From bd7800c807e535d21222fa41cb29537cb865b170 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Tue, 25 Feb 2020 21:51:59 +0100 Subject: [PATCH] Rename FEATURE_HTTPS_FILTERING to FEATURE_HTTPS_INSPECTION ... which is more precise. Sponsored by: Robert Klemme --- GNUmakefile.in | 6 +-- actionlist.h | 4 +- cgisimple.c | 4 +- configure.in | 24 ++++----- filters.c | 2 +- jcc.c | 120 +++++++++++++++++++++--------------------- loadcfg.c | 10 ++-- parsers.c | 8 +-- parsers.h | 4 +- project.h | 16 +++--- templates/show-status | 4 +- 11 files changed, 101 insertions(+), 101 deletions(-) diff --git a/GNUmakefile.in b/GNUmakefile.in index 80833561..f5ca9da7 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -231,9 +231,9 @@ W32_HDRS = @WIN_ONLY@w32log.h w32taskbar.h win32.h w32res.h w32svrapi.h W32_LIB = @WIN_ONLY@-lwsock32 -lcomctl32 W32_INIS = @WIN_ONLY@config.txt trust.txt -SSL_SRC = @FEATURE_HTTPS_FILTERING_ONLY@ssl.c -SSL_OBJS = @FEATURE_HTTPS_FILTERING_ONLY@$(SSL_SRC:.c=.o) -SSL_HDRS = @FEATURE_HTTPS_FILTERING_ONLY@$(SSL_SRC:.c=.h) project.h +SSL_SRC = @FEATURE_HTTPS_INSPECTION_ONLY@ssl.c +SSL_OBJS = @FEATURE_HTTPS_INSPECTION_ONLY@$(SSL_SRC:.c=.o) +SSL_HDRS = @FEATURE_HTTPS_INSPECTION_ONLY@$(SSL_SRC:.c=.h) project.h PCRS_SRC = @STATIC_PCRS_ONLY@pcrs.c PCRS_OBJS = @STATIC_PCRS_ONLY@$(PCRS_SRC:.c=.@OBJEXT@) diff --git a/actionlist.h b/actionlist.h index 60bb1f39..b21a1ef4 100644 --- a/actionlist.h +++ b/actionlist.h @@ -73,7 +73,7 @@ DEFINE_ACTION_STRING ("delay-response", ACTION_DELAY_RESPONSE, DEFINE_CGI_PARAM_NO_RADIO("delay-response", ACTION_DELAY_RESPONSE, ACTION_STRING_DELAY_RESPONSE, "100") DEFINE_CGI_PARAM_RADIO ("deanimate-gifs", ACTION_DEANIMATE, ACTION_STRING_DEANIMATE, "last", 1) DEFINE_ACTION_BOOL ("downgrade-http-version", ACTION_DOWNGRADE) -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION DEFINE_ACTION_BOOL ("enable-https-filtering", ACTION_ENABLE_HTTPS_FILTER) #endif #ifdef FEATURE_EXTERNAL_FILTERS @@ -110,7 +110,7 @@ DEFINE_CGI_PARAM_RADIO ("hide-referrer", ACTION_HIDE_REFERER, DEFINE_CGI_PARAM_CUSTOM ("hide-referrer", ACTION_HIDE_REFERER, ACTION_STRING_REFERER, "http://www.privoxy.org/") DEFINE_ACTION_STRING ("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT) DEFINE_CGI_PARAM_NO_RADIO("hide-user-agent", ACTION_HIDE_USER_AGENT, ACTION_STRING_USER_AGENT, "Privoxy " VERSION) -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION DEFINE_ACTION_BOOL ("ignore-certificate-errors", ACTION_IGNORE_CERTIFICATE_ERRORS) #endif DEFINE_ACTION_STRING ("limit-connect", ACTION_LIMIT_CONNECT, ACTION_STRING_LIMIT_CONNECT) diff --git a/cgisimple.c b/cgisimple.c index febde4fa..0148120a 100644 --- a/cgisimple.c +++ b/cgisimple.c @@ -1831,8 +1831,8 @@ static jb_err show_defines(struct map *exports) #endif }, { - "FEATURE_HTTPS_FILTERING", -#ifdef FEATURE_HTTPS_FILTERING + "FEATURE_HTTPS_INSPECTION", +#ifdef FEATURE_HTTPS_INSPECTION 1, #else 0, diff --git a/configure.in b/configure.in index a8839c2e..2889ac2c 100644 --- a/configure.in +++ b/configure.in @@ -1131,13 +1131,13 @@ dnl fi AC_SUBST(STATIC_PCRE_ONLY) AC_SUBST(STATIC_PCRS_ONLY) -dnl ======================================================= -dnl check for mbedTLS which is required for https filtering -dnl ======================================================= -FEATURE_HTTPS_FILTERING_ONLY=# +dnl ======================================================== +dnl check for mbedTLS which is required for https inspection +dnl ======================================================== +FEATURE_HTTPS_INSPECTION_ONLY=# OPT_MBEDTLS=no AC_ARG_WITH(mbedtls,dnl -AC_HELP_STRING([--with-mbedtls],[enable mbedTLS detection for https filtering.]) +AC_HELP_STRING([--with-mbedtls],[enable mbedTLS detection for https inspection.]) AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]), OPT_MBEDTLS=$withval) @@ -1145,20 +1145,20 @@ if test X"$OPT_MBEDTLS" != Xno; then AC_CHECK_LIB(mbedtls, mbedtls_ssl_init, [ - AC_DEFINE(FEATURE_HTTPS_FILTERING, 1, [if mbedTLS is enabled]) - AC_SUBST(FEATURE_HTTPS_FILTERING, [1]) - FEATURE_HTTPS_FILTERING="yes" + AC_DEFINE(FEATURE_HTTPS_INSPECTION, 1, [if