Article delegate-en/3403 of [1-5152] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3303@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] DeleGate/9.2.3 (BETA) -- Man-In-The-Middle proxy, syslog support, faster CFI, fixes for FTP and Windows
16 Jul 2006 00:17:47 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Dear DeleGate users,

I inform you of the new release of DeleGate available as follows:
--------------------------------------------------------------------------
 DeleGate/9.2.3 (BETA) -- Man-In-The-Middle proxy, syslog support, faster CFI, fixes for FTP and Windows

- sending syslog to multiple syslog servers (with SYSLOG="syslog//host:port")
- relaying HTTPS/SSL in Man-In-The-Midle mode (with STLS="mitm")
- passing through without checking HTTPS/SSL to Windows Update by default
- faster CFI removing delay around process creation, especially on Windows
- fixed file-handle jamming which can cause "abort" or empty data on Windows

+ sending syslog to multiple syslog servers (with SYSLOG="syslog//host:port")
  <URL:http://www.delegate.org/delegate/syslog/>

  Basic functionality for syslog control were built-into DeleGate/9.2.3.
  The simplest way to enable syslog is:

      SYSLOG=

  It enables sending LOGFILE (the detailed logfile of the activity of
  DeleGate) and PROTOLOG (access log as common-logfile for HTTP or xferlog
  for FTP) to the local logger on the host. 

+ relaying HTTPS/SSL in Man-In-The-Midle mode (with STLS="mitm")
  <URL:http://www.delegate.org/delegate/mitm/>

  Peeping the encrypted communication in HTTPS/SSL as a HTTP proxy becomes
  necessary in several situations. If the peeping is done by stealth by a
  malicious third party, it should be prevented as Man-In-The-Middle attack.
  But if it is done by the same party including the user of the client, it
  can be a useful feature.
  Configuring DeleGate as a HTTP proxy to do such peeping has become easy
  in the version 9.2.3, with a STLS option just as:

      STLS=mitm

  By this option, all of HTTPS/SSL communications relayed on it become
  peepable.  The following is an example of a HTTP proxy to peep the
  HTTPS/SSL request messages toward the server.

      delegated -v -P8080 SERVER=http STLS=mitm FTOSV=-tee-n

--------------------------------------------------------------------------
  SITE: <URL:ftp://ftp.delegate.org/pub/DeleGate/>
  FILE: delegate9.2.3.tar.{gz,bz2}
  DATE: Jul 16 06:30 JST 2006
  TAR-SIZE: 5928960 bytes
  TAR-MD5:  1c2b9964fe3a0c5bdaa4636f8d037d66
  PUBLIC-KEY: http://www.delegate.org/rsa-pubkey.pem
  TAR-MD5-SIGN:
    tawY4k/1ZVfK6ibFHFCg+1SqH/2w3yuOnPNEk+mEtqzKrbb096q6ice5b59HHRrPxDn7qtTw
    Ceazt70iZf9qeGqTH681mQKjzuW/6Rkys7unLU3grKmVmz/abTyKlsWoPGFPaX8p7WCUzI6D
    9pj3Mbs/dUzFUNECdVUuR1I8jJA=

