Article delegate-en/2920 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2893@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en
[DeleGate-En] DeleGate/8.11.3 -- fixed permission for SSLtunnel and STLS, Cookie to/from HTTPS/HTTP
21 Apr 2005 19:48:13 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project 

Dear DeleGate users,

I inform you of the new release of DeleGate available as follows:
--------------------------------------------------------------------------
 DeleGate/8.11.3 -- fixed permission for SSLtunnel and STLS, Cookie to/from HTTPS/HTTP

Fixed so that "SSL tunneling" is forbidden solely with RELAY="no" option.
The option was intended to be used, as written in the reference manual
(Manual.htm), to let DeleGate work as an origin HTTP server without
proxy functionality.  But the "SSL tunneling", or proxying with CONNECT
methos, has not been forbidden with the option.  To forbid it, the
REMITTABLE parameter was necessary to be set excluding "https" in its
values, but the default value of the parameter is
REMITTABLE="http,https/{80,443},gopher,ftp,wais" for HTTP-DeleGate
(DeleGate running with SERVER=http).  This means that the DeleGate with
RELAY="no" could still be utilized as a relay to arbitrary server on
standard HTTP and HTTPS port, if no REACHABLE parameter is specified to
restrict reachable servers from the DeleGate.  This problem was fixed in
this release so that RELAY="no" is enough to forbid such relaying.
--------------------------------------------------------------------------
  SITE: ftp://ftp.delegate.org/pub/DeleGate/
  FILE: delegate8.11.3.tar.{gz,bz2}
  DATE: Apr 22 03:29 JST 2005
  TAR-SIZE: 4802560 bytes
  TAR-MD5:  d9bfc882acc9b173a0ac4578a1f9f3b2
  PUBLIC-KEY: http://www.delegate.org/rsa-pubkey.pem
  TAR-MD5-SIGN:
    qhIWz2E63dOWwY1P/DjPCkvlNyXHqBJGI83rLKw3FRUXzCACK+CuKqjiAS7aV5kFjIyLCGpS
    f3ge3mEoX7hFRnH9RRQCHmLJmFGUtt7kFnYly2eScA98UsShQqxsz45TUNNLqj1x79JvLc35
    Ii5NR48zBLzlwEpQlbnIgsOVG8s=

[NEW]
[CHANGE]
[FIX]
 * HTTP: fixed to forbid CONNECT by RELAY=no (without RELAY=proxy)
 + STLS/FTP: fixed to reject non-SSL FTP client with STLS=fcl
 + SOCKS: fixed Socks5 CONNECT work with FTOSV,FFROMSV
 + HTTP: fixed Cookie rewriting for HTTPS/HTTP MOUNT
 + CFI: fixed Header-Filter (since 8.10.3)

Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V