Gerhard Rieger
|
1477334905
|
OpenSSL server could be crashed by client cert with IPv6 address in SubjectAltname
|
2021-10-31 11:30:14 +01:00 |
|
Gerhard Rieger
|
e78e911cbb
|
Solve a problem with overlapping socket and openssl parameters
|
2021-10-31 10:28:41 +01:00 |
|
Gerhard Rieger
|
ff51262e78
|
Fixed in test.sh a few issues reported by shellcheck
|
2021-10-31 10:21:28 +01:00 |
|
Gerhard Rieger
|
dc7afeb0f5
|
Prevent the TIMESTAMP tests from sporadically failing due do seconds overflow
|
2021-10-31 10:18:50 +01:00 |
|
Gerhard Rieger
|
6b9736472c
|
OpenSSL file transfer failed
|
2021-01-10 13:44:58 +01:00 |
|
Gerhard Rieger
|
45ad4018b0
|
More corrections to recent changes and from systematic tests
|
2021-01-03 16:56:50 +01:00 |
|
Gerhard Rieger
|
87935b7089
|
Some test.sh corrections
|
2021-01-01 18:27:37 +01:00 |
|
Gerhard Rieger
|
1502f0cdcb
|
Added VSOCK stream addresses
|
2020-12-31 15:34:56 +01:00 |
|
Gerhard Rieger
|
1c7ddfef73
|
Option proxy-authorization-file
|
2020-12-31 15:26:14 +01:00 |
|
Gerhard Rieger
|
50bdb453dd
|
UDP-DATAGRAM no longer checks peerport by default
|
2020-12-31 15:22:40 +01:00 |
|
Gerhard Rieger
|
13ac417410
|
Option accept-timeout (listen-timeout)
|
2020-12-31 15:00:13 +01:00 |
|
Gerhard Rieger
|
aa2b9c00b2
|
Added SNI support to OPENSSL-CONNECT, with options no-sni, snihost
|
2020-12-31 14:49:43 +01:00 |
|
Gerhard Rieger
|
e765898d38
|
New options -r, -R for raw data dumps
|
2020-12-31 13:23:54 +01:00 |
|
Gerhard Rieger
|
6128ea36ac
|
OpenSSL client checks SubjectAltName IP addresses
|
2020-12-31 12:19:17 +01:00 |
|
Gerhard Rieger
|
d1b809b4ab
|
DTLS over UDP
|
2020-12-30 20:59:04 +01:00 |
|
Gerhard Rieger
|
10680c8aad
|
New option setsockopt-listen using dalan
|
2020-12-29 16:48:05 +01:00 |
|
Gerhard Rieger
|
0dccf48d69
|
GOPEN handles UNIX seqpacket sockets
|
2020-12-29 05:30:52 +01:00 |
|
Gerhard Rieger
|
d9d320cb47
|
Corrected UNIX client NAMED options to work on bind address
|
2020-12-29 05:22:41 +01:00 |
|
Gerhard Rieger
|
55518fa690
|
Align buffer for read() with flag O_DIRECT
|
2020-12-29 05:17:53 +01:00 |
|
Gerhard Rieger
|
de2f2c471b
|
OpenSSL options min-version, max-version
|
2020-12-28 12:38:52 +01:00 |
|
Gerhard Rieger
|
beed38655f
|
ext2-* options are renamed to fs-*
|
2020-12-28 12:37:49 +01:00 |
|
Gerhard Rieger
|
f34e8a4dc1
|
Mitigated race condition of SYSTEM,EXEC child processes
|
2020-12-28 11:10:03 +01:00 |
|
Gerhard Rieger
|
2e0b0a0eff
|
SCTP service name resolution falls back to socktype and protocol 0
|
2020-12-28 00:43:29 +01:00 |
|
Gerhard Rieger
|
ecac86a280
|
Solved more testing issues
|
2020-12-09 20:54:42 +01:00 |
|
Gerhard Rieger
|
b62ff0c005
|
Socat address parser read over end of string when there was unbalanced quoting
|
2020-10-30 09:13:51 +01:00 |
|
Gerhard Rieger
|
8e6b341f59
|
Fixed possible integer overflow with option -b
|
2020-10-30 09:13:21 +01:00 |
|
Gerhard Rieger
|
0c65370ae5
