CHANGES

@@ -1,18 +1,3 @@
-Changes to proxytunnel 1.12.3 -- Fri Mar 7 23:04:25 CET 2025
-
-- PR #83 from https://github.com/tofurky to avoid printing unterminated string
-  in readline().
-- PR #86 from https://github.com/e9hack to fix and improve ntlm authentication.
-- PR #89 from https://github.com/njbraun to increase MAX_HEADER_SIZE to 4k.
-- From Sven Geuer, https://github.com/68420948
-  - Chmode 755 to 644 for file CHANGES.
-  - Drop obsolete entry about SSL proxy support from file TODO. 
-
-Changes to proxytunnel 1.12.2 -- Mon Mar 25 14:50:38 CET 2024
-
-- PRs #79 and #80 from https://github.com/hoilc implementing github action to
-  build windows binary. 
-
 Changes to proxytunnel 1.12.1 -- Tue Feb  6 17:36:38 CET 2024
 
 [ Sven Geuer, https://github.com/68420948 ]

INSTALL.md

@@ -10,55 +10,6 @@ to build simply run `make` and optionally `make install`.
 If you manually want to install, copy proxytunnel to /usr/local/bin
 and optionally the manual-page from the debian-subdirectory to your manpath
 
-# Nix Flakes
-
-> NOTE: The Nix Flake installation currently only supports the `x86_64-linux` platform, and has not been tested on other architectures.
-
-A simple Nix Flake is included to allow for use via flake inputs. To create a temporary Nix Shell with access to the `proxytunnel` binary, you can run the command:
-```console
-nix develop github:proxytunnel/proxytunnel
-```
-If you instead want to include it as a flake input, the following `flake.nix` shows how to do so:
-```nix
-{
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-
-    # Add proxytunnel as an input
-    proxytunnel.url = "github:proxytunnel/proxytunnel";
-  };
-
-  outputs = {
-    nixpkgs,
-    proxytunnel,
-    ...
-  }: let
-    system = "x86_64-linux";
-    pkgs = import nixpkgs {
-      system = "x86_64-linux";
-      overlays = [
-          # Add proxytunnel's default features to your nixpkgs
-          proxytunnel = proxytunnel.overlays.default;
-
-          # For a full list of override options, see `nix/proxytunnel.nix`
-      ];
-    };
-  in {
-    devShells.${system}.default = pkgs.mkShell {
-      packages = [ 
-        # Make the `proxytunnel` binary available in a Nix Shell
-        # The above overlay adds it to nixpkgs. Without the overlay, use proxytunnel.packages.${system}.default
-        pkgs.proxytunnel
-
-        # And include any other packages as desired...
-        pkgs.gcc
-        # ...
-      ];
-    };
-  };
-}
-```
-
 # msys2
 
 To install msys2 with [chocolatey](https://chocolatey.org/install):

Makefile

@@ -14,15 +14,8 @@ OPTFLAGS += -DHAVE_GETOPT_LONG
 # Comment if you don't have/want ssl
 OPTFLAGS += -DUSE_SSL
 
-# MSYS
-# The current version of gcc from MSYS defines __MSYS__ and __CYGWIN__.
-# To avoid to change the code, simply define CYGWIN additionally. 
-ifneq ($(filter $(MSYSTEM),MSYS MINGW32 MINGW64 UCRT64),)
-CFLAGS += -DCYGWIN
-else
-# Most systems, MSYS definitely not
+# Most systems
 OPTFLAGS += -DSETPROCTITLE -DSPT_TYPE=2
-endif
 
 # System dependant blocks... if your system is listed below, uncomment
 # the relevant lines
@@ -66,6 +59,7 @@ mandir = $(datadir)/man
 OBJ = proxytunnel.o	\
 	base64.o	\
 	strzcat.o	\
+	setproctitle.o	\
 	io.o		\
 	http.o		\
 	basicauth.o	\
@@ -76,10 +70,6 @@ OBJ = proxytunnel.o	\
 	ntlm.o		\
 	ptstream.o
 
-ifneq (,$(findstring -DSETPROCTITLE,$(OPTFLAGS)))
-OBJ += setproctitle.o
-endif
-
 UNAME = $(shell uname)
 ifneq ($(UNAME),Darwin)
 OBJ += strlcpy.o	\

