./security/hitch, High performance SSL/TLS proxy

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.5.0nb1, Package name: hitch-1.5.0nb1, Maintainer: fhajny

Hitch is a libev-based high performance SSL/TLS proxy by Varnish
Software.


Required to run:
[devel/libev]

Required to build:
[textproc/py-docutils] [pkgtools/cwrappers] [lang/python37]

Master sites:

SHA1: e2f77a3213d6fe3d1b8cd212cd6bf2e0dc4c4698
RMD160: 37758d95652dd4c6a224d8b369e6d8da05e93f58
Filesize: 297.04 KB

Version history: (Expand)


CVS history: (Expand)


   2019-04-25 09:33:32 by Maya Rashish | Files touched by this commit (620)
Log message:
PKGREVISION bump for anything using python without a PYPKGPREFIX.

This is a semi-manual PKGREVISION bump.
   2019-03-04 14:56:19 by Tobias Nygren | Files touched by this commit (2)
Log message:
hitch-1.5.0 (2018-12-17)

Support for UNIX domain socket connections.
New configuration file settings pem-dir and pem-dir-glob.
Support for TLS 1.3.
Fixed a bug that would cause a crash on reload if ocsp-dir was changed.
Add log-level. This supersedes the previous quiet setting.
Add proxy-tlv. This enables extra reporting of cipher and protocol.
Drop TLSv1.1 from the default TLS protocols list.
   2018-12-15 22:12:25 by Thomas Klausner | Files touched by this commit (67) | Package updated
Log message:
*: update email for fhajny
   2018-09-07 15:54:45 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
security/hitch: Update to 1.4.8.

hitch-1.4.8 (2018-04-19)
------------------------

- Reworked the dynamic backend bits.
- Update docs to recommend running Hitch as a separate non-privileged
  user.

hitch-1.4.7 (2018-01-11)
------------------------

- Massive test suite refactor and update.
- Fix OpenBSD/FreeBSD/POSIX portability issues: restrict fstat(1) to
  OpenBSD, bring sockstat(1) support back, drop pathchk(1) usage in
  the test suite, switch from sockstat(1) to fstat(1)
- Add an OCSP refresh timeout parameter
- Autotools polish
- Random usage of config section if reduntant
- Support for separate key files
- Fix logging to syslog even when set to syslog = off
- Making log-filename, recv-bufsize and send-bufsize parameters
  available though command line and config file.
- Fix: global backaddr is assumed to be static
- Add support for session-cache in config file and as cmdline option
- Plug file descriptor leak: killing worker processes would leave the
  pipe's write end open, leaking one file descriptor per worker upon
  reload
   2017-07-03 15:03:02 by Joerg Sonnenberger | Files touched by this commit (2)
Log message:
Fix ctype use.
   2017-06-14 15:28:57 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Update security/hitch to 1.4.6.

Update security/hitch to 1.4.6.

hitch-1.4.6 (2017-06-06)
- Fix a problem that broke mock-based builds for el6/el7

hitch-1.4.5 (2017-05-31)
- Set SSL_OP_SINGLE_ECDH_USE to force a fresh ECDH key pair per
  handshake
- Fix a bug where we ended up leaking a zombie process on reload
- Fix a bug where the management process could not find its
  configuration files after a reload when chroot was configured
- Output the offending line on a configuration file parsing error
- Fix build for non-C99/C11 compilers
- Fix the shared cache code to make it work also with OpenSSL 1.1.0
- Fix an unchecked loop situation that could occur when running with
  shared cache enabled
- Various autotools configuration fixes
- A few minor doc fixes
   2017-01-09 14:02:21 by Filip Hajny | Files touched by this commit (6) | Package updated
Log message:
Update security/hitch to 1.4.4.

hitch-1.4.4 (2016-12-22)
------------------------

- OpenSSL 1.1.0 compatibility fixes. OpenSSL 1.1.0 is now fully
  supported with Hitch.
- Fix a bug in the OCSP refresh code that could make it loop with
  immediate refreshes flooding an OCSP responder.
- Force the SSL_OP_SINGLE_DH_USE setting. This protects against an
  OpenSSL vulnerability where a remote attacker could discover private
  DH exponents (CVE-2016-0701).

hitch-1.4.3 (2016-11-14)
------------------------

- OCSP stapling is now enabled by default.
  Users should create ocsp-dir (default: /var/lib/hitch/) and make it
  writable for the hitch user.
- Build error due to man page generation on FreeBSD (most likely non-Linux)
  has been fixed.

hitch-1.4.2 (2016-11-08)
------------------------

- Example configuration file hitch.conf.example has been shortened and
  defaults moved into Hitch itself. Default cipher string is now what we
  believe to be secure. Users are recommended to use the built-in default
  from now on, unless they have special requirements.
- hitch.conf(5) manual has been added.
- Hitch will now send a TLS Close notification during connection teardown.
  This fixes an incomplete read with a GnuTLS client when the backend
  (thttpd) used EOF to signal end of data, leaving some octets discarded
  by gnutls client-side. (Issue 127_)
- Autotools will now detect SO_REUSEPORT availability. (Issue 122_)
- Improved error handling on memory allocation failure.
   2016-10-02 11:19:36 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update security/hitch to 1.4.1.

- Add a new tls-protos configuration option for specifying the
  permitted TLS/SSL protocols. This new option supersedes settings
  ssl and tls which are now deprecated and will be kept for
  backwards compatibility.