|
test.sh: Archlinux: No which; changes on ip,ss commands
|
2020-10-30 08:22:08 +01:00 |
|
Gerhard Rieger
|
152de04f7c
|
test.sh: Ubuntu 20.04 requires 2048 bit certificates
|
2020-10-29 13:50:51 +01:00 |
|
Gerhard Rieger
|
f8985bc1ab
|
test.sh: Fixed renogotiation tests for newer OpenSSL
|
2020-10-29 13:38:45 +01:00 |
|
Gerhard Rieger
|
f2d17f0949
|
test.sh: Adapted some OpenSSL tests to modified OpenSSL behaviour
|
2020-10-29 13:33:34 +01:00 |
|
Gerhard Rieger
|
c6c8ff784c
|
test.sh: OpenSSL s_server now neglect TCPs half close feature
|
2020-10-29 13:16:14 +01:00 |
|
Gerhard Rieger
|
c4d7718bca
|
test.sh: listCANT and some minor corrections
|
2020-10-29 13:10:34 +01:00 |
|
Gerhard Rieger
|
9de26f1d05
|
minor corrections, not affecting binaries
|
2020-01-05 16:00:17 +01:00 |
|
Gerhard Rieger
|
e310bb1cfd
|
Fixed regression: use of ^^ or ,, in test.sh
|
2020-01-04 10:32:58 +01:00 |
|
Gerhard Rieger
|
12f7833a8f
|
Socat printed the "socket ... is at EOF" message multiple times
|
2020-01-04 10:28:59 +01:00 |
|
Gerhard Rieger
|
3be18bdc1f
|
IP-SENDTO:*:6 now passes getaddrinfo() without "ai_socktype not supported"
|
2020-01-01 14:50:29 +01:00 |
|
Gerhard Rieger
|
5ebf36038f
|
Under certain circumstances, options of the first address were applied to the second address
|
2019-12-30 10:27:46 +01:00 |
|
Gerhard Rieger
|
0e371ca704
|
Doc: contributors; test.sh with better IPv6 feature tests
|
2019-04-05 22:24:01 +02:00 |
|
Gerhard Rieger
|
da09ef32df
|
configure.ac: SSLv2_*_method dependend on TLS_*method; test.sh: avoid hanging of a few sec tests
|
2019-04-04 10:58:10 +02:00 |
|
Gerhard Rieger
|
b3325144f8
|
Fixed new IPv6 range code for platforms without s6_addr32 component
|
2019-03-13 12:44:35 +01:00 |
|
Gerhard Rieger
|
7a621dd3a2
|
More corrections to test.sh: language; netstat; reuseaddr; usleep; force IPv4; timeout
|
2019-03-12 21:04:51 +01:00 |
|
Gerhard Rieger
|
710c54a254
|
Permit -dd; print a useful error message when single character options appear to be merged
|
2019-03-03 15:08:02 +01:00 |
|
Gerhard Rieger
|
fbd72c295d
|
Shell scripts are now headed with: env /usr/bin/env bash
|
2019-03-03 13:59:49 +01:00 |
|
Gerhard Rieger
|
14f3e4fed8
|
Disable option openssl-method
|
2019-03-03 13:20:12 +01:00 |
|
Gerhard Rieger
|
181228cf53
|
Use ss,ip when available instead of netstat,ifconfig
|
2019-03-03 12:04:50 +01:00 |
|
Gerhard Rieger
|
42864922e7
|
Socat only checked the first character of the host name to decide if it is an IPv4 address
|
2019-03-03 11:06:02 +01:00 |
|
Gerhard Rieger
|
479d9cbbda
|
With TCP6-LISTEN etc. the range option failed
|
2019-03-03 11:03:33 +01:00 |
|
Gerhard Rieger
|
b5be579187
|
Option ipv6-join-group is in PH_PASTSOCKET
|
2019-03-03 10:01:32 +01:00 |
|
Gerhard Rieger
|
e1a5931827
|
Parent process might have been killed by signal to child
|
2019-03-03 09:32:22 +01:00 |
|
Gerhard Rieger
|
9f5abda361
|
