Commit graph

211 commits

Author SHA1 Message Date
Gerhard Rieger
6128ea36ac OpenSSL client checks SubjectAltName IP addresses 2020-12-31 12:19:17 +01:00
Gerhard Rieger
d1b809b4ab DTLS over UDP 2020-12-30 20:59:04 +01:00
Gerhard Rieger
10680c8aad New option setsockopt-listen using dalan 2020-12-29 16:48:05 +01:00
Gerhard Rieger
0dccf48d69 GOPEN handles UNIX seqpacket sockets 2020-12-29 05:30:52 +01:00
Gerhard Rieger
d9d320cb47 Corrected UNIX client NAMED options to work on bind address 2020-12-29 05:22:41 +01:00
Gerhard Rieger
55518fa690 Align buffer for read() with flag O_DIRECT 2020-12-29 05:17:53 +01:00
Gerhard Rieger
de2f2c471b OpenSSL options min-version, max-version 2020-12-28 12:38:52 +01:00
Gerhard Rieger
beed38655f ext2-* options are renamed to fs-* 2020-12-28 12:37:49 +01:00
Gerhard Rieger
f34e8a4dc1 Mitigated race condition of SYSTEM,EXEC child processes 2020-12-28 11:10:03 +01:00
Gerhard Rieger
2e0b0a0eff SCTP service name resolution falls back to socktype and protocol 0 2020-12-28 00:43:29 +01:00
Gerhard Rieger
ecac86a280 Solved more testing issues 2020-12-09 20:54:42 +01:00
Gerhard Rieger
b62ff0c005 Socat address parser read over end of string when there was unbalanced quoting 2020-10-30 09:13:51 +01:00
Gerhard Rieger
8e6b341f59 Fixed possible integer overflow with option -b 2020-10-30 09:13:21 +01:00
Gerhard Rieger
0c65370ae5 test.sh: Archlinux: No which; changes on ip,ss commands 2020-10-30 08:22:08 +01:00
Gerhard Rieger
152de04f7c test.sh: Ubuntu 20.04 requires 2048 bit certificates 2020-10-29 13:50:51 +01:00
Gerhard Rieger
f8985bc1ab test.sh: Fixed renogotiation tests for newer OpenSSL 2020-10-29 13:38:45 +01:00
Gerhard Rieger
f2d17f0949 test.sh: Adapted some OpenSSL tests to modified OpenSSL behaviour 2020-10-29 13:33:34 +01:00
Gerhard Rieger
c6c8ff784c test.sh: OpenSSL s_server now neglect TCPs half close feature 2020-10-29 13:16:14 +01:00
Gerhard Rieger
c4d7718bca test.sh: listCANT and some minor corrections 2020-10-29 13:10:34 +01:00
Gerhard Rieger
9de26f1d05 minor corrections, not affecting binaries 2020-01-05 16:00:17 +01:00
Gerhard Rieger
e310bb1cfd Fixed regression: use of ^^ or ,, in test.sh 2020-01-04 10:32:58 +01:00
Gerhard Rieger
12f7833a8f Socat printed the "socket ... is at EOF" message multiple times 2020-01-04 10:28:59 +01:00
Gerhard Rieger
3be18bdc1f IP-SENDTO:*:6 now passes getaddrinfo() without "ai_socktype not supported" 2020-01-01 14:50:29 +01:00
Gerhard Rieger
5ebf36038f Under certain circumstances, options of the first address were applied to the second address 2019-12-30 10:27:46 +01:00
Gerhard Rieger
0e371ca704 Doc: contributors; test.sh with better IPv6 feature tests 2019-04-05 22:24:01 +02:00
Gerhard Rieger
da09ef32df configure.ac: SSLv2_*_method dependend on TLS_*method; test.sh: avoid hanging of a few sec tests 2019-04-04 10:58:10 +02:00
Gerhard Rieger
b3325144f8 Fixed new IPv6 range code for platforms without s6_addr32 component 2019-03-13 12:44:35 +01:00
Gerhard Rieger
7a621dd3a2 More corrections to test.sh: language; netstat; reuseaddr; usleep; force IPv4; timeout 2019-03-12 21:04:51 +01:00
Gerhard Rieger
710c54a254 Permit -dd; print a useful error message when single character options appear to be merged 2019-03-03 15:08:02 +01:00
Gerhard Rieger
fbd72c295d Shell scripts are now headed with: env /usr/bin/env bash 2019-03-03 13:59:49 +01:00
Gerhard Rieger
14f3e4fed8 Disable option openssl-method 2019-03-03 13:20:12 +01:00
Gerhard Rieger
181228cf53 Use ss,ip when available instead of netstat,ifconfig 2019-03-03 12:04:50 +01:00
Gerhard Rieger
42864922e7 Socat only checked the first character of the host name to decide if it is an IPv4 address 2019-03-03 11:06:02 +01:00
