./security/hitch [libev-based high performance TLS proxy]
[+] Add this package to your ports tracker

[ CVSweb ] [ Homepage ] [ RSS feed ]

Version: 1.4.8, Package name: hitch-1.4.8
Maintained by: Klemens Nanni
Master sites:
Description
Hitch is a libev-based high performance TLS proxy designed to handle 10s of
thousands of connections efficiently on multicore machines.

It supports ALPN, SNI, PROXY protocol, automatic OCSP stapling as well as
seamless configuration reloads of certificates and listen endpoints.


Filesize: 290.144 KB
Version History (View Complete History)
  • (2018-05-01) Package added to openports.se, version hitch-1.4.8 (created)
[show/hide] View available PLISTS (Can be a lot of data)

CVS Commit History:

   2018-06-02 03:51:33 by Klemens Nanni | Files touched by this commit (3)
Log message:
Fix permissions, add "cpath" promise for OCSP worker
Hitch may create new staple files at runtime.
Found by Maxim Tarasov <mu@magi.net.ru>, thanks!
Feedback and OK sthen
   2018-06-02 03:51:33 by Klemens Nanni | Files touched by this commit (3)
Log message:
Fix permissions, add "cpath" promise for OCSP worker
Hitch may create new staple files at runtime.
Found by Maxim Tarasov <mu@magi.net.ru>, thanks!
Feedback and OK sthen
   2018-06-02 03:51:33 by Klemens Nanni | Files touched by this commit (3)
Log message:
Fix permissions, add "cpath" promise for OCSP worker
Hitch may create new staple files at runtime.
Found by Maxim Tarasov <mu@magi.net.ru>, thanks!
Feedback and OK sthen
   2018-05-08 17:22:51 by Jeremie Courreges-Anglas | Files touched by this commit (2)
Log message:
Simpler pledge(2) approach
- always call pledge(2) with a string literal, instead of subtracting
promises from a mutable string.  Makes it easier to see what privileges
remain.
- call pledge(2) later in the initialization, so that we don't need to
care about too many promises eg "flock".
- always use "cpath" in the main process - needed at least if --pidfile
is passed.
Tested in basic setup, started as root with chroot and started as
_hitch, config reload still works.
ok kn@ (maintainer)
   2018-05-08 17:22:51 by Jeremie Courreges-Anglas | Files touched by this commit (2)
Log message:
Simpler pledge(2) approach
- always call pledge(2) with a string literal, instead of subtracting
promises from a mutable string.  Makes it easier to see what privileges
remain.
- call pledge(2) later in the initialization, so that we don't need to
care about too many promises eg "flock".
- always use "cpath" in the main process - needed at least if --pidfile
is passed.
Tested in basic setup, started as root with chroot and started as
_hitch, config reload still works.
ok kn@ (maintainer)