Commit graph

263 commits

Author SHA1 Message Date
Gerhard Rieger
aa2b9c00b2 Added SNI support to OPENSSL-CONNECT, with options no-sni, snihost 2020-12-31 14:49:43 +01:00
Gerhard Rieger
e765898d38 New options -r, -R for raw data dumps 2020-12-31 13:23:54 +01:00
Gerhard Rieger
6128ea36ac OpenSSL client checks SubjectAltName IP addresses 2020-12-31 12:19:17 +01:00
Gerhard Rieger
d1b809b4ab DTLS over UDP 2020-12-30 20:59:04 +01:00
Gerhard Rieger
10680c8aad New option setsockopt-listen using dalan 2020-12-29 16:48:05 +01:00
Gerhard Rieger
0dccf48d69 GOPEN handles UNIX seqpacket sockets 2020-12-29 05:30:52 +01:00
Gerhard Rieger
d9d320cb47 Corrected UNIX client NAMED options to work on bind address 2020-12-29 05:22:41 +01:00
Gerhard Rieger
55518fa690 Align buffer for read() with flag O_DIRECT 2020-12-29 05:17:53 +01:00
Gerhard Rieger
de2f2c471b OpenSSL options min-version, max-version 2020-12-28 12:38:52 +01:00
Gerhard Rieger
beed38655f ext2-* options are renamed to fs-* 2020-12-28 12:37:49 +01:00
Gerhard Rieger
f34e8a4dc1 Mitigated race condition of SYSTEM,EXEC child processes 2020-12-28 11:10:03 +01:00
Gerhard Rieger
2e0b0a0eff SCTP service name resolution falls back to socktype and protocol 0 2020-12-28 00:43:29 +01:00
Gerhard Rieger
ecac86a280 Solved more testing issues 2020-12-09 20:54:42 +01:00
Gerhard Rieger
b62ff0c005 Socat address parser read over end of string when there was unbalanced quoting 2020-10-30 09:13:51 +01:00
Gerhard Rieger
8e6b341f59 Fixed possible integer overflow with option -b 2020-10-30 09:13:21 +01:00
Gerhard Rieger
0c65370ae5 test.sh: Archlinux: No which; changes on ip,ss commands 2020-10-30 08:22:08 +01:00
Gerhard Rieger
152de04f7c test.sh: Ubuntu 20.04 requires 2048 bit certificates 2020-10-29 13:50:51 +01:00
Gerhard Rieger
f8985bc1ab test.sh: Fixed renogotiation tests for newer OpenSSL 2020-10-29 13:38:45 +01:00
Gerhard Rieger
f2d17f0949 test.sh: Adapted some OpenSSL tests to modified OpenSSL behaviour 2020-10-29 13:33:34 +01:00
Gerhard Rieger
c6c8ff784c test.sh: OpenSSL s_server now neglect TCPs half close feature 2020-10-29 13:16:14 +01:00
Gerhard Rieger
c4d7718bca test.sh: listCANT and some minor corrections 2020-10-29 13:10:34 +01:00
Gerhard Rieger
9de26f1d05 minor corrections, not affecting binaries 2020-01-05 16:00:17 +01:00
Gerhard Rieger
e310bb1cfd Fixed regression: use of ^^ or ,, in test.sh 2020-01-04 10:32:58 +01:00
Gerhard Rieger
12f7833a8f Socat printed the "socket ... is at EOF" message multiple times 2020-01-04 10:28:59 +01:00
Gerhard Rieger
3be18bdc1f IP-SENDTO:*:6 now passes getaddrinfo() without "ai_socktype not supported" 2020-01-01 14:50:29 +01:00
Gerhard Rieger
5ebf36038f Under certain circumstances, options of the first address were applied to the second address 2019-12-30 10:27:46 +01:00
Gerhard Rieger
0e371ca704 Doc: contributors; test.sh with better IPv6 feature tests 2019-04-05 22:24:01 +02:00
Gerhard Rieger
da09ef32df configure.ac: SSLv2_*_method dependend on TLS_*method; test.sh: avoid hanging of a few sec tests 2019-04-04 10:58:10 +02:00
Gerhard Rieger
b3325144f8 Fixed new IPv6 range code for platforms without s6_addr32 component 2019-03-13 12:44:35 +01:00
Gerhard Rieger
7a621dd3a2 More corrections to test.sh: language; netstat; reuseaddr; usleep; force IPv4; timeout 2019-03-12 21:04:51 +01:00
