Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner. This includes the following user-visible changes:
- Generated filenames that contain host and port, such as by -S and
-F %d and %s, now use a host,port format instead of [host]:port.
- Connect log now uses separate fields for host and port.
Issue: #69#74
Reported by: Adam Jacob Muller
- Update copyright to 2015
- Remove the non-standard "unmodified" from the 2-clause BSD license
- Remove scalable from the tagline to avoid misinterpretations
Make -w and -W work in conjunction with dropping privileges and
chrooting by moving the cert writer code to a separate logger thread and
using the privsep framework to open the files if they do not exist
already.
Issue: #70
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets. Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations. This is also a
preparation for -l/-L logfile reopening through SIGUSR1.
This means that -S and -F are no longer relative to chroot() if used
with -j. This is a deliberate POLA violation.
Always explicitly name which arguments are non-null, even if all
arguments are non-null. This is to avoid bugs where newly added
arguments are automatically non-null by accident, possibly leading to
optimisation errors.
This also fixes a few potential errors related to non-null arguments;
specifically it prevents the compiler optimising away a test for sni
being NULL in cachedsess_mkkey().
Issue: #14
Reported by: kythyria