From d7473dbac685a5f8c36c35eba33ba5425fc514f4 Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Sun, 8 Jan 2017 11:50:11 +0100 Subject: [PATCH] Corrected mention of SSL-LISTEN and SSL-CONNECT in doc; more minor corrections --- CHANGES | 11 +++++++++-- doc/socat.yo | 13 +++++++------ socat.c | 2 +- sysutils.c | 1 - test.sh | 2 +- xio-openssl.c | 2 +- 6 files changed, 19 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index e565461..8603949 100644 --- a/CHANGES +++ b/CHANGES @@ -100,6 +100,13 @@ docu: Corrected source of socat man page to correctly show man references like socket(2); removed obseolete entries from See Also + Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT + that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL + are correct). + Thanks to Zhigang Wang for reporting this issue. + + More minor docu corrections + legal: Added contributors to copyright notices. Suggested by Matt Braithwaite. @@ -294,7 +301,7 @@ corrections: In xioshutdown() a wrong branch was chosen after RECVFROM type addresses. Probably no impact. - Thanks to David Binderman for reproting this issue. + Thanks to David Binderman for reporting this issue. procan could not cleanly format ulimit values longer than 16 decimal digits. Thanks to Frank Dana for providing a patch that increases field @@ -837,7 +844,7 @@ new features: range option supports form address:mask with IPv4 - changed behaviour of SSL-LISTEN to require and verify client + changed behaviour of OPENSSL-LISTEN to require and verify client certificate per default options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer diff --git a/doc/socat.yo b/doc/socat.yo index 792322c..8f722e1 100644 --- a/doc/socat.yo +++ b/doc/socat.yo @@ -1909,7 +1909,7 @@ COMMENT(label(OPTION_PEERCRED)dit(bf(tt(peercred))) This is a read-only socket option.) label(OPTION_REUSEPORT)dit(bf(tt(reuseport))) Set the code(SO_REUSEPORT) socket option. -COMMENT(label(OPTION_SECUTIYAUTHENTICATION)dit(bf(tt(securityauthentication))) +COMMENT(label(OPTION_SECURITYAUTHENTICATION)dit(bf(tt(securityauthentication))) Set the code(SO_SECURITY_AUTHENTICATION) socket option.) COMMENT(label(OPTION_SECURITYENCRYPTIONNETWORK)dit(bf(tt(securityencryptionnetwork))) Set the code(SO_SECURITY_ENCRYPTION_NETWORK) socket option.) @@ -2313,9 +2313,10 @@ label(OPTION_FORK)dit(bf(tt(fork))) After establishing a connection, handles its channel in a child process and keeps the parent process attempting to produce more connections, either by listening or by connecting in a loop (link(example)(EXAMPLE_OPTION_FORK)).nl() - SSL-CONNECT and SSL-LISTEN differ in when they actually fork off the child: -SSL-LISTEN forks em(before) the SSL handshake, while SSL-CONNECT forks -em(afterwards). + OPENSSL-CONNECT and OPENSSL-LISTEN differ in when they actually fork off the + child: + OPENSSL-LISTEN forks em(before) the SSL handshake, while OPENSSL-CONNECT + forks em(afterwards). RETRY and FOREVER options are not inherited by the child process.nl() On some operating systems (e.g. FreeBSD) this option does not work for UDP-LISTEN addresses.nl() @@ -3196,7 +3197,7 @@ The first address ('-') can be replaced by almost any other socat address. label(EXAMPLE_ADDRESS_OPENSSL_LISTEN) -dit(bf(tt(socat SSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE))) +dit(bf(tt(socat OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE))) is an OpenSSL server that accepts TCP connections, presents the certificate from the file server.pem and forces the client to present a certificate that is @@ -3465,7 +3466,7 @@ packet. dit(bf(SOCAT_IPV6_TCLASS) (output)) With all IPv6 based RECVFROM addresses where address option link(ipv6-recvtclass)(OPTION_IPV6_RECVTCLASS) is applied, -socat sets this variable to the transfer class of the received packet. +socat() sets this variable to the transfer class of the received packet. dit(bf(SOCAT_OPENSSL_X509_ISSUER) (output)) Issuer field from peer certificate diff --git a/socat.c b/socat.c index ace006d..e4f38fa 100644 --- a/socat.c +++ b/socat.c @@ -290,7 +290,7 @@ int main(int argc, const char *argv[]) { sigfillset(&act.sa_mask); act.sa_flags = 0; act.sa_handler = socat_signal; - /* not sure which signals should be cauhgt and print a message */ + /* not sure which signals should be caught and print a message */ Sigaction(SIGHUP, &act, NULL); Sigaction(SIGINT, &act, NULL); Sigaction(SIGQUIT, &act, NULL); diff --git a/sysutils.c b/sysutils.c index 1a977c2..a4ed08f 100644 --- a/sysutils.c +++ b/sysutils.c @@ -695,7 +695,6 @@ int _xiosetenv(const char *envname, const char *value, int overwrite, const char 0: keep old value 1: overwrite with new value 2: append to old value, separated by *sep -a non zero value of overwrite lets the old value be overwritten. returns 0 on success or <0 if an error occurred. */ int xiosetenv(const char *varname, const char *value, int overwrite, const char *sep) { # define XIO_ENVNAMELEN 256 diff --git a/test.sh b/test.sh index c146379..730b970 100755 --- a/test.sh +++ b/test.sh @@ -10943,7 +10943,7 @@ NAME=FILENAMEOVFL case "$TESTS" in *%$N%*|*%functions%*|*%bugs%*|*%security%*|*%openssl%*|*%$NAME%*) TEST="$NAME: stack overflow on overly long file name" -# provide a 600 bytes long key file option to SSL-CONNECT and check socats exit code +# provide a 600 bytes long key file option to OPENSSL-CONNECT and check socats exit code if ! eval $NUMCOND; then :; else tf="$td/test$N.stdout" te="$td/test$N.stderr" diff --git a/xio-openssl.c b/xio-openssl.c index c690ee4..e931983 100644 --- a/xio-openssl.c +++ b/xio-openssl.c @@ -1080,7 +1080,7 @@ cont_out: } } - /* set pre ssl-connect options */ + /* set pre openssl-connect options */ /* SSL_CIPHERS */ if (ci_str != NULL) { if (sycSSL_CTX_set_cipher_list(*ctx, ci_str) <= 0) {