Corrected mention of SSL-LISTEN and SSL-CONNECT in doc; more minor corrections

This commit is contained in:
Gerhard Rieger 2017-01-08 11:50:11 +01:00
parent a9f36eb7b7
commit d7473dbac6
6 changed files with 19 additions and 12 deletions

11
CHANGES
View file

@ -100,6 +100,13 @@ docu:
Corrected source of socat man page to correctly show man references Corrected source of socat man page to correctly show man references
like socket(2); removed obseolete entries from See Also like socket(2); removed obseolete entries from See Also
Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT
that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL
are correct).
Thanks to Zhigang Wang for reporting this issue.
More minor docu corrections
legal: legal:
Added contributors to copyright notices. Suggested by Matt Braithwaite. Added contributors to copyright notices. Suggested by Matt Braithwaite.
@ -294,7 +301,7 @@ corrections:
In xioshutdown() a wrong branch was chosen after RECVFROM type addresses. In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
Probably no impact. Probably no impact.
Thanks to David Binderman for reproting this issue. Thanks to David Binderman for reporting this issue.
procan could not cleanly format ulimit values longer than 16 decimal procan could not cleanly format ulimit values longer than 16 decimal
digits. Thanks to Frank Dana for providing a patch that increases field digits. Thanks to Frank Dana for providing a patch that increases field
@ -837,7 +844,7 @@ new features:
range option supports form address:mask with IPv4 range option supports form address:mask with IPv4
changed behaviour of SSL-LISTEN to require and verify client changed behaviour of OPENSSL-LISTEN to require and verify client
certificate per default certificate per default
options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer

View file

@ -1909,7 +1909,7 @@ COMMENT(label(OPTION_PEERCRED)dit(bf(tt(peercred)))
This is a read-only socket option.) This is a read-only socket option.)
label(OPTION_REUSEPORT)dit(bf(tt(reuseport))) label(OPTION_REUSEPORT)dit(bf(tt(reuseport)))
Set the code(SO_REUSEPORT) socket option. Set the code(SO_REUSEPORT) socket option.
COMMENT(label(OPTION_SECUTIYAUTHENTICATION)dit(bf(tt(securityauthentication))) COMMENT(label(OPTION_SECURITYAUTHENTICATION)dit(bf(tt(securityauthentication)))
Set the code(SO_SECURITY_AUTHENTICATION) socket option.) Set the code(SO_SECURITY_AUTHENTICATION) socket option.)
COMMENT(label(OPTION_SECURITYENCRYPTIONNETWORK)dit(bf(tt(securityencryptionnetwork))) COMMENT(label(OPTION_SECURITYENCRYPTIONNETWORK)dit(bf(tt(securityencryptionnetwork)))
Set the code(SO_SECURITY_ENCRYPTION_NETWORK) socket option.) Set the code(SO_SECURITY_ENCRYPTION_NETWORK) socket option.)
@ -2313,9 +2313,10 @@ label(OPTION_FORK)dit(bf(tt(fork)))
After establishing a connection, handles its channel in a child process and After establishing a connection, handles its channel in a child process and
keeps the parent process attempting to produce more connections, either by keeps the parent process attempting to produce more connections, either by
listening or by connecting in a loop (link(example)(EXAMPLE_OPTION_FORK)).nl() listening or by connecting in a loop (link(example)(EXAMPLE_OPTION_FORK)).nl()
SSL-CONNECT and SSL-LISTEN differ in when they actually fork off the child: OPENSSL-CONNECT and OPENSSL-LISTEN differ in when they actually fork off the
SSL-LISTEN forks em(before) the SSL handshake, while SSL-CONNECT forks child:
em(afterwards). OPENSSL-LISTEN forks em(before) the SSL handshake, while OPENSSL-CONNECT
forks em(afterwards).
RETRY and FOREVER options are not inherited by the child process.nl() RETRY and FOREVER options are not inherited by the child process.nl()
On some operating systems (e.g. FreeBSD) this option does not work for On some operating systems (e.g. FreeBSD) this option does not work for
UDP-LISTEN addresses.nl() UDP-LISTEN addresses.nl()
@ -3196,7 +3197,7 @@ The first address ('-') can be replaced by almost any other socat address.
label(EXAMPLE_ADDRESS_OPENSSL_LISTEN) label(EXAMPLE_ADDRESS_OPENSSL_LISTEN)
dit(bf(tt(socat SSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE))) dit(bf(tt(socat OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE)))
is an OpenSSL server that accepts TCP connections, presents the certificate is an OpenSSL server that accepts TCP connections, presents the certificate
from the file server.pem and forces the client to present a certificate that is from the file server.pem and forces the client to present a certificate that is
@ -3465,7 +3466,7 @@ packet.
dit(bf(SOCAT_IPV6_TCLASS) (output)) With all IPv6 based RECVFROM addresses dit(bf(SOCAT_IPV6_TCLASS) (output)) With all IPv6 based RECVFROM addresses
where address option link(ipv6-recvtclass)(OPTION_IPV6_RECVTCLASS) is applied, where address option link(ipv6-recvtclass)(OPTION_IPV6_RECVTCLASS) is applied,
socat sets this variable to the transfer class of the received packet. socat() sets this variable to the transfer class of the received packet.
dit(bf(SOCAT_OPENSSL_X509_ISSUER) (output)) Issuer field from peer certificate dit(bf(SOCAT_OPENSSL_X509_ISSUER) (output)) Issuer field from peer certificate

View file

@ -290,7 +290,7 @@ int main(int argc, const char *argv[]) {
sigfillset(&act.sa_mask); sigfillset(&act.sa_mask);
act.sa_flags = 0; act.sa_flags = 0;
act.sa_handler = socat_signal; act.sa_handler = socat_signal;
/* not sure which signals should be cauhgt and print a message */ /* not sure which signals should be caught and print a message */
Sigaction(SIGHUP, &act, NULL); Sigaction(SIGHUP, &act, NULL);
Sigaction(SIGINT, &act, NULL); Sigaction(SIGINT, &act, NULL);
Sigaction(SIGQUIT, &act, NULL); Sigaction(SIGQUIT, &act, NULL);

View file

@ -695,7 +695,6 @@ int _xiosetenv(const char *envname, const char *value, int overwrite, const char
0: keep old value 0: keep old value
1: overwrite with new value 1: overwrite with new value
2: append to old value, separated by *sep 2: append to old value, separated by *sep
a non zero value of overwrite lets the old value be overwritten.
returns 0 on success or <0 if an error occurred. */ returns 0 on success or <0 if an error occurred. */
int xiosetenv(const char *varname, const char *value, int overwrite, const char *sep) { int xiosetenv(const char *varname, const char *value, int overwrite, const char *sep) {
# define XIO_ENVNAMELEN 256 # define XIO_ENVNAMELEN 256

View file

@ -10943,7 +10943,7 @@ NAME=FILENAMEOVFL
case "$TESTS" in case "$TESTS" in
*%$N%*|*%functions%*|*%bugs%*|*%security%*|*%openssl%*|*%$NAME%*) *%$N%*|*%functions%*|*%bugs%*|*%security%*|*%openssl%*|*%$NAME%*)
TEST="$NAME: stack overflow on overly long file name" TEST="$NAME: stack overflow on overly long file name"
# provide a 600 bytes long key file option to SSL-CONNECT and check socats exit code # provide a 600 bytes long key file option to OPENSSL-CONNECT and check socats exit code
if ! eval $NUMCOND; then :; else if ! eval $NUMCOND; then :; else
tf="$td/test$N.stdout" tf="$td/test$N.stdout"
te="$td/test$N.stderr" te="$td/test$N.stderr"

View file

@ -1080,7 +1080,7 @@ cont_out:
} }
} }
/* set pre ssl-connect options */ /* set pre openssl-connect options */
/* SSL_CIPHERS */ /* SSL_CIPHERS */
if (ci_str != NULL) { if (ci_str != NULL) {
if (sycSSL_CTX_set_cipher_list(*ctx, ci_str) <= 0) { if (sycSSL_CTX_set_cipher_list(*ctx, ci_str) <= 0) {