pcre library is obsolete, please consider to switch to pcre2

[david-geiger]

The PCRE library is now abandoned and not maintained anymore. That library should not be used, especially when the input can come from an untrusted source.

There is a newer library implemented (pcre2), which should be used instead (documentation is here: https://pcre.org/current/doc/html/

And also Mageia Linux planned to drop old pcre library like some others distributions.

Regards, David

[loqs]

@david-geiger does https://gist.github.com/loqs/22fe9db0bb92f0a85da2fbfa86dadeb2 work for you?

[david-geiger]

@loqs yes it compile fine and work.

[dvzrv]

Hi! :wave:

We are currently looking into moving packages from pcre to pcre2 on Arch Linux. We would therefore also be very interested in seeing a port of this project to pcre2! :)

@loqs could you create a pull request for that?

[renaudallard]

@david-geiger does https://gist.github.com/loqs/22fe9db0bb92f0a85da2fbfa86dadeb2 work for you?

Didn't you have issues? I tried the patch. It compiles fine, sniproxy starts, but fails forwarding to the correct server.

[loqs]

@renaudallard any ideas on what the issue with the change to PCRE 2 could be?

[renaudallard]

Unfortunately, I tried on machines that were more or less in production, so I could not check for very long. In the logs, sniproxy wrote the correct forwarding, but, on the client side, the connection closed instantly.

In my config, most lines in https_table for example are something like this: .*domain.tld *:443

[loqs]

Please see the change I made in df4a34e1debfddddc14f1e71709ea3a71ce643f5. I hope that fixes the issue.

[renaudallard]

With that patch, the error is different, but it still doesn't work properly.

With firefox, I get:

` Secure Connection Failed

An error occurred during a connection to sub.domain.tld. Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: SSL_ERROR_NO_CYPHER_OVERLAP`