Gerhard Rieger
710c54a254 Permit -dd; print a useful error message when single character options appear to be merged 2019-03-03 15:08:02 +01:00
Gerhard Rieger
fbd72c295d Shell scripts are now headed with: env /usr/bin/env bash 2019-03-03 13:59:49 +01:00
Gerhard Rieger
14f3e4fed8 Disable option openssl-method 2019-03-03 13:20:12 +01:00
Gerhard Rieger
181228cf53 Use ss,ip when available instead of netstat,ifconfig 2019-03-03 12:04:50 +01:00
Gerhard Rieger
42864922e7 Socat only checked the first character of the host name to decide if it is an IPv4 address 2019-03-03 11:06:02 +01:00
Gerhard Rieger
479d9cbbda With TCP6-LISTEN etc. the range option failed 2019-03-03 11:03:33 +01:00
Gerhard Rieger
b5be579187 Option ipv6-join-group is in PH_PASTSOCKET 2019-03-03 10:01:32 +01:00
Gerhard Rieger
e1a5931827 Parent process might have been killed by signal to child 2019-03-03 09:32:22 +01:00
Gerhard Rieger
9f5abda361 The async-signal-safe fix used internally FD 3 and FD 4 which could conflict with options fdin,fdout 2019-02-24 23:18:38 +01:00
Gerhard Rieger
2bd582713d OpenSSL tests failed on actual Linux distributions 2019-02-24 22:53:34 +01:00
Gerhard Rieger
81d83e10d3 test.sh: Show a warning when phase-1 (insecure phase) of a security test fails 2019-02-24 22:46:14 +01:00
Gerhard Rieger
cef0e039a8 version 1.7.3.2 2017-01-23 12:53:12 +01:00
Gerhard Rieger
19ebd413bb Corrections to test.sh that reveal a mistake with IPV6_TCLASS 2017-01-21 10:59:43 +01:00
Gerhard Rieger
72b05700e4 Corrections in docu and test.sh 2017-01-15 12:23:07 +01:00
Gerhard Rieger
d7473dbac6 Corrected mention of SSL-LISTEN and SSL-CONNECT in doc; more minor corrections 2017-01-08 11:50:11 +01:00
Gerhard Rieger
9f41543aad Options so-rcvtimeo and so-sndtimeo do not work with poll() 2017-01-08 11:12:57 +01:00
Gerhard Rieger
8e09093afd UDP-LISTEN did not honor the max-children option 2017-01-07 10:46:01 +01:00
Gerhard Rieger
d6b0e1425e Socat did not use option ipv6-join-group 2017-01-06 18:21:20 +01:00
Gerhard Rieger
e25ba90e21 AddressSanitizer reported a few buffer overflows (false positives) 2017-01-06 17:56:30 +01:00
Gerhard Rieger
40d9352599 A few corrections in test.sh 2017-01-06 17:27:01 +01:00
Gerhard Rieger
0061ca1334 Check in configure for SSLv3_*_METHOD 2016-12-10 21:51:27 +01:00
Gerhard Rieger
35590e3cdb Socat exited with status 0 even when a program invoked with SYSTEM or EXEC failed 2016-12-10 20:18:33 +01:00
Gerhard Rieger
35a7817e48 Option so-reuseport did not work 2016-12-10 16:25:40 +01:00
Gerhard Rieger
2ea6da3839 Option so-reuseport did not work 2016-12-10 16:23:46 +01:00
Gerhard Rieger
d34493c18d Added contributors to copyright notices 2016-12-09 21:46:02 +01:00
Gerhard Rieger
36f2afce7c test.sh: stderr; option -v (verbose); FDOUT_ERROR description 2016-12-09 21:37:24 +01:00
Gerhard Rieger
226c555edb socat security advisory 8: stack overflow in nestlex() 2016-01-29 11:29:28 +01:00
Gerhard Rieger
eab3c89f2d socat security advisory 7, MSVR-1499: created new 2048bit DH modulus 2016-01-29 11:29:11 +01:00
Gerhard Rieger
b6541b4de7 Final fixes before release 1.7.3.0 2015-01-24 18:40:03 +01:00
Gerhard Rieger
f0c3b1f387 Port to Openindiana 2015-01-23 21:31:08 +01:00
Gerhard Rieger
3f63c9889f minor corrections to docu and test.sh 2015-01-23 18:46:54 +01:00