TODO

@@ -7,6 +7,11 @@
   or: proxytunnel -p username:password@local-proxy:port -r username:password@remote-proxy:port -d %h:%p
 
 
+### SSL proxy support
+- Starting with Apache 2.4 using CONNECT over SSL is supported !!
+  See: http://issues.apache.org/bugzilla/show_bug.cgi?id=29744
+
+
 ### Code cleanup
 - Find some hardcore C experts to help us improve the code quality
 

buildwin.sh

@@ -4,13 +4,13 @@ echo "Build docs..."
 make -C docs
 
 echo "Build proxytunnel..."
-make -f Makefile
-strip -s proxytunnel.exe
+make -f Makefile.ssl11
+
+echo "Copy msys/openssl dll to build dir..."
+cp  /usr/bin/msys-2.0.dll /usr/bin/msys-crypto-1.1.dll /usr/bin/msys-ssl-1.1.dll /usr/bin/msys-z.dll .
 
 echo "Generate proxytunnel.zip with docs, exe and msys/openssl dll..."
-zip proxytunnel.zip proxytunnel.exe docs/proxytunnel.1 docs/proxytunnel.1.html docs/proxytunnel-paper.html
-DLLS="$(ldd proxytunnel.exe | grep msys.*\.dll | awk '{print $3}' | xargs) /usr/lib/ossl-modules/legacy.dll"
-zip proxytunnel.zip -j $DLLS 
+zip proxytunnel.zip proxytunnel.exe *.dll docs/proxytunnel.1 docs/proxytunnel.1.html docs/proxytunnel-paper.html
 
 if [ ! -z "${TRAVIS_TAG}" ]; then 
 echo "Deploy proxytunnel.zip to github release tag:${TRAVIS_TAG}..."

cmdline.c

@@ -596,7 +596,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar
 		}
 	}
 
-	if (! args_info->proxy_given || ! args_info->dest_given ) {
+	if (! args_info->proxy_given && ! args_info->dest_given ) {
 		clear_args ();
 //		cmdline_parser_print_help ();
 		message( "No proxy or destination given, exiting\nUse '--help' flag for usage info\n" );

cmdline.h

@@ -23,7 +23,7 @@
 #ifndef _cmdline_h
 #define _cmdline_h
 
-#define MAX_HEADER_SIZE 4096
+#define MAX_HEADER_SIZE 1024
 
 struct gengetopt_args_info {
 	char *user_arg;			/* Username to send to HTTPS proxy for auth. */

config.h

@@ -17,9 +17,9 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  */
 
-#define VERSION "1.12.3"
-#define VERSION_YEAR "2025"
-#define VERSION_DATE "2025-03-07"
+#define VERSION "1.12.1"
+#define VERSION_YEAR "2024"
+#define VERSION_DATE "2024-02-06"
 #define PACKAGE "proxytunnel"
 #define PURPOSE "Build generic tunnels through HTTPS proxies"
 #define AUTHORS "Jos Visser (Muppet) <josv@osp.nl>, Mark Janssen (Maniac) <maniac@maniac.nl>"

docs/proxytunnel.1.adoc

@@ -6,7 +6,7 @@ proxytunnel - program to tunnel a connection through a standard HTTPS proxy
 
 
 == SYNOPSIS
-*proxytunnel* [_OPTION…_]
+*proxytunnel* [_OPTION…_] [_host_++:++_port_]
 
 
 == DESCRIPTION
@@ -32,16 +32,15 @@ also be used for other proxy-traversing purposes like proxy bouncing.
     	[2001:db8::123:4567:89ab:cdef%eth0]:22
 
 *-p*, *--proxy*=_host_++:++_port_::
-    Use _host_ and _port_ as the local (primary) proxy to connect to, if not
-    specified the *HTTP_PROXY* environment variable, if set, will be used
-    instead. This option or the environment variable are mandatory.
+    Use _host_ and _port_ as the local proxy to connect to, if not specified
+    the *HTTP_PROXY* environment variable, if set, will be used instead.
 
 *-r*, *--remproxy*=_host_++:++_port_::
     Use _host_ and _port_ as the remote (secondary) proxy to connect to.
 
 *-d*, *--dest*=_host_++:++_port_::
-    Use _host_ and _port_ as the destination for the tunnel. This is a
-    mandatory option.
+    Use _host_ and _port_ as the destination for the tunnel, you can also
+    specify them as the argument to the proxytunnel command.
 
