X-Git-Url: http://www.privoxy.org/gitweb/misc.html?a=blobdiff_plain;f=project.h;h=6aaefd74d7bdda36f2f7f4df34df286901892dd8;hb=fa9d00715c824a1db96c3e6dea5418f159326873;hp=6821aa035027d74fb26f1bbdf25138a276b5251c;hpb=1d7bf8e704652f1b12a6e396ed787f11f013898e;p=privoxy.git
diff --git a/project.h b/project.h
index 6821aa03..6aaefd74 100644
--- a/project.h
+++ b/project.h
@@ -8,7 +8,7 @@
* project. Does not define any variables or functions
* (though it does declare some macros).
*
- * Copyright : Written by and Copyright (C) 2001-2014 the
+ * Copyright : Written by and Copyright (C) 2001-2021 the
* Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
@@ -49,21 +49,10 @@
* Macros for SSL structures
*/
#define CERT_INFO_BUF_SIZE 4096
-#define CERT_FILE_BUF_SIZE 16384
#define ISSUER_NAME_BUF_SIZE 2048
#define HASH_OF_HOST_BUF_SIZE 16
#endif /* FEATURE_HTTPS_INSPECTION */
-#ifdef FEATURE_PTHREAD
-# include
- typedef pthread_mutex_t privoxy_mutex_t;
-#else
-# ifdef _WIN32
-# include
-# endif
- typedef CRITICAL_SECTION privoxy_mutex_t;
-#endif
-
#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS
#include "mbedtls/net_sockets.h"
#include "mbedtls/entropy.h"
@@ -75,11 +64,25 @@
#endif /* FEATURE_HTTPS_INSPECTION_MBEDTLS */
#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL
+#ifdef _WIN32
+#include
+#include
+#include
+#include
+#include
+#undef X509_NAME
+#undef X509_EXTENSIONS
+#endif
#include
#include
#include
#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */
+#ifdef FEATURE_HTTPS_INSPECTION_WOLFSSL
+#include
+#include
+#endif /* FEATURE_HTTPS_INSPECTION_WOLFSSL */
+
/* Need for struct sockaddr_storage */
#ifdef HAVE_RFC2553
# ifndef _WIN32
@@ -100,12 +103,38 @@
*/
#ifdef STATIC_PCRE
+#ifdef HAVE_PCRE2
+# include "pcre2.h"
+# include "pcre2posix.h"
+#else
# include "pcre.h"
+# include "pcreposix.h"
+#endif
#else
-# ifdef PCRE_H_IN_SUBDIR
-# include
+# ifdef HAVE_PCRE2
+# ifdef PCRE2_H_IN_SUBDIR
+# define PCRE2_CODE_UNIT_WIDTH 8
+# include
+# else
+# define PCRE2_CODE_UNIT_WIDTH 8
+# include
+# endif
+# ifdef PCRE2POSIX_H_IN_SUBDIR
+# include
+# else
+# include
+# endif
# else
-# include
+# ifdef PCRE_H_IN_SUBDIR
+# include
+# else
+# include
+# endif
+# ifdef PCREPOSIX_H_IN_SUBDIR
+# include
+# else
+# include
+# endif
# endif
#endif
@@ -115,16 +144,6 @@
# include
#endif
-#ifdef STATIC_PCRE
-# include "pcreposix.h"
-#else
-# ifdef PCRE_H_IN_SUBDIR
-# include
-# else
-# include
-# endif
-#endif
-
#ifdef _WIN32
/*
* I don't want to have to #include all this just for the declaration
@@ -306,6 +325,7 @@ typedef struct {
mbedtls_x509_crt server_cert;
mbedtls_x509_crt ca_cert;
mbedtls_pk_context prim_key;
+ int *ciphersuites_list;
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context cache;
@@ -318,10 +338,21 @@ typedef struct {
* Struct of attributes necessary for TLS/SSL connection
*/
typedef struct {
- SSL_CTX* ctx;
+ SSL_CTX *ctx;
BIO *bio;
} openssl_connection_attr;
#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */
+
+#ifdef FEATURE_HTTPS_INSPECTION_WOLFSSL
+/*
+ * Struct of attributes necessary for TLS/SSL connection
+ */
+typedef struct {
+ WOLFSSL_CTX *ctx;
+ WOLFSSL *ssl;
+} wolfssl_connection_attr;
+#endif /* def FEATURE_HTTPS_INSPECTION_WOLFSSL */
+
/**
* A HTTP request. This includes the method (GET, POST) and
* the parsed URL.
