./security/hitch [libev-based high performance TLS proxy]
[+] Add this package to your ports tracker

[ CVSweb ] [ Homepage ] [ RSS feed ]

Version: 1.5.2, Package name: hitch-1.5.2
Maintained by: The OpenBSD ports mailing-list
Master sites:
Hitch is a libev-based high performance TLS proxy designed to handle 10s of
thousands of connections efficiently on multicore machines.

It supports ALPN, SNI, PROXY protocol, automatic OCSP stapling as well as
seamless configuration reloads of certificates and listen endpoints.

Filesize: 302.369 KB
Version History (View Complete History)
  • (2019-11-29) Updated to version: hitch-1.5.2
  • (2019-08-19) Updated to version: hitch-1.5.0
  • (2018-05-01) Package added to openports.se, version hitch-1.4.8 (created)
[show/hide] View available PLISTS (Can be a lot of data)

CVS Commit History:

   2020-06-26 11:41:14 by Klemens Nanni | Files touched by this commit (1)
Log message:
Remove myself as MAINTAINER
I no longer use this;  1.6.0 is out but someone else should
take care of this TLS proxy, otherwise I tend to remove it
rather than leaving an unmaintained port behind.
   2020-04-22 05:18:32 by Klemens Nanni | Files touched by this commit (3)
Log message:
Remove unneeded configure patch
Remvoing the default "-O2" is pointless since our CFLAGS are always
honored and passed after the default, hence overriding them.
Comment all other patches while here.
   2019-11-28 13:00:44 by Klemens Nanni | Files touched by this commit (6)
Log message:
Update to hitch 1.5.2
hitch-1.5.2 (2019-11-27)
- Fix a problem introduced in the previous release that prevented us from
running as a non-privileged user (Issue: 322).
hitch-1.5.1 (2019-11-26)
- Support for TCP Fast Open. Is is disabled by default (Issue: 185)
- Various code cleanups and minor bug fixes.
Upstream reworked their privdrop code and I have neither time nor further
interest in maintaining pledge patches, so drop support for it.
   2019-08-18 02:34:02 by Klemens Nanni | Files touched by this commit (6)
Log message:
Update to hitch 1.5.0
* Support for UNIX domain socket connections. A backend endpoint can now
be specified as a UNIX domain socket, via backend = "/path/to/socket".
* New configuration file settings pem-dir and pem-dir-glob. pem-dir can
be used to specify a directory for loading certificates, without
specifying each file individually.
* Support for TLS 1.3. Thanks to Lasse Karstensen.
* Fixed a bug that would cause a crash on reload if ocsp-dir was changed.
* Add log-level. This supersedes the previous quiet setting,
which is now deprecated.
* Add proxy-tlv. This enables extra reporting of cipher and protocol as
part of the PROXYv2 protocol.
* Drop TLSv1.1 from the default TLS protocols list.
Use Python 3 during build and make tests depend on the current version while
   2019-07-12 14:49:09 by Stuart Henderson | Files touched by this commit (854)
Log message:
   2018-12-09 05:05:25 by Antoine Jacoutot | Files touched by this commit (4)
Log message:
Don't hardcode user in $deamon (i.e. -u foo).
Use daemon_flags for this, it's what it's for.
ok sthen@
   2018-06-02 03:51:33 by Klemens Nanni | Files touched by this commit (3)
Log message:
Fix permissions, add "cpath" promise for OCSP worker
Hitch may create new staple files at runtime.
Found by Maxim Tarasov <mu@magi.net.ru>, thanks!
Feedback and OK sthen
   2018-05-08 17:22:51 by Jeremie Courreges-Anglas | Files touched by this commit (2)
Log message:
Simpler pledge(2) approach
- always call pledge(2) with a string literal, instead of subtracting
promises from a mutable string.  Makes it easier to see what privileges
- call pledge(2) later in the initialization, so that we don't need to
care about too many promises eg "flock".
- always use "cpath" in the main process - needed at least if --pidfile
is passed.
Tested in basic setup, started as root with chroot and started as
_hitch, config reload still works.
ok kn@ (maintainer)