Gerhard Rieger
6f6d7ccb86 Revert gcc check to reenable cross compiling 2015-01-23 18:41:04 +01:00
Gerhard Rieger
522bb45479 Added option rawer for pty 2015-01-23 18:40:54 +01:00
Gerhard Rieger
8c8f817780 Print error on useless fdout,fdin options 2015-01-23 18:38:48 +01:00
Gerhard Rieger
d430147bc6 Added TLS methods support 2015-01-23 18:38:06 +01:00
Gerhard Rieger
9e863458c6 Generate testcert.conf and testcert6.conf in test.sh 2015-01-12 23:36:01 +01:00
Gerhard Rieger
2f40a439cb Check OpenSSL peers commonName+subjectAltName; new option openssl-commonname 2015-01-12 23:34:47 +01:00
Gerhard Rieger
05afec429d OpenSSL peer certificate subject,issuer details are passed to env 2015-01-12 23:11:26 +01:00
Gerhard Rieger
ad524a56b7 Passive addresses like TCP-LISTEN with empty port bound to random 2015-01-12 22:21:36 +01:00
Gerhard Rieger
0ab324b173 Address SYSTEM, when terminating, shutted down its parent addresses 2015-01-12 22:20:35 +01:00
Gerhard Rieger
466cb7921c Option ignoreeof on the right address hung 2015-01-12 22:19:01 +01:00
Gerhard Rieger
98028900e0 Fixed bind with abstract unix domain sockets (Linux) 2015-01-12 21:54:26 +01:00
Gerhard Rieger
2af0495cc6 Made code async-signal-safe 2015-01-12 21:46:16 +01:00
Gerhard Rieger
80c7fa0bca struct cmsghdr.cmsg is system dependend; more print format corrections 2014-03-09 22:08:19 +01:00
Gerhard Rieger
fbb521e45e Red Hat issue 1020203: configure checks fail with some compilers 2014-03-02 20:00:25 +01:00
Gerhard Rieger
ab74be65e5 some file system bases addresses failed to apply file options 2014-03-02 18:15:52 +01:00
Gerhard Rieger
a793c8047e fixed some typos and minor issues, including Red Hat issue 1021967 2014-03-02 17:43:23 +01:00
Gerhard Rieger
04ad6d5275 Red Hat issue 1022063: out-of-range shifts on net mask bits 2014-03-02 17:35:34 +01:00
Gerhard Rieger
257834e501 OPENSSL-CONNECT with bind option failed on some systems with Invalid argument 2014-03-02 16:53:30 +01:00
Gerhard Rieger
91b00e8c44 LISTEN based addresses applied some address options to the listening FD instead of the connected FD 2014-03-02 16:42:08 +01:00
Gerhard Rieger
0978ada95e improved test.sh script 2014-02-26 18:19:37 +01:00
Gerhard Rieger
77a9c7ae10 performed changes for Fedora release 19 2014-02-09 17:55:06 +01:00
Gerhard Rieger
7a348bdfd5 version 1.7.2.3 - CVE-2014-0019: fixed PROXY-CONNECT address overflow 2014-01-25 17:44:55 +01:00
Gerhard Rieger
022f0a46e6 version 1.7.2.2 - fixed FD leak in accept() loop 2013-03-25 20:42:58 +01:00
Gerhard Rieger
464d23a34f version 1.7.2.1 - fixed READLINE buffer overflow 2012-04-24 07:30:01 +02:00
Gerhard Rieger
4c9898446d Ubuntu Oneiric: OpenSSL w/o SSLv2, bsd/libutil.h, unused vars 2011-12-04 15:14:34 +01:00
Gerhard Rieger
76291f6a67 corrections to test.sh 2011-12-04 14:44:00 +01:00
Gerhard Rieger
3ef7b3e366 port to Dragonfly 2011-11-26 14:56:19 +01:00
Gerhard Rieger
7e3386f228 OpenSSL option compress allows to disable compression 2011-11-26 14:27:02 +01:00
Gerhard Rieger
02f3b29ab6 new option max-children that limits the number of concurrent child processes 2011-11-26 14:24:09 +01:00
Gerhard Rieger
a593b09df6 test.sh: corrected ancilliary messages with timestamps 2011-11-26 14:05:55 +01:00
Gerhard Rieger
