To: feedback@ml.delegate.org
Date: 21 Jul 2014 14:47:36 GMT
Subject: DeleGate/9.9.10 (STABLE) -- fixes around chained HTTP and HTTPS proxy
From: feedback@delegate.org (Yutaka Sato)
Reply-To: feedback@delegate.org
Lines: 83
X-Seqno: 5097 (via ml.delegate.org)
MIME-Version: 1.0 (generated by vin4.0.2)
Content-Type: text/plain; charset=US-ASCII
X-Mailer: Vin 4.0.2/070321 on Linux/2.4.2-2
Organization: The DeleGate Project
Message-Id: <1JpFTo.feedback@delegate.org>
References: <_A5062@delegate-en.ML_> <_A5063@delegate-en.ML_>
        <_A5084@delegate-en.ML_> <_A5089@delegate-en.ML_>
X-Forwarded: by - (DeleGate/10.0.0-pre1)

Dear DeleGate users,

I inform you of the new release of DeleGate available as follows:
--------------------------------------------------------------------------
DeleGate/9.9.10 (STABLE) -- fixes around chained HTTP and HTTPS proxy
                                                            July 21, 2014
--------------------------------------------------------------------------
This release includes a fix to enable a HTTP-DeleGate proxy, chained
to upstream proxy, can forward non-HTTP protocols (HTTPS/SSL, FTP, NNTP,
etc) as well as HTTP.

HTTP (proxy chaining for multiple protocols)
  - Fixed relaying arbitrary protocols to upstream HTTP proxy (in HTTP
    protocol).
    DeleGate as an HTTP proxy can be chained to upstream HTTP proxy(ies)
    with the PROXY (or FORWARD) parameter(s).  With the PROXY
    parameter, it forward any protocol to the specified upstream proxy.
    But, unfortunately, since 9.9.8-pre21 (released Jan. 2013), only HTTP
    protocol is relayed in HTTP protocol, while other protocols
    were relayed in the DeleGate-specific protocol. Thus if the upstream
    proxy is not DeleGate, the relay fails.
  - A workaround in older versions to escape the problem is using not
    PROXY but FORWARD like FORWARD="http-proxy://Host:Port"

HTTPS (SSL-tunneling with non-SSL blocker)
  - Disabled non-half-duplex communication blocker over SSL-tunnel by
    default.  (It can be enabled with HTTPCONF="halfdup")
  - Relaxed the threshold for non-SSL detection and blocking, not to
    break normal SSL communications with long latency.
    The default has become HTTPCONF="tout-pack-intvl:10.0" (which was
    "3.0" seconds in older versions).
  - Excluded several HTTPS server domains (google and facebook) from
    the subjects of non-SSL blocker.  It is equivalent to
    CMAP="thru-CONNECT:HTTPCONF:https:*.google.com,*.facebook.com".
  - In older versions, especially when DeleGate as a HTTPS proxy is
    chained to the upstream proxy, the blocker can be so bad that makes
    connection to HTTPS server, for example Google Mail, frozen at the
    start.
  - This blocker can be bypassed totally by the "-Dst" option in any
    version of DeleGate.

SOCKS (core dump with CONNECT=socks option)
  - It hits a stale area on the stack to cause segmentation violation
    where both FORWARD=socks://host:port and CONNECT=socks is specified.
    The situation occurs after secondary SOCKS connection.

yysh (remote login shell of DeleGate)
  - Re-enabled the yysh server on Windows which was disabled in
    9.9.7-pre23 (Feb. 2010) due to the bug in the the supplementary
    program for Windows, "dgforkpty.exe".
  - Periodic sending of packets toward the yysh server to keep the
    connection alive.  A connection of yysh has been dropped often after
    no communication over it for several minutes.  It was so bad
    especially when logging into a remote host on a cloud service.
  - The interval of keep-alive packets can be specified with -tiT
    opther where T is 60 (seconds) by default.

SSL/Cygwin (dynamic linking of SSL libraries)
  - Made Cygwin version DeleGate use dynamic library of SSL for Cygwin
    named as "cygXXX.dll".
  - It is equivalent to specifying DYLIB="cyg%s-0.9.8.dll,+"
  - Cygwin version of DeleGate and SSL libraries is necessary for "yysh",
    the remote login shell of DeleGate, with STLS=fsv or "-ys" option.

--------------------------------------------------------------------------
  SITE: <URL:ftp://ftp.delegate.org/pub/DeleGate/>
  FILE: delegate9.9.10.tar.gz
  DATE: Jul 21 22:10 JST 2014
  TAR-SIZE: 8396800 bytes
  TAR-MD5:  0715ac4ac671f7e618cac7677370bf24
  PUBLIC-KEY: http://www.delegate.org/rsa-pubkey.pem
  SRCSIGN=9.9.10:20140721221012+0900:68d4c88072823f5b
  TAR-MD5-SIGN:
    r02Q53AMOC8SvONO6DzdiR9mXcFOuXsjKPtfZVg8Cw7QM7u66rRQ6uUlp07WapYvP//YRxdk
    HdKVb0Zt0z8tnxJ6vFeKmBvPHQGLwuapMQ6c9VqNlH5Z/uzbcbn6wqzWh6jfSxPHglaijtOA
    HiNJzBVAdbnvT/C5dXGRKzM5kqs=

Cheers from Japan,
Yutaka
--
  9 9   Yutaka Sato { Do the more with the less -- B. Fuller }
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan