mirror of
https://repo.or.cz/socat.git
synced 2025-01-08 22:12:33 +00:00
Corrected mention of SSL-LISTEN and SSL-CONNECT in doc; more minor corrections
This commit is contained in:
parent
a9f36eb7b7
commit
d7473dbac6
6 changed files with 19 additions and 12 deletions
11
CHANGES
11
CHANGES
|
@ -100,6 +100,13 @@ docu:
|
|||
Corrected source of socat man page to correctly show man references
|
||||
like socket(2); removed obseolete entries from See Also
|
||||
|
||||
Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT
|
||||
that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL
|
||||
are correct).
|
||||
Thanks to Zhigang Wang for reporting this issue.
|
||||
|
||||
More minor docu corrections
|
||||
|
||||
legal:
|
||||
Added contributors to copyright notices. Suggested by Matt Braithwaite.
|
||||
|
||||
|
@ -294,7 +301,7 @@ corrections:
|
|||
|
||||
In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
|
||||
Probably no impact.
|
||||
Thanks to David Binderman for reproting this issue.
|
||||
Thanks to David Binderman for reporting this issue.
|
||||
|
||||
procan could not cleanly format ulimit values longer than 16 decimal
|
||||
digits. Thanks to Frank Dana for providing a patch that increases field
|
||||
|
@ -837,7 +844,7 @@ new features:
|
|||
|
||||
range option supports form address:mask with IPv4
|
||||
|
||||
changed behaviour of SSL-LISTEN to require and verify client
|
||||
changed behaviour of OPENSSL-LISTEN to require and verify client
|
||||
certificate per default
|
||||
|
||||
options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
|
||||
|
|
13
doc/socat.yo
13
doc/socat.yo
|
@ -1909,7 +1909,7 @@ COMMENT(label(OPTION_PEERCRED)dit(bf(tt(peercred)))
|
|||
This is a read-only socket option.)
|
||||
label(OPTION_REUSEPORT)dit(bf(tt(reuseport)))
|
||||
Set the code(SO_REUSEPORT) socket option.
|
||||
COMMENT(label(OPTION_SECUTIYAUTHENTICATION)dit(bf(tt(securityauthentication)))
|
||||
COMMENT(label(OPTION_SECURITYAUTHENTICATION)dit(bf(tt(securityauthentication)))
|
||||
Set the code(SO_SECURITY_AUTHENTICATION) socket option.)
|
||||
COMMENT(label(OPTION_SECURITYENCRYPTIONNETWORK)dit(bf(tt(securityencryptionnetwork)))
|
||||
Set the code(SO_SECURITY_ENCRYPTION_NETWORK) socket option.)
|
||||
|
@ -2313,9 +2313,10 @@ label(OPTION_FORK)dit(bf(tt(fork)))
|
|||
After establishing a connection, handles its channel in a child process and
|
||||
keeps the parent process attempting to produce more connections, either by
|
||||
listening or by connecting in a loop (link(example)(EXAMPLE_OPTION_FORK)).nl()
|
||||
SSL-CONNECT and SSL-LISTEN differ in when they actually fork off the child:
|
||||
SSL-LISTEN forks em(before) the SSL handshake, while SSL-CONNECT forks
|
||||
em(afterwards).
|
||||
OPENSSL-CONNECT and OPENSSL-LISTEN differ in when they actually fork off the
|
||||
child:
|
||||
OPENSSL-LISTEN forks em(before) the SSL handshake, while OPENSSL-CONNECT
|
||||
forks em(afterwards).
|
||||
RETRY and FOREVER options are not inherited by the child process.nl()
|
||||
On some operating systems (e.g. FreeBSD) this option does not work for
|
||||
UDP-LISTEN addresses.nl()
|
||||
|
@ -3196,7 +3197,7 @@ The first address ('-') can be replaced by almost any other socat address.
|
|||
|
||||
|
||||
label(EXAMPLE_ADDRESS_OPENSSL_LISTEN)
|
||||
dit(bf(tt(socat SSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE)))
|
||||
dit(bf(tt(socat OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE)))
|
||||
|
||||
is an OpenSSL server that accepts TCP connections, presents the certificate
|
||||
from the file server.pem and forces the client to present a certificate that is
|
||||
|
@ -3465,7 +3466,7 @@ packet.
|
|||
|
||||
dit(bf(SOCAT_IPV6_TCLASS) (output)) With all IPv6 based RECVFROM addresses
|
||||
where address option link(ipv6-recvtclass)(OPTION_IPV6_RECVTCLASS) is applied,
|
||||
socat sets this variable to the transfer class of the received packet.
|
||||
socat() sets this variable to the transfer class of the received packet.
|
||||
|
||||
dit(bf(SOCAT_OPENSSL_X509_ISSUER) (output)) Issuer field from peer certificate
|
||||
|
||||
|
|
2
socat.c
2
socat.c
|
@ -290,7 +290,7 @@ int main(int argc, const char *argv[]) {
|
|||
sigfillset(&act.sa_mask);
|
||||
act.sa_flags = 0;
|
||||
act.sa_handler = socat_signal;
|
||||
/* not sure which signals should be cauhgt and print a message */
|
||||
/* not sure which signals should be caught and print a message */
|
||||
Sigaction(SIGHUP, &act, NULL);
|
||||
Sigaction(SIGINT, &act, NULL);
|
||||
Sigaction(SIGQUIT, &act, NULL);
|
||||
|
|
|
@ -695,7 +695,6 @@ int _xiosetenv(const char *envname, const char *value, int overwrite, const char
|
|||
0: keep old value
|
||||
1: overwrite with new value
|
||||
2: append to old value, separated by *sep
|
||||
a non zero value of overwrite lets the old value be overwritten.
|
||||
returns 0 on success or <0 if an error occurred. */
|
||||
int xiosetenv(const char *varname, const char *value, int overwrite, const char *sep) {
|
||||
# define XIO_ENVNAMELEN 256
|
||||
|
|
2
test.sh
2
test.sh
|
@ -10943,7 +10943,7 @@ NAME=FILENAMEOVFL
|
|||
case "$TESTS" in
|
||||
*%$N%*|*%functions%*|*%bugs%*|*%security%*|*%openssl%*|*%$NAME%*)
|
||||
TEST="$NAME: stack overflow on overly long file name"
|
||||
# provide a 600 bytes long key file option to SSL-CONNECT and check socats exit code
|
||||
# provide a 600 bytes long key file option to OPENSSL-CONNECT and check socats exit code
|
||||
if ! eval $NUMCOND; then :; else
|
||||
tf="$td/test$N.stdout"
|
||||
te="$td/test$N.stderr"
|
||||
|
|
|
@ -1080,7 +1080,7 @@ cont_out:
|
|||
}
|
||||
}
|
||||
|
||||
/* set pre ssl-connect options */
|
||||
/* set pre openssl-connect options */
|
||||
/* SSL_CIPHERS */
|
||||
if (ci_str != NULL) {
|
||||
if (sycSSL_CTX_set_cipher_list(*ctx, ci_str) <= 0) {
|
||||
|
|
Loading…
Reference in a new issue