b579f27765 minor corrections to docu and test.sh resulting from local compilation on Openmoko SHR 2011-11-22 13:57:46 +01:00
Gerhard Rieger
b4b7ffc732 check if define __APPLE_USE_RFC_2292 helps to enable IPV6_* 2011-11-22 13:20:02 +01:00
Gerhard Rieger
0b472d59d2 OPENSSL-LISTEN failed with "no shared cipher" when using cipher aNULL 2011-11-22 10:42:38 +01:00
Gerhard Rieger
6a8f6c0734 handle partial write()'s without data loss 2011-10-09 09:18:31 +02:00
Gerhard Rieger
b8d16ecd51 issue error when PTY called with parameters 2011-03-10 07:55:03 +01:00
Gerhard Rieger
e0d548df71 UNIX-CONNECT did not support half-close 2010-10-04 00:18:13 +02:00
Gerhard Rieger
2e385902c0 UDP-LISTEN would alway set SO_REUSEADDR even without fork option and when user set it to 0 2010-10-03 16:38:04 +02:00
Gerhard Rieger
cb913fbc0c when UNIX-LISTEN was applied to an existing file it failed as expected but removed the file 2010-10-03 16:28:06 +02:00
Gerhard Rieger
4c3d1ca49d fixed a bug where socat might crash when connecting to a unix domain socket using address GOPEN 2010-10-03 15:46:10 +02:00
Gerhard Rieger
6340d5d2c8 fixed a stack overflow vulnerability with long command line args 2010-10-03 11:36:50 +02:00
Gerhard Rieger
07db31f7ac version 1.7.1.2 2010-01-10 15:20:37 +01:00
Gerhard Rieger
2ebedc0457 merged: minor corrections in test.sh 2010-01-10 14:30:54 +01:00
Gerhard Rieger
57c0441252 minor corrections in test.sh 2010-01-10 14:29:34 +01:00
Gerhard Rieger
486eb1b514 Merge branch 'test' 2010-01-09 16:08:34 +01:00
Gerhard Rieger
625e1a61c3 merged: openssl addresses failed with "nonblocking operation did not complete" when the peer performed a renegotiation 2010-01-09 15:51:28 +01:00
Gerhard Rieger
3f6e8ac318 merged: user-late and group-late, when applied to a pty, affected the system device /dev/ptmx 2010-01-09 15:43:10 +01:00
Gerhard Rieger
9161a4eb2b Solaris 8 and Sun Studio support 2010-01-09 13:42:57 +01:00
Gerhard Rieger
1db7a7b1f7 openssl addresses failed with "nonblocking operation did not complete" when the peer performed a renegotiation 2010-01-09 13:35:24 +01:00
Gerhard Rieger
80286cdeb5 user-late and group-late, when applied to a pty, affected the system device /dev/ptmx 2010-01-09 10:10:48 +01:00
Gerhard Rieger
c92e4e089b minor corrections in test.sh 2010-01-03 23:13:04 +01:00
Gerhard Rieger
6e4db297ae merged typos branch 2009-04-02 17:13:45 +02:00
Gerhard Rieger
806bccbf94 new address options shut-null, null-eof 2009-04-02 17:02:29 +02:00
Gerhard Rieger
209ff84a07 minor corrections of docu and test.sh; o-append 2009-04-02 10:29:06 +02:00
Gerhard Rieger
4a42088332 option end-close "did not apply" with some address types 2009-03-31 23:22:06 +02:00
Gerhard Rieger
e5f2863cd8 merged connect-timeout bug fix 2009-03-31 22:55:15 +02:00
Gerhard Rieger
13fce17ad8 half close of EXEC and SYSTEM addresses did not work with pipes and sometimes socketpair 2009-03-31 22:46:41 +02:00
Gerhard Rieger
e19d94bea4 fixed new bug with connect-timeout 2009-03-31 21:58:30 +02:00
Gerhard Rieger
7b61382c76 end-close "did not apply" to some addresses 2009-03-12 06:31:42 +01:00
Gerhard Rieger
5999bbc1b8 under some circumstances shutdown was called multiple times for the same fd 2008-10-28 21:07:47 +01:00
Gerhard Rieger
45c6d0536a MacOSX: added missing parentheses; removed outcommented readline data 2008-10-14 22:57:51 +02:00