The async-signal-safe fix used internally FD 3 and FD 4 which could conflict with options fdin,fdout
|
2019-02-24 23:18:38 +01:00 |
|
Gerhard Rieger
|
2bd582713d
|
OpenSSL tests failed on actual Linux distributions
|
2019-02-24 22:53:34 +01:00 |
|
Gerhard Rieger
|
81d83e10d3
|
test.sh: Show a warning when phase-1 (insecure phase) of a security test fails
|
2019-02-24 22:46:14 +01:00 |
|
Gerhard Rieger
|
cef0e039a8
|
version 1.7.3.2
|
2017-01-23 12:53:12 +01:00 |
|
Gerhard Rieger
|
19ebd413bb
|
Corrections to test.sh that reveal a mistake with IPV6_TCLASS
|
2017-01-21 10:59:43 +01:00 |
|
Gerhard Rieger
|
72b05700e4
|
Corrections in docu and test.sh
|
2017-01-15 12:23:07 +01:00 |
|
Gerhard Rieger
|
d7473dbac6
|
Corrected mention of SSL-LISTEN and SSL-CONNECT in doc; more minor corrections
|
2017-01-08 11:50:11 +01:00 |
|
Gerhard Rieger
|
9f41543aad
|
Options so-rcvtimeo and so-sndtimeo do not work with poll()
|
2017-01-08 11:12:57 +01:00 |
|
Gerhard Rieger
|
8e09093afd
|
UDP-LISTEN did not honor the max-children option
|
2017-01-07 10:46:01 +01:00 |
|
Gerhard Rieger
|
d6b0e1425e
|
Socat did not use option ipv6-join-group
|
2017-01-06 18:21:20 +01:00 |
|
Gerhard Rieger
|
e25ba90e21
|
AddressSanitizer reported a few buffer overflows (false positives)
|
2017-01-06 17:56:30 +01:00 |
|
Gerhard Rieger
|
40d9352599
|
A few corrections in test.sh
|
2017-01-06 17:27:01 +01:00 |
|
Gerhard Rieger
|
0061ca1334
|
Check in configure for SSLv3_*_METHOD
|
2016-12-10 21:51:27 +01:00 |
|
Gerhard Rieger
|
35590e3cdb
|
Socat exited with status 0 even when a program invoked with SYSTEM or EXEC failed
|
2016-12-10 20:18:33 +01:00 |
|
Gerhard Rieger
|
35a7817e48
|
Option so-reuseport did not work
|
2016-12-10 16:25:40 +01:00 |
|
Gerhard Rieger
|
2ea6da3839
|
Option so-reuseport did not work
|
2016-12-10 16:23:46 +01:00 |
|
Gerhard Rieger
|
d34493c18d
|
Added contributors to copyright notices
|
2016-12-09 21:46:02 +01:00 |
|
Gerhard Rieger
|
36f2afce7c
|
test.sh: stderr; option -v (verbose); FDOUT_ERROR description
|
2016-12-09 21:37:24 +01:00 |
|
Gerhard Rieger
|
226c555edb
|
socat security advisory 8: stack overflow in nestlex()
|
2016-01-29 11:29:28 +01:00 |
|
Gerhard Rieger
|
eab3c89f2d
|
socat security advisory 7, MSVR-1499: created new 2048bit DH modulus
|
2016-01-29 11:29:11 +01:00 |
|
Gerhard Rieger
|
b6541b4de7
|
Final fixes before release 1.7.3.0
|
2015-01-24 18:40:03 +01:00 |
|
Gerhard Rieger
|
f0c3b1f387
|
Port to Openindiana
|
2015-01-23 21:31:08 +01:00 |
|
Gerhard Rieger
|
3f63c9889f
|
minor corrections to docu and test.sh
|
2015-01-23 18:46:54 +01:00 |
|
Gerhard Rieger
|
6f6d7ccb86
|
Revert gcc check to reenable cross compiling
|
2015-01-23 18:41:04 +01:00 |
|
Gerhard Rieger
|
522bb45479
|
Added option rawer for pty
|
2015-01-23 18:40:54 +01:00 |
|
Gerhard Rieger
|
8c8f817780
|
Print error on useless fdout,fdin options
|
2015-01-23 18:38:48 +01:00 |
|
Gerhard Rieger
|
d430147bc6
|
Added TLS methods support
|
2015-01-23 18:38:06 +01:00 |
|
Gerhard Rieger
|
9e863458c6
|
Generate testcert.conf and testcert6.conf in test.sh
|
2015-01-12 23:36:01 +01:00 |
|
Gerhard Rieger
|
2f40a439cb
|
Check OpenSSL peers commonName+subjectAltName; new option openssl-commonname
|
2015-01-12 23:34:47 +01:00 |
|
Gerhard Rieger
|
05afec429d
|
OpenSSL peer certificate subject,issuer details are passed to env
|
2015-01-12 23:11:26 +01:00 |
|
Gerhard Rieger
|
ad524a56b7
|
Passive addresses like TCP-LISTEN with empty port bound to random
|
2015-01-12 22:21:36 +01:00 |
|
Gerhard Rieger
|
0ab324b173
|
Address SYSTEM, when terminating, shutted down its parent addresses
|
2015-01-12 22:20:35 +01:00 |
|
Gerhard Rieger
|
466cb7921c
|
Option ignoreeof on the right address hung
|
2015-01-12 22:19:01 +01:00 |
|
Gerhard Rieger
|
98028900e0
|
Fixed bind with abstract unix domain sockets (Linux)
|
2015-01-12 21:54:26 +01:00 |
|
Gerhard Rieger
|
2af0495cc6
|
Made code async-signal-safe
|
2015-01-12 21:46:16 +01:00 |
|
Gerhard Rieger
|
80c7fa0bca
|
struct cmsghdr.cmsg is system dependend; more print format corrections
|
2014-03-09 22:08:19 +01:00 |
|
Gerhard Rieger
|
fbb521e45e
|
Red Hat issue 1020203: configure checks fail with some compilers
|
2014-03-02 20:00:25 +01:00 |
|
Gerhard Rieger
|
ab74be65e5
|
some file system bases addresses failed to apply file options
|
2014-03-02 18:15:52 +01:00 |
|
Gerhard Rieger
|
a793c8047e
|
fixed some typos and minor issues, including Red Hat issue 1021967
|
2014-03-02 17:43:23 +01:00 |
|
Gerhard Rieger
|
04ad6d5275
|
Red Hat issue 1022063: out-of-range shifts on net mask bits
|
2014-03-02 17:35:34 +01:00 |
|
Gerhard Rieger
|
257834e501
|
OPENSSL-CONNECT with bind option failed on some systems with Invalid argument
|
2014-03-02 16:53:30 +01:00 |
|
Gerhard Rieger
|
91b00e8c44
|
LISTEN based addresses applied some address options to the listening FD instead of the connected FD
|
2014-03-02 16:42:08 +01:00 |
|
Gerhard Rieger
|
0978ada95e
|
improved test.sh script
|
2014-02-26 18:19:37 +01:00 |
|
Gerhard Rieger
|
77a9c7ae10
|
performed changes for Fedora release 19
|
2014-02-09 17:55:06 +01:00 |
|
Gerhard Rieger
|
7a348bdfd5
|
version 1.7.2.3 - CVE-2014-0019: fixed PROXY-CONNECT address overflow
|
2014-01-25 17:44:55 +01:00 |
|
Gerhard Rieger
|
022f0a46e6
|
version 1.7.2.2 - fixed FD leak in accept() loop
|
2013-03-25 20:42:58 +01:00 |
|
Gerhard Rieger
|
464d23a34f
|
version 1.7.2.1 - fixed READLINE buffer overflow
|
2012-04-24 07:30:01 +02:00 |
|
Gerhard Rieger
|
4c9898446d
|
Ubuntu Oneiric: OpenSSL w/o SSLv2, bsd/libutil.h, unused vars
|
2011-12-04 15:14:34 +01:00 |
|
Gerhard Rieger
|
76291f6a67
|
corrections to test.sh
|
2011-12-04 14:44:00 +01:00 |
|
Gerhard Rieger
|
3ef7b3e366
|
port to Dragonfly
|
2011-11-26 14:56:19 +01:00 |
|
Gerhard Rieger
|
7e3386f228
|
OpenSSL option compress allows to disable compression
|
2011-11-26 14:27:02 +01:00 |
|