Fabio/ddclient
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #705 from rhansen/ssl

Browse source 
Enable `--ssl` by default
This commit is contained in:
Richard Hansen 2024-07-14 19:12:43 -04:00 committed by GitHub
commit af0035d266
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog.md
View file

@ -3,10 +3,12 @@
This document describes notable changes. For details, see the [source code This document describes notable changes. For details, see the [source code
repository history](https://github.com/ddclient/ddclient/commits/master). repository history](https://github.com/ddclient/ddclient/commits/master).
## v3.12.0~alpha (unreleased work-in-progress) ## v4.0.0~alpha (unreleased work-in-progress)
### Breaking changes ### Breaking changes
* The `--ssl` option is now enabled by default.
[#705](https://github.com/ddclient/ddclient/pull/705)
* Unencrypted (plain) HTTP is now used instead of encrypted (TLS) HTTP if the * Unencrypted (plain) HTTP is now used instead of encrypted (TLS) HTTP if the
URL uses `http://` instead of `https://`, even if the `--ssl` option is URL uses `http://` instead of `https://`, even if the `--ssl` option is
enabled. [#608](https://github.com/ddclient/ddclient/pull/608) enabled. [#608](https://github.com/ddclient/ddclient/pull/608)

4
README.md
View file

@ -136,11 +136,11 @@ If a fix is committed but not yet part of any tagged release, the notes here wil
The `ssl` parameter forces all connections to use HTTPS. While technically The `ssl` parameter forces all connections to use HTTPS. While technically
working as expected, this behavior keeps coming up as a pain point when using working as expected, this behavior keeps coming up as a pain point when using
HTTP-only IP querying sites such as http://checkip.dyndns.org. Starting with HTTP-only IP querying sites such as http://checkip.dyndns.org. Starting with
v3.12.0, the behavior is changed to respect `http://` in a URL. A separate v4.0.0, the behavior is changed to respect `http://` in a URL. A separate
parameter to disallow all HTTP connections or warn about them may be added parameter to disallow all HTTP connections or warn about them may be added
later. later.
**Fix**: v3.12.0 uses HTTP to connect to URLs starting with `http://`. See **Fix**: v4.0.0 uses HTTP to connect to URLs starting with `http://`. See
[here](https://github.com/ddclient/ddclient/pull/608) for more info. [here](https://github.com/ddclient/ddclient/pull/608) for more info.
**Workaround**: Disable the SSL parameter **Workaround**: Disable the SSL parameter

7
ddclient.conf.in
View file

@ -16,13 +16,16 @@
## are mentioned here. ## are mentioned here.
## ##
###################################################################### ######################################################################
## Use encryption (TLS) when the scheme (either "http://" or "https://") is
## missing from a URL. Defaults to "yes".
#ssl=yes
daemon=300 # check every 300 seconds daemon=300 # check every 300 seconds
syslog=yes # log update msgs to syslog syslog=yes # log update msgs to syslog
mail=root # mail all msgs to root mail=root # mail all msgs to root
mail-failure=root # mail failed update msgs to root mail-failure=root # mail failed update msgs to root
pid=@runstatedir@/ddclient.pid # record PID in file. pid=@runstatedir@/ddclient.pid # record PID in file.
ssl=yes # use ssl-support. Works with
# ssl-library
# postscript=script # run script after updating. The # postscript=script # run script after updating. The
# new IP is added as argument. # new IP is added as argument.
# #

6
ddclient.in
View file

@ -63,7 +63,7 @@ use Sys::Hostname;
# #
# For consistency and to match user expectations, the release part of the version is always three # For consistency and to match user expectations, the release part of the version is always three
# components: MAJOR.MINOR.PATCH. # components: MAJOR.MINOR.PATCH.
use version 0.77; our $VERSION = version->declare('v3.12.0.0_0'); use version 0.77; our $VERSION = version->declare('v4.0.0.0_0');
sub parse_version { sub parse_version {
my ($v) = @_; my ($v) = @_;
@ -604,7 +604,7 @@ our %variables = (
'timeout' => setv(T_DELAY, 0, 0, interval('120s'), interval('120s')), 'timeout' => setv(T_DELAY, 0, 0, interval('120s'), interval('120s')),
'retry' => setv(T_BOOL, 0, 0, 0, undef), 'retry' => setv(T_BOOL, 0, 0, 0, undef),
'force' => setv(T_BOOL, 0, 0, 0, undef), 'force' => setv(T_BOOL, 0, 0, 0, undef),
'ssl' => setv(T_BOOL, 0, 0, 0, undef), 'ssl' => setv(T_BOOL, 0, 0, 1, undef),
'syslog' => setv(T_BOOL, 0, 0, 0, undef), 'syslog' => setv(T_BOOL, 0, 0, 0, undef),
'facility' => setv(T_STRING,0, 0, 'daemon', undef), 'facility' => setv(T_STRING,0, 0, 'daemon', undef),
'priority' => setv(T_STRING,0, 0, 'notice', undef), 'priority' => setv(T_STRING,0, 0, 'notice', undef),
@ -1259,7 +1259,7 @@ my @opt = (
"", "",
["options", "=s", "--options=<opt>=<val>[,<opt>=<val>,...]\n : optional per-service arguments (see below)"], ["options", "=s", "--options=<opt>=<val>[,<opt>=<val>,...]\n : optional per-service arguments (see below)"],
"", "",
["ssl", "!", "--{no}ssl : do updates over encrypted SSL connection"], ["ssl", "!", '--{no}ssl : use encryption (TLS) when the scheme (either "http://" or "https://") is missing from a URL'],
["ssl_ca_dir", "=s", "--ssl_ca_dir=<dir> : look in <dir> for certificates of trusted certificate authorities (default: auto-detect)"], ["ssl_ca_dir", "=s", "--ssl_ca_dir=<dir> : look in <dir> for certificates of trusted certificate authorities (default: auto-detect)"],
["ssl_ca_file", "=s", "--ssl_ca_file=<file> : look at <file> for certificates of trusted certificate authorities (default: auto-detect)"], ["ssl_ca_file", "=s", "--ssl_ca_file=<file> : look at <file> for certificates of trusted certificate authorities (default: auto-detect)"],
["fw-ssl-validate", "!", "--{no}fw-ssl-validate : Validate SSL certificate when retrieving IP address from firewall"], ["fw-ssl-validate", "!", "--{no}fw-ssl-validate : Validate SSL certificate when retrieving IP address from firewall"],