Gerhard Rieger
01f990310e more for Darwin; do not test ancillary timestamp with unix domain 2008-10-12 12:04:54 +02:00
Gerhard Rieger
1dec094b3d test.sh options -n, -N: continue tests with number 2008-09-29 21:23:07 +02:00
Gerhard Rieger
b49b7eee08 check for SCTP feature; SCTP check on Solaris 2008-09-24 08:42:11 +02:00
Gerhard Rieger
28cc25ec90 1.7.0-rc1: ported to FreeBSD: test.sh runssctpx; small fixes 2008-09-23 14:29:09 +02:00
Gerhard Rieger
784e378ede merged feature raw network interface 2008-09-23 00:09:19 +02:00
Gerhard Rieger
cf84b71cea added SCTP stream environment variable tests 2008-09-22 23:39:33 +02:00
Gerhard Rieger
91057b0b68 merged feature sctp streams 2008-09-22 23:21:26 +02:00
Gerhard Rieger
d78b080ef0 merged features ioctl, setsockopt, generic-socket 2008-09-22 22:52:03 +02:00
Gerhard Rieger
86c596bd51 merged feature protocol-type 2008-09-22 22:33:04 +02:00
Gerhard Rieger
2ffe5a324e merged features ancillary, envvar 2008-09-22 22:17:55 +02:00
Gerhard Rieger
bd3810642b Merge /home/gerhard/Develop/socat-escape into socat-1.7.0.0 2008-09-22 22:05:08 +02:00
Gerhard Rieger
e337b51405 test generic sockets for TCP6 and UNIX 2008-09-22 21:48:00 +02:00
Gerhard Rieger
9a097fc49d socat should now build under MacOS X 10.4 2008-09-21 18:08:26 +02:00
Gerhard Rieger
376b9d50c3 reworked so-type, so-prototype 2008-09-20 23:47:06 +02:00
Gerhard Rieger
b6c2d46008 cleanup xio-unix.c: merged classic with abstract functions; names, ... 2008-09-20 23:40:45 +02:00
Gerhard Rieger
de910892f2 new address "interface" for transparent network interface handling 2008-09-20 23:37:56 +02:00
Gerhard Rieger
c86345a615 new address option "escape" allows to break a socat instance 2008-09-20 23:01:10 +02:00
Gerhard Rieger
13b73776e7 ported generic socket to *BSD; minor improvements 2008-09-20 17:17:27 +02:00
Gerhard Rieger
8947cc92dc added test SETSOCKOPT_INT; some corrections on generic ioctl and setsockopt features 2008-09-20 17:09:10 +02:00
Gerhard Rieger
2c2508fc62 added address options: ioctl-void, ioctl-int, ioctl-intp, ioctl-bin, ioctl-string
added option types: TYPE_INT_INT, TYPE_INT_BIN, TYPE_INT_STRING
added syscall wrapper: Ioctl_int()
added test: IOCTL_VOID
2008-09-20 17:08:29 +02:00
Gerhard Rieger
0e1eb7e4b4 in ignoreeof mode socat also blocked data transfer in the other direction 2008-09-19 09:03:59 +02:00
Gerhard Rieger
f8496421f9 some raw IP and UNIX datagram modes failed on BSD systems; test.sh: more stable timing, corrections for BSD 2008-09-14 18:33:28 +02:00
Gerhard Rieger
67e59494c4 improve test for EXECSPACES to keep multiple spaces in arguments 2008-09-05 00:22:35 +02:00
Gerhard Rieger
e142c3da6b dont leave UDP-LISTEN socket open after reject 2008-09-04 23:30:59 +02:00
Gerhard Rieger
780b4028fe improved test.sh script 2008-07-23 20:56:48 +02:00
Gerhard Rieger
ae368e7cb9 EXEC address with consecutive spaces created additional empty arguments 2008-07-17 21:49:52 +02:00
Gerhard Rieger
ad4bd0d9db EXEC and SYSTEM with stderr injected socat messages into the data stream 2008-06-07 10:14:56 +02:00
Gerhard Rieger
d086001911 RECVFROM addresses with FORK option hung after processing the first packet 2008-05-22 16:51:40 +02:00
Gerhard Rieger
fe1337fe5f fixed bug in ip*-recv with bind option 2008-05-22 10:02:04 +02:00