TLS section + of the config file have to be configured. + + + Note that the action has to be enabled based on the CONNECT + request which doesn't contain a path. Enabling it based on + a pattern with path doesn't work as the path is only seen + by &my-app; if the action is already enabled. + + + + + + Example usage (section): + + {+https-inspection} +www.example.com + + + + + + + ignore-certificate-errors @@ -5261,7 +5262,7 @@ new action When the - +enable-https-filtering + +https-inspection action is used &my-app; by default verifies that the remote site uses a valid certificate. diff --git a/jcc.c b/jcc.c index fc8db3d9..a5174b30 100644 --- a/jcc.c +++ b/jcc.c @@ -2403,7 +2403,7 @@ static void handle_established_connection(struct client_state *csp) csp->ssl_with_server_is_opened = 0; csp->ssl_with_client_is_opened = 0; - if (csp->http->ssl && !(csp->action->flags & ACTION_ENABLE_HTTPS_FILTER)) + if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION)) { /* Pass encrypted content without filtering. */ use_ssl_tunnel = 1; @@ -3573,7 +3573,7 @@ static void chat(struct client_state *csp) * Setting flags to use old solution with SSL tunnel and to disable * certificates verification. */ - if (csp->http->ssl && !(csp->action->flags & ACTION_ENABLE_HTTPS_FILTER)) + if (csp->http->ssl && !(csp->action->flags & ACTION_HTTPS_INSPECTION)) { use_ssl_tunnel = 1; } diff --git a/project.h b/project.h index c0f69a8e..1720e768 100644 --- a/project.h +++ b/project.h @@ -572,8 +572,8 @@ struct iob #define ACTION_LIMIT_COOKIE_LIFETIME 0x08000000UL /** Action bitmap: Delay writes */ #define ACTION_DELAY_RESPONSE 0x10000000UL -/** Action bitmap: Turn https filtering on */ -#define ACTION_ENABLE_HTTPS_FILTER 0x20000000UL +/** Action bitmap: Turn https inspection on */ +#define ACTION_HTTPS_INSPECTION 0x20000000UL /** Action bitmap: Turn certificates verification off */ #define ACTION_IGNORE_CERTIFICATE_ERRORS 0x40000000UL