 *-e*, *--encrypt*::
     SSL encrypt data between local proxy and destination.
@@ -151,6 +150,13 @@ also be used for other proxy-traversing purposes like proxy bouncing.
     Print version and exit.
 
 
+== ARGUMENTS
+_host_++:++_port_ is the destination hostname and port number combination.
+
+NOTE: Specifying the destination as arguments is exactly the same as
+specifying them using the *-d* or *--dest* option.
+
+
 == USAGE
 Depending on your situation you might want to do any of the following things:
 

flake.lock

@@ -1,61 +0,0 @@
-{
-  "nodes": {
-    "flake-parts": {
-      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib"
-      },
-      "locked": {
-        "lastModified": 1743550720,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1743583204,
-        "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-lib": {
-      "locked": {
-        "lastModified": 1743296961,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}

flake.nix

@@ -1,33 +0,0 @@
-{
-  description = "Basic flake that provides proxytunnel as a package or as a binary in a nix shell";
-
-  inputs = {
-    flake-parts.url = "github:hercules-ci/flake-parts";
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-  };
-
-  outputs = inputs @ {flake-parts, ...}:
-    flake-parts.lib.mkFlake {inherit inputs;} {
-      # TODO: Add support for more systems once checked.
-      systems = ["x86_64-linux"];
-
-      imports = [inputs.flake-parts.flakeModules.easyOverlay];
-
-      perSystem = {
-        config,
-        pkgs,
-        ...
-      }: {
-        overlayAttrs = {
-          inherit (config.packages) proxytunnel;
-        };
-
-        packages.proxytunnel = pkgs.callPackage ./nix/proxytunnel.nix {};
-        packages.default = config.packages.proxytunnel;
-
-        devShells.default = pkgs.mkShell {
-          packages = [config.packages.default];
-        };
-      };
-    };
-}

http.c

@@ -37,16 +37,17 @@
  * header
  */
 void analyze_HTTP(PTSTREAM *pts) {
-	char *p;
+	char *p = strtok( buf, " ");
 
 	/* Strip html error pages for faulty proxies (Stephane Engel <steph[at]macchiati.org>) */
-	do {
-		if (readline(pts) <= 0) {
+	while (strncmp( p, "HTTP/", 5) != 0 ) {
+		if ( readline(pts) ) {
+			p = strtok( buf, " ");
+		} else {
 			message( "analyze_HTTP: readline failed: Connection closed by remote host\n" );
 			exit(2);
 		}
-		p = strtok( buf, " \t");
-	} while (strncmp( p, "HTTP/", 5) != 0 );
+	}
 
 	if (strcmp( p, "HTTP/1.0" ) != 0 && strcmp( p, "HTTP/1.1" ) != 0) {
 		message( "Unsupported HTTP version number %s\n", p );
@@ -116,7 +117,6 @@ void proxy_protocol(PTSTREAM *pts) {
 		if (args_info.ntlm_flag) {
 			if (ntlm_challenge == 1) {
 				build_type3_response();
-				ntlm_challenge = 2;
 				strzcat( buf, "Proxy-Authorization: NTLM %s\r\n", ntlm_type3_buf );
 			} else if (ntlm_challenge == 0) {
 				strzcat( buf, "Proxy-Authorization: NTLM %s\r\n", ntlm_type1_buf );
@@ -157,7 +157,7 @@ void proxy_protocol(PTSTREAM *pts) {
 	/* Read the first line of the response and analyze it */
 	analyze_HTTP(pts);
 
-	if (ntlm_challenge < 3 && args_info.remproxy_given ) {
+	if (args_info.remproxy_given ) {
 		/* Clean buffer for next analysis */
 		while ( strcmp( buf, "\r\n" ) != 0 )
 			readline(pts);
@@ -209,8 +209,8 @@ void proxy_protocol(PTSTREAM *pts) {
 	 * Then, repeat reading lines of the responses until a blank line
 	 * (which signifies the end of the response) is encountered.
 	 */
-	if (ntlm_challenge == 2) {
-		ntlm_challenge = 3;
+	if (ntlm_challenge == 1) {
+		ntlm_challenge = 2;
 	} else {
 		do {
 			readline(pts);

