mirror of
https://repo.or.cz/socat.git
synced 2024-12-22 23:42:34 +00:00
Corrected mention of SSL-LISTEN and SSL-CONNECT in doc; more minor corrections
This commit is contained in:
parent
a9f36eb7b7
commit
d7473dbac6
6 changed files with 19 additions and 12 deletions
11
CHANGES
11
CHANGES
|
@ -100,6 +100,13 @@ docu:
|
||||||
Corrected source of socat man page to correctly show man references
|
Corrected source of socat man page to correctly show man references
|
||||||
like socket(2); removed obseolete entries from See Also
|
like socket(2); removed obseolete entries from See Also
|
||||||
|
|
||||||
|
Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT
|
||||||
|
that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL
|
||||||
|
are correct).
|
||||||
|
Thanks to Zhigang Wang for reporting this issue.
|
||||||
|
|
||||||
|
More minor docu corrections
|
||||||
|
|
||||||
legal:
|
legal:
|
||||||
Added contributors to copyright notices. Suggested by Matt Braithwaite.
|
Added contributors to copyright notices. Suggested by Matt Braithwaite.
|
||||||
|
|
||||||
|
@ -294,7 +301,7 @@ corrections:
|
||||||
|
|
||||||
In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
|
In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
|
||||||
Probably no impact.
|
Probably no impact.
|
||||||
Thanks to David Binderman for reproting this issue.
|
Thanks to David Binderman for reporting this issue.
|
||||||
|
|
||||||
procan could not cleanly format ulimit values longer than 16 decimal
|
procan could not cleanly format ulimit values longer than 16 decimal
|
||||||
digits. Thanks to Frank Dana for providing a patch that increases field
|
digits. Thanks to Frank Dana for providing a patch that increases field
|
||||||
|
@ -837,7 +844,7 @@ new features:
|
||||||
|
|
||||||
range option supports form address:mask with IPv4
|
range option supports form address:mask with IPv4
|
||||||
|
|
||||||
changed behaviour of SSL-LISTEN to require and verify client
|
changed behaviour of OPENSSL-LISTEN to require and verify client
|
||||||
certificate per default
|
certificate per default
|
||||||
|
|
||||||
options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
|
options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
|
||||||
|
|
13
doc/socat.yo
13
doc/socat.yo
|
@ -1909,7 +1909,7 @@ COMMENT(label(OPTION_PEERCRED)dit(bf(tt(peercred)))
|
||||||
This is a read-only socket option.)
|
This is a read-only socket option.)
|
||||||
label(OPTION_REUSEPORT)dit(bf(tt(reuseport)))
|
label(OPTION_REUSEPORT)dit(bf(tt(reuseport)))
|
||||||
Set the code(SO_REUSEPORT) socket option.
|
Set the code(SO_REUSEPORT) socket option.
|
||||||
COMMENT(label(OPTION_SECUTIYAUTHENTICATION)dit(bf(tt(securityauthentication)))
|
COMMENT(label(OPTION_SECURITYAUTHENTICATION)dit(bf(tt(securityauthentication)))
|
||||||
Set the code(SO_SECURITY_AUTHENTICATION) socket option.)
|
Set the code(SO_SECURITY_AUTHENTICATION) socket option.)
|
||||||
COMMENT(label(OPTION_SECURITYENCRYPTIONNETWORK)dit(bf(tt(securityencryptionnetwork)))
|
COMMENT(label(OPTION_SECURITYENCRYPTIONNETWORK)dit(bf(tt(securityencryptionnetwork)))
|
||||||
Set the code(SO_SECURITY_ENCRYPTION_NETWORK) socket option.)
|
Set the code(SO_SECURITY_ENCRYPTION_NETWORK) socket option.)
|
||||||
|
@ -2313,9 +2313,10 @@ label(OPTION_FORK)dit(bf(tt(fork)))
|
||||||
After establishing a connection, handles its channel in a child process and
|
After establishing a connection, handles its channel in a child process and
|
||||||
keeps the parent process attempting to produce more connections, either by
|
keeps the parent process attempting to produce more connections, either by
|
||||||
listening or by connecting in a loop (link(example)(EXAMPLE_OPTION_FORK)).nl()
|
listening or by connecting in a loop (link(example)(EXAMPLE_OPTION_FORK)).nl()
|
||||||
SSL-CONNECT and SSL-LISTEN differ in when they actually fork off the child:
|
OPENSSL-CONNECT and OPENSSL-LISTEN differ in when they actually fork off the
|
||||||
SSL-LISTEN forks em(before) the SSL handshake, while SSL-CONNECT forks
|
child:
|
||||||
em(afterwards).
|
OPENSSL-LISTEN forks em(before) the SSL handshake, while OPENSSL-CONNECT
|
||||||
|
forks em(afterwards).
|
||||||
RETRY and FOREVER options are not inherited by the child process.nl()
|
RETRY and FOREVER options are not inherited by the child process.nl()
|
||||||
On some operating systems (e.g. FreeBSD) this option does not work for
|
On some operating systems (e.g. FreeBSD) this option does not work for
|
||||||
UDP-LISTEN addresses.nl()
|
UDP-LISTEN addresses.nl()
|
||||||
|
@ -3196,7 +3197,7 @@ The first address ('-') can be replaced by almost any other socat address.
|
||||||
|
|
||||||
|
|
||||||
label(EXAMPLE_ADDRESS_OPENSSL_LISTEN)
|
label(EXAMPLE_ADDRESS_OPENSSL_LISTEN)
|
||||||
dit(bf(tt(socat SSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE)))
|
dit(bf(tt(socat OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE)))
|
||||||
|
|
||||||
is an OpenSSL server that accepts TCP connections, presents the certificate
|
is an OpenSSL server that accepts TCP connections, presents the certificate
|
||||||
from the file server.pem and forces the client to present a certificate that is
|
from the file server.pem and forces the client to present a certificate that is
|
||||||
|
@ -3465,7 +3466,7 @@ packet.
|
||||||
|
|
||||||
dit(bf(SOCAT_IPV6_TCLASS) (output)) With all IPv6 based RECVFROM addresses
|
dit(bf(SOCAT_IPV6_TCLASS) (output)) With all IPv6 based RECVFROM addresses
|
||||||
where address option link(ipv6-recvtclass)(OPTION_IPV6_RECVTCLASS) is applied,
|
where address option link(ipv6-recvtclass)(OPTION_IPV6_RECVTCLASS) is applied,
|
||||||
socat sets this variable to the transfer class of the received packet.
|
socat() sets this variable to the transfer class of the received packet.
|
||||||
|
|
||||||
dit(bf(SOCAT_OPENSSL_X509_ISSUER) (output)) Issuer field from peer certificate
|
dit(bf(SOCAT_OPENSSL_X509_ISSUER) (output)) Issuer field from peer certificate
|
||||||
|
|
||||||
|
|
2
socat.c
2
socat.c
|
@ -290,7 +290,7 @@ int main(int argc, const char *argv[]) {
|
||||||
sigfillset(&act.sa_mask);
|
sigfillset(&act.sa_mask);
|
||||||
act.sa_flags = 0;
|
act.sa_flags = 0;
|
||||||
act.sa_handler = socat_signal;
|
act.sa_handler = socat_signal;
|
||||||
/* not sure which signals should be cauhgt and print a message */
|
/* not sure which signals should be caught and print a message */
|
||||||
Sigaction(SIGHUP, &act, NULL);
|
Sigaction(SIGHUP, &act, NULL);
|
||||||
Sigaction(SIGINT, &act, NULL);
|
Sigaction(SIGINT, &act, NULL);
|
||||||
Sigaction(SIGQUIT, &act, NULL);
|
Sigaction(SIGQUIT, &act, NULL);
|
||||||
|
|
|
@ -695,7 +695,6 @@ int _xiosetenv(const char *envname, const char *value, int overwrite, const char
|
||||||
0: keep old value
|
0: keep old value
|
||||||
1: overwrite with new value
|
1: overwrite with new value
|
||||||
2: append to old value, separated by *sep
|
2: append to old value, separated by *sep
|
||||||
a non zero value of overwrite lets the old value be overwritten.
|
|
||||||
returns 0 on success or <0 if an error occurred. */
|
returns 0 on success or <0 if an error occurred. */
|
||||||
int xiosetenv(const char *varname, const char *value, int overwrite, const char *sep) {
|
int xiosetenv(const char *varname, const char *value, int overwrite, const char *sep) {
|
||||||
# define XIO_ENVNAMELEN 256
|
# define XIO_ENVNAMELEN 256
|
||||||
|
|
2
test.sh
2
test.sh
|
@ -10943,7 +10943,7 @@ NAME=FILENAMEOVFL
|
||||||
case "$TESTS" in
|
case "$TESTS" in
|
||||||
*%$N%*|*%functions%*|*%bugs%*|*%security%*|*%openssl%*|*%$NAME%*)
|
*%$N%*|*%functions%*|*%bugs%*|*%security%*|*%openssl%*|*%$NAME%*)
|
||||||
TEST="$NAME: stack overflow on overly long file name"
|
TEST="$NAME: stack overflow on overly long file name"
|
||||||
# provide a 600 bytes long key file option to SSL-CONNECT and check socats exit code
|
# provide a 600 bytes long key file option to OPENSSL-CONNECT and check socats exit code
|
||||||
if ! eval $NUMCOND; then :; else
|
if ! eval $NUMCOND; then :; else
|
||||||
tf="$td/test$N.stdout"
|
tf="$td/test$N.stdout"
|
||||||
te="$td/test$N.stderr"
|
te="$td/test$N.stderr"
|
||||||
|
|
|
@ -1080,7 +1080,7 @@ cont_out:
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* set pre ssl-connect options */
|
/* set pre openssl-connect options */
|
||||||
/* SSL_CIPHERS */
|
/* SSL_CIPHERS */
|
||||||
if (ci_str != NULL) {
|
if (ci_str != NULL) {
|
||||||
if (sycSSL_CTX_set_cipher_list(*ctx, ci_str) <= 0) {
|
if (sycSSL_CTX_set_cipher_list(*ctx, ci_str) <= 0) {
|
||||||
|
|
Loading…
Reference in a new issue