@@ -339,11 +370,10 @@ struct http_request
char *version; /**< Protocol version */
int status; /**< HTTP Status */
- char *host; /**< Host part of URL */
int port; /**< Port of URL or 80 (default) */
+ char *host; /**< Host part of URL */
char *path; /**< Path of URL */
char *hostport; /**< host[:port] */
- int ssl; /**< Flag if protocol is https */
char *host_ip_addr_str; /**< String with dotted decimal representation
of host's IP. NULL before connect_to() */
@@ -358,6 +388,7 @@ struct http_request
unsigned char hash_of_host_hex[(HASH_OF_HOST_BUF_SIZE * 2) + 1]; /**< chars for hash in hex string and one for '\0' */
unsigned char hash_of_host[HASH_OF_HOST_BUF_SIZE+1]; /**< chars for bytes of hash and one for '\0' */
#endif
+ short int ssl; /**< Flag if protocol is https */
};
@@ -367,7 +398,7 @@ struct http_request
*/
typedef struct certs_chain {
char info_buf[CERT_INFO_BUF_SIZE]; /* text info about properties of certificate */
- char file_buf[CERT_FILE_BUF_SIZE]; /* buffer for whole certificate - format to save in file */
+ char *file_buf; /* buffer for whole certificate - format to save in file */
struct certs_chain *next; /* next certificate in chain of trust */
} certs_chain_t;
#endif
@@ -409,20 +440,26 @@ struct http_response
enum crunch_reason crunch_reason; /**< Why the response was generated in the first place. */
};
+#ifdef HAVE_PCRE2
+#define REGEX_TYPE pcre2_code
+#else
+#define REGEX_TYPE regex_t
+#endif
+
struct url_spec
{
#ifdef FEATURE_PCRE_HOST_PATTERNS
- regex_t *host_regex;/**< Regex for host matching */
+ REGEX_TYPE *host_regex;/**< Regex for host matching */
enum host_regex_type { VANILLA_HOST_PATTERN, PCRE_HOST_PATTERN } host_regex_type;
#endif /* defined FEATURE_PCRE_HOST_PATTERNS */
+ int dcount; /**< How many parts to this domain? (length of dvec) */
char *dbuffer; /**< Buffer with '\0'-delimited domain name, or NULL to match all hosts. */
char **dvec; /**< List of pointers to the strings in dbuffer. */
- int dcount; /**< How many parts to this domain? (length of dvec) */
int unanchored; /**< Bitmap - flags are ANCHOR_LEFT and ANCHOR_RIGHT. */
char *port_list; /**< List of acceptable ports, or NULL to match all ports */
- regex_t *preg; /**< Regex for matching path part */
+ REGEX_TYPE *preg; /**< Regex for matching path part */
};
/**
@@ -437,7 +474,7 @@ struct pattern_spec
union
{
struct url_spec url_spec;
- regex_t *tag_regex;
+ REGEX_TYPE *tag_regex;
} pattern;
unsigned int flags; /**< Bitmap with various pattern properties. */
@@ -643,8 +680,14 @@ struct iob
#define ACTION_MULTI_SERVER_HEADER_TAGGER 5
/** Number of multi-string actions. */
#define ACTION_MULTI_EXTERNAL_FILTER 6
+/** Index into current_action_spec::multi[] for tags to suppress. */
+#define ACTION_MULTI_SUPPRESS_TAG 7
+/** Index into current_action_spec::multi[] for client body filters to apply. */
+#define ACTION_MULTI_CLIENT_BODY_FILTER 8
+/** Index into current_action_spec::multi[] for client body taggers to apply. */
+#define ACTION_MULTI_CLIENT_BODY_TAGGER 9
/** Number of multi-string actions. */
-#define ACTION_MULTI_COUNT 7
+#define ACTION_MULTI_COUNT 10
/**
@@ -764,10 +807,14 @@ struct reusable_connection
char *host;
int port;
enum forwarder_type forwarder_type;
- char *gateway_host;
- int gateway_port;
char *forward_host;
int forward_port;
+
+ int gateway_port;
+ char *gateway_host;
+ char *auth_username;
+ char *auth_password;
+
};
@@ -977,6 +1024,9 @@ struct ssl_attr {
#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL
openssl_connection_attr openssl_attr; /* OpenSSL atrrs */
#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */
+#ifdef FEATURE_HTTPS_INSPECTION_WOLFSSL
+ wolfssl_connection_attr wolfssl_attr; /* wolfSSL atrrs */
+#endif /* FEATURE_HTTPS_INSPECTION_WOLFSSL */
};
/**
* The state of a Privoxy processing thread.
@@ -1001,6 +1051,9 @@ struct client_state
/** Multi-purpose flag container, see CSP_FLAG_* above */
unsigned int flags;
+ /** MIME-Type key, see CT_* above */
+ unsigned int content_type;
+
/** Client PC's IP address, as reported by the accept() function.
As a string. */
char *ip_addr_str;
@@ -1066,9 +1119,6 @@ struct client_state
char *client_address;
#endif
- /** MIME-Type key, see CT_* above */
- unsigned int content_type;
-
/** Actions files associated with this client */
struct file_list *actions_list[MAX_AF_FILES];
@@ -1118,7 +1168,7 @@ struct client_state
#define SSL_CERT_NOT_VERIFIED 0xFFFFFFFF
uint32_t server_cert_verification_result;
#endif /* FEATURE_HTTPS_INSPECTION_MBEDTLS */
-#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL
+#if defined(FEATURE_HTTPS_INSPECTION_OPENSSL) || defined(FEATURE_HTTPS_INSPECTION_WOLFSSL)
#define SSL_CERT_NOT_VERIFIED ~0L
long server_cert_verification_result;
#endif /* FEATURE_HTTPS_INSPECTION_OPENSSL */
@@ -1131,8 +1181,8 @@ struct client_state
* Thanks to this flags, we can call function to close both connections
* and we don't have to care about more details.
*/
- int ssl_with_server_is_opened;
- int ssl_with_client_is_opened;
+ short int ssl_with_server_is_opened;
+ short int ssl_with_client_is_opened;
/*
* Server certificate chain of trust including strings with certificates
@@ -1260,12 +1310,12 @@ struct forward_spec
/** Connection type. Must be SOCKS_NONE, SOCKS_4, SOCKS_4A or SOCKS_5. */
enum forwarder_type type;
- /** SOCKS server hostname. Only valid if "type" is SOCKS_4 or SOCKS_4A. */
- char *gateway_host;
-
/** SOCKS server port. */
int gateway_port;
+ /** SOCKS server hostname. Only valid if "type" is SOCKS_4 or SOCKS_4A. */
+ char *gateway_host;
+
/** SOCKS5 username. */
char *auth_username;
@@ -1291,16 +1341,20 @@ enum filter_type
FT_SERVER_HEADER_FILTER = 2,
FT_CLIENT_HEADER_TAGGER = 3,
FT_SERVER_HEADER_TAGGER = 4,
+ FT_SUPPRESS_TAG = 5,
+ FT_CLIENT_BODY_FILTER = 6,
+ FT_CLIENT_BODY_TAGGER = 7,
+ FT_ADD_HEADER = 8,
#ifdef FEATURE_EXTERNAL_FILTERS
- FT_EXTERNAL_CONTENT_FILTER = 5,
+ FT_EXTERNAL_CONTENT_FILTER = 9,
#endif
FT_INVALID_FILTER = 42,
};
#ifdef FEATURE_EXTERNAL_FILTERS
-#define MAX_FILTER_TYPES 6
+#define MAX_FILTER_TYPES 10
#else
-#define MAX_FILTER_TYPES 5
+#define MAX_FILTER_TYPES 9
#endif
/**
@@ -1352,7 +1406,7 @@ struct access_control_list
struct access_control_addr src[1]; /**< Client IP address */
struct access_control_addr dst[1]; /**< Website or parent proxy IP address */
#ifdef HAVE_RFC2553
- int wildcard_dst; /** < dst address is wildcard */
+ short wildcard_dst; /** < dst address is wildcard */
#endif
short action; /**< ACL_PERMIT or ACL_DENY */
@@ -1430,6 +1484,9 @@ struct configuration_spec
/** Bitmask of features that can be controlled through the config file. */
unsigned feature_flags;
+ /** Nonzero if we need to bind() to the new port. */
+ int need_bind;
+
/** The log file name. */
const char *logfile;
@@ -1561,27 +1618,27 @@ struct configuration_spec
/** List of loaders */
int (*loaders[NLOADERS])(struct client_state *);
- /** Nonzero if we need to bind() to the new port. */
- int need_bind;
-
#ifdef FEATURE_HTTPS_INSPECTION
/** Password for proxy ca file **/
- char * ca_password;
+ char *ca_password;
/** Directory with files of ca **/
char *ca_directory;
/** Filename of ca certificate **/
- char * ca_cert_file;
+ char *ca_cert_file;
/** Filename of ca key **/
- char * ca_key_file;
+ char *ca_key_file;
/** Directory for saving certificates and keys for each webpage **/
char *certificate_directory;
+ /** Cipher list to use **/
+ char *cipher_list;
+
/** Filename of trusted CAs certificates **/
- char * trusted_cas_file;
+ char *trusted_cas_file;
#endif
};
@@ -1633,8 +1690,13 @@ struct configuration_spec
* The prefix for CGI pages. Written out in generated HTML.
* INCLUDES the trailing slash.
*/
+#ifdef FEATURE_HTTPS_INSPECTION
+#define CGI_PREFIX "//" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
+#define CGI_PREFIX_HTTPS "https:" CGI_PREFIX
+#else
#define CGI_PREFIX "http://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
-#define CGI_PREFIX_HTTPS "https://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
+#endif
+#define CGI_PREFIX_HTTP "http://" CGI_SITE_2_HOST CGI_SITE_2_PATH "/"
#endif /* ndef PROJECT_H_INCLUDED */