mbedTLS is enabled]) + AC_SUBST(FEATURE_HTTPS_INSPECTION, [1]) + FEATURE_HTTPS_INSPECTION="yes" ], [], -lmbedx509 -lmbedcrypto) - if test "x$FEATURE_HTTPS_FILTERING" = "xyes"; then - AC_MSG_NOTICE([Detected mbedTLS. Enabling https filtering.]) + if test "x$FEATURE_HTTPS_INSPECTION" = "xyes"; then + AC_MSG_NOTICE([Detected mbedTLS. Enabling https inspection.]) LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS" - FEATURE_HTTPS_FILTERING_ONLY= + FEATURE_HTTPS_INSPECTION_ONLY= fi fi -AC_SUBST(FEATURE_HTTPS_FILTERING_ONLY) +AC_SUBST(FEATURE_HTTPS_INSPECTION_ONLY) dnl ================================================================= diff --git a/filters.c b/filters.c index d29d422f..278c113e 100644 --- a/filters.c +++ b/filters.c @@ -2300,7 +2300,7 @@ void get_url_actions(struct client_state *csp, struct http_request *http) struct url_actions *b; int i; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION if (!csp->http->client_ssl) #endif { diff --git a/jcc.c b/jcc.c index 6963015b..fc8db3d9 100644 --- a/jcc.c +++ b/jcc.c @@ -112,7 +112,7 @@ #include "project.h" #include "list.h" #include "jcc.h" -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION #include "ssl.h" #endif #include "filters.h" @@ -844,7 +844,7 @@ static void send_crunch_response(struct client_state *csp, struct http_response csp->ip_addr_str, http->ocmd, status_code, rsp->content_length); /* Write the answer to the client */ -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION if (client_use_ssl(csp)) { if ((ssl_send_data(&(csp->mbedtls_client_attr.ssl), @@ -2014,7 +2014,7 @@ static int send_http_request(struct client_state *csp) } -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /********************************************************************* * * Function : receive_and_send_encrypted_post_data @@ -2391,7 +2391,7 @@ static void handle_established_connection(struct client_state *csp) long len = 0; /* for buffer sizes (and negative error codes) */ int buffer_and_filter_content = 0; unsigned int write_delay; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION int ret = 0; int use_ssl_tunnel = 0; csp->dont_verify_certificate = 0; @@ -2514,7 +2514,7 @@ static void handle_established_connection(struct client_state *csp) } #endif /* FEATURE_CONNECTION_KEEP_ALIVE */ -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Test if some data from client or destination server are pending * on TLS/SSL. We must work with them preferably. TLS/SSL data can @@ -2573,7 +2573,7 @@ static void handle_established_connection(struct client_state *csp) send_crunch_response(csp, error_response(csp, "connection-timeout")); } mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -2586,13 +2586,13 @@ static void handle_established_connection(struct client_state *csp) log_error(LOG_LEVEL_ERROR, "select() failed!: %E"); #endif mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; } } -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION else { /* set FD if some data are pending on TLS/SSL connections */ @@ -2692,7 +2692,7 @@ static void handle_established_connection(struct client_state *csp) assert(max_bytes_to_read <= csp->receive_buffer_size); #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Reading data from standard or secured connection (HTTP/HTTPS) */ @@ -2724,7 +2724,7 @@ static void handle_established_connection(struct client_state *csp) } } else -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ { len = read_socket(csp->cfd, csp->receive_buffer, max_bytes_to_read); @@ -2757,7 +2757,7 @@ static void handle_established_connection(struct client_state *csp) { log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -2794,7 +2794,7 @@ static void handle_established_connection(struct client_state *csp) log_error(LOG_LEVEL_CONNECT, "The server still wants to talk, but the client hung up on us."); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -2802,7 +2802,7 @@ static void handle_established_connection(struct client_state *csp) } #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Reading data from standard or secured connection (HTTP/HTTPS) */ @@ -2823,7 +2823,7 @@ static void handle_established_connection(struct client_state *csp) log_error(LOG_LEVEL_ERROR, "read from: %s failed: %E", http->host); if ((http->ssl && (csp->fwd == NULL)) -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION && use_ssl_tunnel #endif ) @@ -2849,7 +2849,7 @@ static void handle_established_connection(struct client_state *csp) log_error(LOG_LEVEL_ERROR, "Already forwarded the original headers. " "Unable to tell the client about the problem."); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -2918,7 +2918,7 @@ static void handle_established_connection(struct client_state *csp) { if (server_body || (http->ssl -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION && use_ssl_tunnel #endif )) @@ -2968,7 +2968,7 @@ static void handle_established_connection(struct client_state *csp) log_error(LOG_LEVEL_FATAL, "Out of memory parsing server header"); } -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Sending data with standard or secured connection (HTTP/HTTPS) */ @@ -2990,7 +2990,7 @@ static void handle_established_connection(struct client_state *csp) } } else -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ { if (write_socket_delayed(csp->cfd, hdr, strlen(hdr), write_delay) || write_socket_delayed(csp->cfd, ((p != NULL) ? p : csp->iob->cur), @@ -3000,7 +3000,7 @@ static void handle_established_connection(struct client_state *csp) freez(hdr); freez(p); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3035,7 +3035,7 @@ static void handle_established_connection(struct client_state *csp) * content-filtering. */ if (server_body || (http->ssl -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION && use_ssl_tunnel #endif )) @@ -3066,14 +3066,14 @@ static void handle_established_connection(struct client_state *csp) rsp = cgi_error_memory(); send_crunch_response(csp, rsp); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; } hdrlen = strlen(hdr); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Sending data with standard or secured connection (HTTP/HTTPS) */ @@ -3095,7 +3095,7 @@ static void handle_established_connection(struct client_state *csp) } } else -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ { if (write_socket_delayed(csp->cfd, hdr, hdrlen, write_delay) || ((flushed = flush_iob(csp->cfd, csp->iob, write_delay)) < 0) @@ -3106,7 +3106,7 @@ static void handle_established_connection(struct client_state *csp) "Flush header and buffers to client failed: %E"); freez(hdr); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3126,7 +3126,7 @@ static void handle_established_connection(struct client_state *csp) } else { -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Sending data with standard or secured connection (HTTP/HTTPS) */ @@ -3144,14 +3144,14 @@ static void handle_established_connection(struct client_state *csp) } } else -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ { if (write_socket_delayed(csp->cfd, csp->receive_buffer, (size_t)len, write_delay)) { log_error(LOG_LEVEL_ERROR, "write to client failed: %E"); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3174,7 +3174,7 @@ static void handle_established_connection(struct client_state *csp) rsp = cgi_error_memory(); send_crunch_response(csp, rsp); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3194,7 +3194,7 @@ static void handle_established_connection(struct client_state *csp) "Applying the MS IIS5 hack didn't help."); log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Sending data with standard or secured connection (HTTP/HTTPS) */ @@ -3205,14 +3205,14 @@ static void handle_established_connection(struct client_state *csp) strlen(INVALID_SERVER_HEADERS_RESPONSE)); } else -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ { write_socket_delayed(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE, strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay); } mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3260,7 +3260,7 @@ static void handle_established_connection(struct client_state *csp) } free_http_request(http); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3288,7 +3288,7 @@ static void handle_established_connection(struct client_state *csp) csp->headers->first->str); log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Sending data with standard or secured connection (HTTP/HTTPS) */ @@ -3299,14 +3299,14 @@ static void handle_established_connection(struct client_state *csp) strlen(INVALID_SERVER_HEADERS_RESPONSE)); } else -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ { write_socket_delayed(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE, strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay); } free_http_request(http); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3320,7 +3320,7 @@ static void handle_established_connection(struct client_state *csp) { log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Sending data with standard or secured connection (HTTP/HTTPS) */ @@ -3338,7 +3338,7 @@ static void handle_established_connection(struct client_state *csp) } free_http_request(http); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3375,7 +3375,7 @@ static void handle_established_connection(struct client_state *csp) */ freez(hdr); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3392,7 +3392,7 @@ static void handle_established_connection(struct client_state *csp) * may be in the buffer). Use standard or secured * connection. */ -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION if (client_use_ssl(csp)) { if ((ssl_send_data(&(csp->mbedtls_client_attr.ssl), @@ -3408,14 +3408,14 @@ static void handle_established_connection(struct client_state *csp) */ freez(hdr); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; } } else -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ { if (write_socket_delayed(csp->cfd, hdr, strlen(hdr), write_delay) || ((len = flush_iob(csp->cfd, csp->iob, write_delay)) < 0)) @@ -3428,7 +3428,7 @@ static void handle_established_connection(struct client_state *csp) */ freez(hdr); mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3453,7 +3453,7 @@ static void handle_established_connection(struct client_state *csp) "Applying the MS IIS5 hack didn't help."); log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Sending data with standard or secured connection (HTTP/HTTPS) */ @@ -3464,13 +3464,13 @@ static void handle_established_connection(struct client_state *csp) strlen(INVALID_SERVER_HEADERS_RESPONSE)); } else -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ { write_socket_delayed(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE, strlen(INVALID_SERVER_HEADERS_RESPONSE), write_delay); } mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; @@ -3479,12 +3479,12 @@ static void handle_established_connection(struct client_state *csp) continue; } mark_server_socket_tainted(csp); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif return; /* huh? we should never get here */ } -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION close_client_and_server_ssl_connections(csp); #endif if (csp->content_length == 0) @@ -3544,7 +3544,7 @@ static void chat(struct client_state *csp) struct http_request *http; /* Skeleton for HTTP response, if we should intercept the request */ struct http_response *rsp; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION int use_ssl_tunnel = 0; #endif @@ -3568,7 +3568,7 @@ static void chat(struct client_state *csp) return; } -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Setting flags to use old solution with SSL tunnel and to disable * certificates verification. @@ -3625,7 +3625,7 @@ static void chat(struct client_state *csp) * */ -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Presetting SSL client and server flags */ @@ -3651,7 +3651,7 @@ static void chat(struct client_state *csp) csp->ip_addr_str, acceptable_connect_ports, csp->http->hostport); csp->action->flags |= ACTION_BLOCK; http->ssl = 0; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION http->client_ssl = 0; http->server_ssl = 0; #endif @@ -3668,7 +3668,7 @@ static void chat(struct client_state *csp) * response later. */ if ( -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION !client_use_ssl(csp) && #endif crunch_response_triggered(csp, crunchers_all)) @@ -3725,7 +3725,7 @@ static void chat(struct client_state *csp) mark_connection_closed(&csp->server_connection); } #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION if (http->ssl && !use_ssl_tunnel) { int ret; @@ -3824,7 +3824,7 @@ static void chat(struct client_state *csp) return; } -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Creating TLS/SSL connections with destination server or parent * proxy. If forwarding is enabled, we must send client request to @@ -3973,7 +3973,7 @@ static void chat(struct client_state *csp) } } }/* -END- if (http->ssl) */ -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ #ifdef FEATURE_CONNECTION_KEEP_ALIVE save_connection_destination(csp->server_connection.sfd, @@ -3991,7 +3991,7 @@ static void chat(struct client_state *csp) assert(csp->headers->last == NULL); } else if (http->ssl == 0 || (fwd->forward_host -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION && use_ssl_tunnel #endif )) @@ -4012,7 +4012,7 @@ static void chat(struct client_state *csp) * Using old solution with SSL tunnel or new solution with SSL proxy */ list_remove_all(csp->headers); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION if (use_ssl_tunnel) #endif { @@ -4027,7 +4027,7 @@ static void chat(struct client_state *csp) return; } } -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION else { /* @@ -4051,7 +4051,7 @@ static void chat(struct client_state *csp) return; } } -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ clear_iob(csp->client_iob); }/* -END- else ... if (http->ssl == 1) */ @@ -5637,7 +5637,7 @@ static void listen_loop(void) /* NOTREACHED unless FEATURE_GRACEFUL_TERMINATION is defined */ -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* Clean up. Aim: free all memory (no leaks) */ if (rng_seeded == 1) { diff --git a/loadcfg.c b/loadcfg.c index 31463db1..d7401521 100644 --- a/loadcfg.c +++ b/loadcfg.c @@ -278,7 +278,7 @@ static void unload_configfile (void * data) freez(config->usermanual); freez(config->trusted_cgi_referrer); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION freez(config->ca_password); freez(config->ca_directory); freez(config->ca_cert_file); @@ -584,7 +584,7 @@ struct configuration_spec * load_config(void) unsigned long linenum = 0; int i; char *logfile = NULL; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION char *ca_cert_file = NULL; char *ca_key_file = NULL; char *ca_directory = NULL; @@ -635,7 +635,7 @@ struct configuration_spec * load_config(void) config->usermanual = strdup_or_die(USER_MANUAL_URL); config->proxy_args = strdup_or_die(""); config->forwarded_connect_retries = 0; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION config->ca_password = strdup(""); ca_cert_file = strdup("cacert.crt"); ca_key_file = strdup("cakey.pem"); @@ -1733,7 +1733,7 @@ struct configuration_spec * load_config(void) config->usermanual = strdup_or_die(arg); break; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* ************************************************************************* * ca private key file password * *************************************************************************/ @@ -1986,7 +1986,7 @@ struct configuration_spec * load_config(void) } } -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Setting SSL parameters from loaded values into structures */ diff --git a/parsers.c b/parsers.c index 565b21ca..df2a3255 100644 --- a/parsers.c +++ b/parsers.c @@ -1185,7 +1185,7 @@ jb_err sed(struct client_state *csp, int filter_server_headers) } -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /********************************************************************* * * Function : sed_https @@ -1222,7 +1222,7 @@ jb_err sed_https(struct client_state *csp) return err; } -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ /********************************************************************* @@ -4532,7 +4532,7 @@ jb_err get_destination_from_headers(const struct list *headers, struct http_requ } -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /********************************************************************* * * Function : get_destination_from_https_headers @@ -4611,7 +4611,7 @@ jb_err get_destination_from_https_headers(const struct list *headers, struct htt return JB_ERR_OK; } -#endif /* def FEATURE_HTTPS_FILTERING */ +#endif /* def FEATURE_HTTPS_INSPECTION */ /********************************************************************* diff --git a/parsers.h b/parsers.h index 6f502a68..1869ea4a 100644 --- a/parsers.h +++ b/parsers.h @@ -56,13 +56,13 @@ extern jb_err decompress_iob(struct client_state *csp); extern char *get_header(struct iob *iob); extern char *get_header_value(const struct list *header_list, const char *header_name); extern jb_err sed(struct client_state *csp, int filter_server_headers); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION extern jb_err sed_https(struct client_state *csp); #endif extern jb_err update_server_headers(struct client_state *csp); extern void get_http_time(int time_offset, char *buf, size_t buffer_size); extern jb_err get_destination_from_headers(const struct list *headers, struct http_request *http); -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION extern jb_err get_destination_from_https_headers(const struct list *headers, struct http_request *http); #endif extern unsigned long long get_expected_content_length(struct list *headers); diff --git a/project.h b/project.h index c17a47e9..c0f69a8e 100644 --- a/project.h +++ b/project.h @@ -44,7 +44,7 @@ /* Needed for pcre choice */ #include "config.h" -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION #ifdef FEATURE_PTHREAD # include typedef pthread_mutex_t privoxy_mutex_t; @@ -287,7 +287,7 @@ struct map struct map_entry *last; }; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * Struct of attributes necessary for TLS/SSL connection */ @@ -337,7 +337,7 @@ struct http_request int dcount; /**< How many parts to this domain? (length of dvec) */ #endif /* ndef FEATURE_EXTENDED_HOST_PATTERNS */ -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION int client_ssl; /**< Flag if we should comunicate with slient over ssl */ int server_ssl; /**< Flag if we should comunicate with server over ssl */ unsigned char hash_of_host_hex[(HASH_OF_HOST_BUF_SIZE * 2) + 1]; /**< chars for hash in hex string and one for '\0' */ @@ -346,7 +346,7 @@ struct http_request }; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* * If this macro is defined, mutexes count for generating * private keys is changed from 65536 to 32. @@ -1020,7 +1020,7 @@ struct client_state /* XXX: should be renamed to server_iob */ struct iob iob[1]; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION mbedtls_connection_attr mbedtls_server_attr; /* attributes for connection to server */ mbedtls_connection_attr mbedtls_client_attr; /* attributes for connection to client */ #endif @@ -1037,7 +1037,7 @@ struct client_state /** List of all headers for this request */ struct list headers[1]; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /** List of all encrypted headers for this request */ struct list https_headers[1]; #endif @@ -1093,7 +1093,7 @@ struct client_state */ char *error_message; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /* Result of server certificate verification */ uint32_t server_cert_verification_result; @@ -1538,7 +1538,7 @@ struct configuration_spec /** Nonzero if we need to bind() to the new port. */ int need_bind; -#ifdef FEATURE_HTTPS_FILTERING +#ifdef FEATURE_HTTPS_INSPECTION /** Password for proxy ca file **/ char * ca_password; diff --git a/templates/show-status b/templates/show-status index c7844a79..425abbd5 100644 --- a/templates/show-status +++ b/templates/show-status @@ -309,8 +309,8 @@ Allows to shutdown Privoxy through the web interface. - FEATURE_HTTPS_FILTERING - @if-FEATURE_HTTPS_FILTERING-then@ Yes @else-not-FEATURE_HTTPS_FILTERING@ No @endif-FEATURE_HTTPS_FILTERING@ + FEATURE_HTTPS_INSPECTION + @if-FEATURE_HTTPS_INSPECTION-then@ Yes @else-not-FEATURE_HTTPS_INSPECTION@ No @endif-FEATURE_HTTPS_INSPECTION@ Allows to intercept and filter HTTPS traffic. -- 2.39.2