hitch 1.4.8

hitch is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle 10s of thousands of connections efficiently on multicore machines.

Tags internet proxy-server tls
License BSDL-2
State stable

Recent Releases

1.4.820 Apr 2018 13:25 minor feature: Prepare for 1.4.7 . Bad identation. . Set default locations for trusted CA certificates only where needed. . Rework the dynamic backend bits. . Whitespace nitpick. . Don't the mgt- child pipe on backend refreshes. . Drop nobody:nogroup from example config. . Override user/group for example.conf test case. . Prepare for 1.4.8.
1.4.712 Jan 2018 06:25 minor feature: Avoid C99 dependent for loop syntax . Use correct ALPN protocol identifier in manual page. . Plug file descriptor leak. . strcmp(3) usage. . Add the steps required for a commercial CA. . tests: condition and actually skip test if appropiate. . tests: Drop unneeded quotes, treat integer values. . Start a general-purpose command runner for tests. . Minor shell polish. . Use the openssl cli to find available extensions. . mv common.sh hitch_test.sh. . Code style OCD. . Move main() down in parse_proxy_v2. . Add support for session-cache in config file and as cmdline option #166. . : global backaddr is assumed to be static #84. . Logging to syslog even when set to syslog = off? #187. . Support for separate key files #65. . Random usage of config section if reduntant #192. . sending out worker_update notification. . Use pointer dereference instead of sizeof(struct). . Ensure input_line has a terminating null byte. . parameter value parsing. . Rename positive_only into non_negative for config_param_val_ int,long . . Print parsing error messages correctly. . Put network includes after kernel includes. . Hardening the shell is the first thing to do. . Run the test suite in a temp directory. . Test helper hitch_start to start Hitch as a daemon. . Print test diagnostics to stderr. . Wrap openssl s_client commands in a function. . Polish the old cfg test case. . New more reliable curl_hitch test helper. . Always use -prexit via s_client test helper. . Don't write the hitch listen address in a file. . Let the s_client helper find where to connect. . Flesh out tests with multiple listen addresses. . Polish test 06. . Make sure TEST_TMPDIR is always absolute. . Turn curl errors into automake errors. . Teach curl_hitch to skip unknown options. . Teach curl_hitch when to use the first listen address. . Listen to what curl_hitch has to say. . New hitch_pid helper to send signals. . Use hitch_hosts to check the old address in test 11. . More
1.4.502 Jun 2017 23:05 minor feature: Asterisk is not a valid node for getaddrinfo(). gettimeofday(2) needs sys/time.h. Another case of gettimeofday(2) needing sys/time.h. unchecked loop situation with shared cache enabled. Make shared cache code work with openssl 1.1. building with libressl. Set SSL_OP_SINGLE_ECDH_USE to force a fresh ECDH key pair per handshake. Merge branch 'listen_all' of https://github.com/lkarsten/hitch into l?. Clean up a few things in the previous patch. Printing invalid cmd args /once/ is sufficient. Add a link to the PROXY spec in the docs. typo in man page. Distribute and preserve lex/yacc droppings. One line per source file. Make sure to always satisfy dependencies. Enable silent rules by default. Redundant. Polish. Move the configuration parser to a static library. Need sys/filio on SunOS for FIONBIO. s/unix/local/. OpenSSL 1.1 does not require locking callbacks. Enhance system libraries detection. Separate foreign sources from hitch. Get _GNU_SOURCE as a system extension. Merge CFLAGS. Polish hitch CFLAGS. Move CFLAGS detection to autoconf. Polish. libnsl detection. Make -Wno-strict-aliasing a flag only for libev. configuration.h includes . Un-break session-cache for OpenSSL 1.1. missing include. Don't export these symbols. a couple of potential overflow situations. It turned out lib conditionals weren't needed. strcasecmp needs this. Can't claim POSIX.1-2008 yet. Can't target C99 yet. Enable and automake warnings. Code style OCD. Allow hitch to bind random ports. Move create_alpn_callback_data up. Macroize options parsing. Avoid leaking a zombie process for the OCSP child. Don't chroot(2) the management process. Avoid C99 dependent for loop syntax. Drop dead lines. build for automake 1.14. Typo in previous commit. Quote the offending line on a parsing error. Kill unused locations. make distcheck. Prepare for 1.4.5. Update changelog references.
1.4.423 Dec 2016 03:15 minor feature: Typo in TLS config warning. Remove special handling of old host format. Improve clarity. Make Hitch compatible with OpenSSL 1.1.0. Make sure we always have a sane refresh_hint set for OCSP refreshes. Force SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks on older. Changelog. Respect OPENSSL_NO_NEXTPROTONEG. 1.4.4.
1.4.318 Nov 2016 15:40 minor feature: OCSP stapling is now enabled by default. Users should create ocsp-dir (default: /var/lib/hitch/) and make it writable for the hitch user. Build error due to man page generation on FreeBSD (most likely non-Linux) has been fixed.