[NEW]
 * SYSLOG: supported sending syslog to multiple SYSLOG=syslog//host:port
 + SYSLOG: enabled SYSLOG=-vs,-vh,file:/path
 + SYSLOG: enabled bind. syslog src. port. as SRCIF=:514:syslog
 * MITM/STLS/HTTP: introduced STLS="mitm" Man-In-The-Midle mode
 + MITM/STLS/HTTP: spot MITM by STLS=-mitm + "https://-mitm.host.domain"
 + MITM/STLS/HTTP: supported Proxy-Authorization in MITM mode
 + FTP: enabled FTPCONF=noport for client
 + FTP: added announcement of "AUTH TLS" to FEAT command
 + FTP: supported caching MLST and MLSD response
 + FTP: added Unique=B64(dev,ino) fact to MLST/MLSD resp.
 + CFI: removed the delay by msleep(100) for CFI on Win
 + CFI: don't insert pre-filter for FTOCL of CFIscript (Win)
 + CFI: don't use a command shell by system() if unncessary
 + HTTP: delayed inserting (possibly unnecessary) CFI until response relay
 + HTTP: HTTPCONF=bugs:no-cfi-delay to force immediate CFI insertion
 + HTTP: HTTPCONF=bugs:do-pre-filter to force "pre-filter"
 + general: supported Notify-Mail on ABORT in the initialization phase
 + general: introduced internal log in the initizlization phase
 + general: introduced "virtual node" with file stat (by facts of MLST)
 + general: check ports before being a service to be blocked (Win)
 + general: introduced file copying suppressing identical one
 + general: all directories in symlink chain of executable into LIBPATH
 + general: -vT3 -vT6 ... for log. time stamp in milli/micro seconds
 + general: stopped repetitive search for gzip.exe on spawn (Win)
 + general: tracing socket/descriptor mapping by -ds option (Win)
 + MOUNT: introduced "vurl:URL" in rURL for recursive MOUNT
 + auth: enabled AUTHORIZER=authServ({user:pass@host:port})
 + auth: enabled AUTHORIZER=authServ(user) + AUTH=admin::user
 + DNS: wildcard "*" in host-name in /etc/hosts
 + DNS: introduced "unknown::*.domain"

[CHANGE]
 + general: changed to use vsnprintf() instead of snprintf()
 + general: moved service start log to TEMP/delegate/ (Win)
 + HTTP: added CMAP=thru-CONNECT:HTTPCONF:https:update.microsoft.com
 + HTTP: relay gzip encoded text as a binary from the start
 + general: CountUp log be optional (can be activated by COUNTER=do,debug)
 + general: convert DGROOT=rel-path to abs-path in argv[] (Win)
 + general: pass DGROOT=abs-path in argv[] to childlen (Win)
 + general: substituion of ${EXECDIR} in DGPATH, DATAPATH, SUBIN, ...
 + general: Peek() recv(MSG_PEEK) on MacOSX (Darwin8)

[FIX]
 * Win: fixed file-descriptor jam (can cause ABORT) after fclose(socket) on Win
 + FTP: escaping response code (inserting SP) in message from server
 + FTP: coped with commands with relative-path arg. on virtual-dir.
 + FTP: set "asproxy" (exit stab mode) after MLST //serv + CWD //serv (9.2.2)
 + FTP: suppressed "recvPeek: failed: 0" flood in LOGFILE
 + FTP: fixed to hold virtual CWD in switchings by non-CWD
 + FTP: virtualized the real-path returned in MLST response
 + FTP: fixed listing symbolic links in MLSD 
 + FTP: fixed proxying by "USER user@server" (9.2.2)
 + FTP: fixed SERVER=ftp://server (disabled in 9.2.2)
 + HTTP: don't reuse cache/Keep-Alive if no PERMIT matched with AUTHORIZER
 + HTTP: enabled @Realm even for -none or -any
 + HTTP/HTTPS-GW: broken header erasing Cookie "Secure" flag
 + HTTP: suppressed fwrite() in caching "takeover"mode for text
 + HTTP: fixed automatic MovedTo from "url" to "url/" by MOUNT="http://* ..."
 + CFI: fixed possible SEGV with CFI on fileno(NULL)
 + CCX: fixed broken char-code conv. for UTF-8 and EUC (9.2.0-pre7)
 + DNS: resolving a hostname including "_" (9.2.0)
 + Linux: close tty/stdin to be a daemon (for SSH+Linux)
 + general: enabled DGROOT="../dir"
 + general: loading ${EXECNAME}.conf on Win (with .exe)
 + general: finding EXECDIR of self in PATH
 + general: don't check the ${EXECNAME}.conf for every "DeleGate" (8.9.6/Win)

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V