Gerhard Rieger
479d9cbbda With TCP6-LISTEN etc. the range option failed 2019-03-03 11:03:33 +01:00
Gerhard Rieger
b5be579187 Option ipv6-join-group is in PH_PASTSOCKET 2019-03-03 10:01:32 +01:00
Gerhard Rieger
e1a5931827 Parent process might have been killed by signal to child 2019-03-03 09:32:22 +01:00
Gerhard Rieger
9f5abda361 The async-signal-safe fix used internally FD 3 and FD 4 which could conflict with options fdin,fdout 2019-02-24 23:18:38 +01:00
Gerhard Rieger
2bd582713d OpenSSL tests failed on actual Linux distributions 2019-02-24 22:53:34 +01:00
Gerhard Rieger
81d83e10d3 test.sh: Show a warning when phase-1 (insecure phase) of a security test fails 2019-02-24 22:46:14 +01:00
Gerhard Rieger
cef0e039a8 version 1.7.3.2 2017-01-23 12:53:12 +01:00
Gerhard Rieger
19ebd413bb Corrections to test.sh that reveal a mistake with IPV6_TCLASS 2017-01-21 10:59:43 +01:00
Gerhard Rieger
72b05700e4 Corrections in docu and test.sh 2017-01-15 12:23:07 +01:00
Gerhard Rieger
d7473dbac6 Corrected mention of SSL-LISTEN and SSL-CONNECT in doc; more minor corrections 2017-01-08 11:50:11 +01:00
Gerhard Rieger
9f41543aad Options so-rcvtimeo and so-sndtimeo do not work with poll() 2017-01-08 11:12:57 +01:00
Gerhard Rieger
8e09093afd UDP-LISTEN did not honor the max-children option 2017-01-07 10:46:01 +01:00
Gerhard Rieger
d6b0e1425e Socat did not use option ipv6-join-group 2017-01-06 18:21:20 +01:00
Gerhard Rieger
e25ba90e21 AddressSanitizer reported a few buffer overflows (false positives) 2017-01-06 17:56:30 +01:00
Gerhard Rieger
40d9352599 A few corrections in test.sh 2017-01-06 17:27:01 +01:00
Gerhard Rieger
0061ca1334 Check in configure for SSLv3_*_METHOD 2016-12-10 21:51:27 +01:00
Gerhard Rieger
35590e3cdb Socat exited with status 0 even when a program invoked with SYSTEM or EXEC failed 2016-12-10 20:18:33 +01:00
Gerhard Rieger
35a7817e48 Option so-reuseport did not work 2016-12-10 16:25:40 +01:00
Gerhard Rieger
2ea6da3839 Option so-reuseport did not work 2016-12-10 16:23:46 +01:00
Gerhard Rieger
d34493c18d Added contributors to copyright notices 2016-12-09 21:46:02 +01:00
Gerhard Rieger
36f2afce7c test.sh: stderr; option -v (verbose); FDOUT_ERROR description 2016-12-09 21:37:24 +01:00
Gerhard Rieger
226c555edb socat security advisory 8: stack overflow in nestlex() 2016-01-29 11:29:28 +01:00
Gerhard Rieger
eab3c89f2d socat security advisory 7, MSVR-1499: created new 2048bit DH modulus 2016-01-29 11:29:11 +01:00
Gerhard Rieger
b6541b4de7 Final fixes before release 1.7.3.0 2015-01-24 18:40:03 +01:00
Gerhard Rieger
f0c3b1f387 Port to Openindiana 2015-01-23 21:31:08 +01:00
Gerhard Rieger
3f63c9889f minor corrections to docu and test.sh 2015-01-23 18:46:54 +01:00
Gerhard Rieger
6f6d7ccb86 Revert gcc check to reenable cross compiling 2015-01-23 18:41:04 +01:00
Gerhard Rieger
522bb45479 Added option rawer for pty 2015-01-23 18:40:54 +01:00
Gerhard Rieger
8c8f817780 Print error on useless fdout,fdin options 2015-01-23 18:38:48 +01:00
Gerhard Rieger
d430147bc6 Added TLS methods support 2015-01-23 18:38:06 +01:00
Gerhard Rieger
9e863458c6 Generate testcert.conf and testcert6.conf in test.sh 2015-01-12 23:36:01 +01:00
Gerhard Rieger
2f40a439cb Check OpenSSL peers commonName+subjectAltName; new option openssl-commonname 2015-01-12 23:34:47 +01:00
Gerhard Rieger
05afec429d OpenSSL peer certificate subject,issuer details are passed to env 2015-01-12 23:11:26 +01:00
Gerhard Rieger
ad524a56b7 Passive addresses like TCP-LISTEN with empty port bound to random 2015-01-12 22:21:36 +01:00
Gerhard Rieger
0ab324b173 Address SYSTEM, when terminating, shutted down its parent addresses 2015-01-12 22:20:35 +01:00
Gerhard Rieger
466cb7921c Option ignoreeof on the right address hung 2015-01-12 22:19:01 +01:00
Gerhard Rieger
98028900e0 Fixed bind with abstract unix domain sockets (Linux) 2015-01-12 21:54:26 +01:00
Gerhard Rieger
2af0495cc6 Made code async-signal-safe 2015-01-12 21:46:16 +01:00
Gerhard Rieger
80c7fa0bca struct cmsghdr.cmsg is system dependend; more print format corrections 2014-03-09 22:08:19 +01:00
Gerhard Rieger
fbb521e45e Red Hat issue 1020203: configure checks fail with some compilers 2014-03-02 20:00:25 +01:00
Gerhard Rieger
ab74be65e5 some file system bases addresses failed to apply file options 2014-03-02 18:15:52 +01:00
Gerhard Rieger
a793c8047e fixed some typos and minor issues, including Red Hat issue 1021967 2014-03-02 17:43:23 +01:00
Gerhard Rieger
04ad6d5275 Red Hat issue 1022063: out-of-range shifts on net mask bits 2014-03-02 17:35:34 +01:00
Gerhard Rieger
257834e501 OPENSSL-CONNECT with bind option failed on some systems with Invalid argument 2014-03-02 16:53:30 +01:00
Gerhard Rieger
91b00e8c44 LISTEN based addresses applied some address options to the listening FD instead of the connected FD 2014-03-02 16:42:08 +01:00
Gerhard Rieger
0978ada95e improved test.sh script 2014-02-26 18:19:37 +01:00
Gerhard Rieger
77a9c7ae10 performed changes for Fedora release 19 2014-02-09 17:55:06 +01:00
Gerhard Rieger
7a348bdfd5 version 1.7.2.3 - CVE-2014-0019: fixed PROXY-CONNECT address overflow 2014-01-25 17:44:55 +01:00
Gerhard Rieger
022f0a46e6 version 1.7.2.2 - fixed FD leak in accept() loop 2013-03-25 20:42:58 +01:00
Gerhard Rieger
464d23a34f version 1.7.2.1 - fixed READLINE buffer overflow 2012-04-24 07:30:01 +02:00
Gerhard Rieger
4c9898446d Ubuntu Oneiric: OpenSSL w/o SSLv2, bsd/libutil.h, unused vars 2011-12-04 15:14:34 +01:00
Gerhard Rieger
76291f6a67 corrections to test.sh 2011-12-04 14:44:00 +01:00
Gerhard Rieger
3ef7b3e366 port to Dragonfly 2011-11-26 14:56:19 +01:00
Gerhard Rieger
7e3386f228 OpenSSL option compress allows to disable compression 2011-11-26 14:27:02 +01:00
Gerhard Rieger
02f3b29ab6 new option max-children that limits the number of concurrent child processes 2011-11-26 14:24:09 +01:00
Gerhard Rieger
a593b09df6 test.sh: corrected ancilliary messages with timestamps 2011-11-26 14:05:55 +01:00
Gerhard Rieger
b579f27765 minor corrections to docu and test.sh resulting from local compilation on Openmoko SHR 2011-11-22 13:57:46 +01:00
Gerhard Rieger
b4b7ffc732 check if define __APPLE_USE_RFC_2292 helps to enable IPV6_* 2011-11-22 13:20:02 +01:00
Gerhard Rieger
0b472d59d2 OPENSSL-LISTEN failed with "no shared cipher" when using cipher aNULL 2011-11-22 10:42:38 +01:00
Gerhard Rieger
6a8f6c0734 handle partial write()'s without data loss 2011-10-09 09:18:31 +02:00
Gerhard Rieger
b8d16ecd51 issue error when PTY called with parameters 2011-03-10 07:55:03 +01:00
Gerhard Rieger
e0d548df71 UNIX-CONNECT did not support half-close 2010-10-04 00:18:13 +02:00
Gerhard Rieger
2e385902c0 UDP-LISTEN would alway set SO_REUSEADDR even without fork option and when user set it to 0 2010-10-03 16:38:04 +02:00
Gerhard Rieger
cb913fbc0c when UNIX-LISTEN was applied to an existing file it failed as expected but removed the file 2010-10-03 16:28:06 +02:00
Gerhard Rieger
4c3d1ca49d fixed a bug where socat might crash when connecting to a unix domain socket using address GOPEN 2010-10-03 15:46:10 +02:00
Gerhard Rieger
6340d5d2c8 fixed a stack overflow vulnerability with long command line args 2010-10-03 11:36:50 +02:00
Gerhard Rieger
07db31f7ac version 1.7.1.2 2010-01-10 15:20:37 +01:00