io.c

@@ -57,7 +57,7 @@ int readline(PTSTREAM *pts) {
 
 	if( args_info.verbose_flag ) {
 		/* Copy line of data into dstr without trailing newline */
-		char *dstr = calloc(1, strlen(buf) + 1);
+		char *dstr = malloc(strlen(buf) + 1);
 		strncpy( dstr, buf, strlen(buf));
 		if (strcmp(dstr, ""))
 			message( " <- %s\n", dstr );

nix/proxytunnel.nix

@@ -1,31 +0,0 @@
-{
-  gnu-system ? true,
-  set-proc-title ? true,
-  pkgs,
-}: let
-  optflags = "-DUSE_SSL ${
-    if gnu-system
-    then "-DHAVE_GETOPT_LONG"
-    else ""
-  } ${
-    if set-proc-title
-    then "-DSETPROCTITLE -DSPT_TYPE=2"
-    else ""
-  }";
-in
-  pkgs.stdenv.mkDerivation {
-    pname = "proxytunnel";
-    version = "1.12.3";
-    src = ./..;
-
-    buildInputs = [pkgs.openssl];
-
-    buildPhase = ''
-      make OPTFLAGS="${optflags}"
-    '';
-
-    installPhase = ''
-      mkdir -p $out/bin
-      cp ./proxytunnel $out/bin
-    '';
-  }

ntlm.c

@@ -29,9 +29,6 @@
 #include <ctype.h>
 #include <sys/time.h>
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-	#ifdef CYGWIN
-		#include <unistd.h>
-	#endif
 	#include <openssl/provider.h>
 	#include <openssl/evp.h>
 #else
@@ -74,55 +71,8 @@ unsigned char lm2digest[LM2_DIGEST_LEN];
 
 void init_ntlm() {
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-	OSSL_PROVIDER *provider;
-	provider = OSSL_PROVIDER_load(NULL, "default");
-	if (!provider) {
-		my_perror("Loading default provider failed");
-		exit(1);
-	}
-	provider = OSSL_PROVIDER_load(NULL, "legacy");
-#ifdef CYGWIN
-	if (!provider) {
-		// available at msys and git for windows
-		// the msys version has an additional dependency on libcrypto-3-x64.dll
-		provider = OSSL_PROVIDER_load(NULL, "/mingw64/lib/ossl-modules/legacy.dll");
-	}
-	if (!provider) {
-		// available at msys (without dependency on libcrypto-3-x64.dll)
-		provider = OSSL_PROVIDER_load(NULL, "/usr/lib/ossl-modules/legacy.dll");
-	}
-	if (!provider) {
-		// default installation path for additional tools
-		provider = OSSL_PROVIDER_load(NULL, "/usr/local/bin/legacy.dll");
-	}
-	if (!provider) {
-		// directory of proxytunnel itself
-		const char *p = strrchr(program_name, '/');
-		if (p) {
-			const int len = p - program_name;
-			char *tmp = (char*)alloca(len + sizeof("/legacy.dll"));
-			memcpy(tmp, program_name, len);
-			strcpy(tmp + len, "/legacy.dll");
-			provider = OSSL_PROVIDER_load(NULL, tmp);
-		}
-	}
-	if (!provider) {
-		// current working directory
-		char *cwd = getcwd(NULL, 0);
-		if (cwd) {
-			const int len = strlen(cwd);
-			char *tmp = (char*)alloca(len + sizeof("/legacy.dll"));
-			memcpy(tmp, cwd, len);
-			free(cwd);
-			strcpy(tmp + len, "/legacy.dll");
-			provider = OSSL_PROVIDER_load(NULL, tmp);
-		}
-	}	
-#endif
-	if (!provider) {
-		my_perror("Loading legacy provider failed");
-		exit(1);
-	}
+	OSSL_PROVIDER_load(NULL, "default");
+	OSSL_PROVIDER_load(NULL, "legacy");
 	md4alg = EVP_md4();
 	md5alg = EVP_md5();
 	mdctx = EVP_MD_CTX_new();

proxytunnel.h

@@ -30,10 +30,8 @@ void analyze_HTTP(PTSTREAM *pts);
 void proxy_protocol(PTSTREAM *pts);
 void closeall();
 void do_daemon();
-#ifdef SETPROCTITLE
 void initsetproctitle(int argc, char *argv[]);
 void setproctitle(const char *fmt, ...);
-#endif
 
 #if defined(__APPLE__) && defined(__MACH__)
 /* Don't include strlcat and strlcpy since they are provided as macros on OSX */