aboutsummaryrefslogtreecommitdiff
path: root/src/IO
AgeCommit message (Collapse)Author
2016-07-04recognize obsolete hash algorithms when complaining about...obsolete hash ↵corvid
algorithms
2016-07-04in some TLS MSGs, don't show port if it's the defaultcorvid
2016-07-03Fixed a couple of compiler warnings for IO.cJorge Arellano Cid
2016-07-03workaround for mbed TLS 2.3.0 include problemcorvid
reported by Nick Warne http://lists.dillo.org/pipermail/dillo-dev/2016-July/010941.html checking mbedtls/ssl.h usability... no checking mbedtls/ssl.h presence... yes configure: WARNING: mbedtls/ssl.h: present but cannot be compiled configure: WARNING: mbedtls/ssl.h: check for missing prerequisite headers? configure: WARNING: mbedtls/ssl.h: see the Autoconf documentation configure: WARNING: mbedtls/ssl.h: section "Present But Cannot Be Compiled" configure: WARNING: mbedtls/ssl.h: proceeding with the compiler's result checking for mbedtls/ssl.h... no configure: WARNING: *** mbed TLS 2 not found. Disabling SSL/HTTPS/TLS support. ***
2016-07-03clean up host:port usage, particularly with ipv6corvid
2016-07-03quiet MSGcorvid
2016-07-03use mbed TLScorvid
2016-05-11Silenced a few old debug messages.Jorge Arellano Cid
2016-04-30Fixed a minor bug for a corner case in dpi cookie handlingJorge Arellano Cid
2016-04-09if we get an error (e.g. ECONNRESET) while reading, abort the read and show ↵corvid
a status message
2016-03-19MSGcorvid
2016-03-08openssl 1.0.2f does not like shutdown to be called during handshakecorvid
thread begins here: http://lists.dillo.org/pipermail/dillo-dev/2016-February/010682.html
2015-07-05wasteful use of strncpycorvid
I never knew that if you give it a small string to copy into a big buffer, it'll waste time filling the rest of it with '\0'.
2015-07-05tls.c a little cleanupcorvid
2015-07-05integrate cert algorithm + key checking code with the other checkscorvid
2015-07-02merge 3.0.5 branchcorvid
2015-06-30release datev3.0.5release-3_0_5corvid
2015-06-29HTTP Strict Transport Securitycorvid
I'm not including the preload file yet.
2015-06-24add a tls test sitecorvid
2015-06-17mention the most recent ChangeLog additions in splashcorvid
2015-06-03web must be valid in order to continue in a_Http_connect_donecorvid
A site triggers this with a background image where the style is deleted upon </div>, and Capi_stop_client() finds that a_Cache_client_get_if_unique() is false, so nothing aborts the connection. And there's time for this to happen because we're doing TLS handshake. I don't know whether all of what triggered this is doing the right thing, but at least when it comes to capi, we can see that there's the idea of permitting it (with whether we ever actually want that in practice being yet another question). In any case, Http_make_query_str() definitely thinks the web is there. If we really decided that we wanted connections to continue without webs, we could stuff 1) what sort of thing are we requesting? 2) is this a third-party request? into the socket data. Making the query earlier is probably not advisable because we'd want the cookies available at the time that we send the query and not the cookies that were available somewhat earlier.
2015-06-03show certificate hash algorithm (and complain feebly if it's weak)corvid
2015-06-01constcorvid
2015-06-01TLS servers sortedcorvid
2015-05-31mergecorvid
2015-05-31fix up socket queuecorvid
2015-05-30fix warningcorvid
2015-05-30print certificate chaincorvid
2015-05-30let's not print tls alerts for 'close notify'corvid
2015-05-29print out TLS version and cipher agreed upon after first connection with servercorvid
2015-05-29documentation and not-currently-possible error casecorvid
2015-05-29some more information for TLS warning popupscorvid
2015-05-28'ssl' -> 'tls' where reasonable, given that ssl3 is dead and allcorvid
I used 'hg rename' and expected (at least hoped) that 'hg diff' would do what I would naturally want, but no.
2015-05-28make http_max_conns truly per server/proxy rather than hostcorvid
And separate http from https for safety while we're at it. We were checking this where we needed to, but it would be easy to forget about in the future. Not that very much happens when you try http://example.com:443 or https://example.com:80, but I'm being careful nevertheless.
2015-05-19http use-after-freecorvid
openbsd tripped over this for me
2015-05-18make it clearer that ssl popups are about security (well, if one's WM shows ↵corvid
titles) I've noticed how users on forums can be like "Oh, it must be something about bugs in dillo. But it manages to load the page". This is a degree of misunderstanding which I wouldn't expect from anyone interested in using dillo, but there it is, so I should deal with it.
2015-05-18let's add LibreSSL to the OpenSSL licensing linking exceptioncorvid
I tried dillo on openbsd and, unsurprisingly, it seems fine with libressl. I still would like it if some other TLS library would become the clear choice for dillo at some point...
2015-05-18clean up the SSL error dialog strings a littlecorvid
2015-05-09splash: urge users to read help. mention domainrc.corvid
Just recently I added some mention of domainrc to the website. I hadn't made enough of an effort to communicate the fact that it exists, and now it's time to remedy that.
2015-05-08https: the rest :)corvid
Normally I really like to make commits in small pieces that all compile and make sense in isolation, but with this https work, the effort vs the reward just wasn't going to make sense.
2015-05-08ssl.[ch]corvid
2015-04-05http socket reuse must test for HTTP_SOCKET_TO_BE_FREEDcorvid
2015-03-22socket freecorvid
2015-03-05http, don't presume that socket data is found in ValidSockscorvid
jeremy's valgrind logs have an instance of ==15610== Invalid read of size 4 ==15610== at 0x8090B53: Http_socket_reuse (http.c:668)
2014-12-24merge 3.0.4.1 branchcorvid
2014-12-24Updates for 3.0.4.1Jorge Arellano Cid
2014-12-20mention redirection fix for this releaserelease-3_0_4_1corvid
2014-12-10mention in splashcorvid
2014-12-08mention resizable-window fixcorvid
2014-11-25splash textcorvid