head	1.2;
access;
symbols
	pkgsrc-2016Q2:1.1.0.2
	pkgsrc-2016Q2-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2016.08.22.09.34.40;	author fhajny;	state dead;
branches;
next	1.1;
commitid	DsEgpQTvGS7ZBhjz;

1.1
date	2016.05.25.20.15.35;	author fhajny;	state Exp;
branches;
next	;
commitid	gIgcF8UkyenFZT7z;


desc
@@


1.2
log
@Update security/hitch to 1.3.1.

hitch-1.3.1 (2016-08-16)
- Fixes a bug in the autotools configuration which led to man
  pages not being built.

hitch-1.3.0 (2016-08-16)
- Fix a bug where we crashed in the OCSP handling if there was no
  default SSLCTX configured.
- Minor documentation fix.

hitch-1.3.0-beta3 (2016-07-26)
- Fully automated retrieval and refreshes of OCSP responses (see
  configuration.md for details).
- New parameters ocsp-dir, ocsp-resp-tmo and ocsp-connect-tmo.
- Cleanup of various log messages.
- Verification of OCSP staples. Enabled by setting
  ocsp-verify-staple = on.
- Make rst2man an optional requirement (#93). Thanks to Barry
  Allard.
- Avoid stapling expired OCSP responses
- A few fixes to the shared cache updating code. Thanks to Piyush
  Dewnani

hitch-1.3.0-beta2 (2016-05-31)
- Options given on the command line now take presedence over
  configuration file settings. I.e. there is no longer a need to
  specify --config first to get this behavior.
- Config file regression: "yes" and "no" are now accepted by the
  config file parser as boolean values.
- Documentation improvements and spelling fixes.
- Various minor autotools build fixes.

hitch-1.3.0-beta1 (2016-05-11)
- Support for OCSP stapling (see configuration.md for details)
- Initialize OpenSSL locking callback if an engine is loaded. Some
  SSL accelerator cards have their custom SSL engine running in a
  multithreaded context. For these to work correctly, Hitch needs
  to initialize a set of mutexes utilized by the OpenSSL library.
- #82: A mistake in the SNI lookup code caused us to inspect the
  wrong list when looking for wildcard certificate matches.
@
text
@$NetBSD: patch-hitch.conf.ex,v 1.1 2016/05/25 20:15:35 fhajny Exp $

Sane default options.

--- hitch.conf.ex.orig	2016-03-18 17:55:17.000000000 +0000
+++ hitch.conf.ex
@@@@ -43,7 +43,7 @@@@ backend = "[127.0.0.1]:6081"
 # only available for a specific listen endpoint.
 #
 # type: string
-pem-file = ""
+pem-file = "@@HITCH_CERTS@@"
 
 # SSL protocol.
 #
@@@@ -94,12 +94,12 @@@@ chroot = ""
 # Set uid after binding a socket
 #
 # type: string
-user = ""
+user = "@@HITCH_USER@@"
 
 # Set gid after binding a socket
 #
 # type: string
-group = ""
+group = "@@HITCH_GROUP@@"
 
 # Quiet execution, report only error messages
 #
@@@@ -109,7 +109,7 @@@@ quiet = off
 # Use syslog for logging
 #
 # type: boolean
-syslog = off
+syslog = on
 
 # Syslog facility to use
 #
@@@@ -119,7 +119,7 @@@@ syslog-facility = "daemon"
 # Run as daemon
 #
 # type: boolean
-daemon = off
+daemon = on
 
 # Report client address by writing IP before sending data
 #
@


1.1
log
@Import hitch-1.2.0 as security/hitch (based on wip/hitch).

Hitch is a libev-based high performance SSL/TLS proxy by Varnish
Software.
@
text
@d1 1
a1 1
$NetBSD$
@