Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

moved write to pxy_srccert_create, -X to -w, opts_free use

Browse Source
pull/13/head
PsychoMario 10 years ago
parent 73042d4daa
commit 13dce0aa35
4 changed files with 44 additions and 41 deletions
Show Stats Download Patch File Download Diff File

8
main.c
Unescape Escape View File

@ -112,7 +112,7 @@ main_usage(void)
" -k pemfile use CA key (and cert) from pemfile to sign forged certs\n"
" -C pemfile use CA chain from pemfile (intermediate and root CA certs)\n"
" -K pemfile use key from pemfile for leaf certs (default: generate)\n"
" -X gendir write generated key/cert pairs to gendir\n"
" -w gendir write generated key/cert pairs to gendir\n"
" -t certdir use cert+chain+key PEM files from certdir to target all sites\n"
" matching the common names (non-matching: generate if CA)\n"
" -O deny all OCSP requests on all proxyspecs\n"
@ -276,7 +276,7 @@ main(int argc, char *argv[])
}
while ((ch = getopt(argc, argv, OPT_g OPT_G OPT_Z OPT_i
"k:c:C:K:t:OPs:r:R:e:Eu:m:j:p:l:L:S:F:dDVhX:")) != -1) {
"k:c:C:K:t:OPs:r:R:e:Eu:m:j:p:l:L:S:F:dDVhw:")) != -1) {
switch (ch) {
case 'c':
if (opts->cacrt)
@ -520,7 +520,7 @@ main(int argc, char *argv[])
opts->contentlog_isdir = 0;
opts->contentlog_isspec = 1;
break;
case 'X':
case 'w':
if (opts->certgendir)
free(opts->certgendir);
opts->certgendir = strdup(optarg);
@ -563,7 +563,7 @@ main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
if (opts->certgendir && opts->key) {
fprintf(stderr, "%s: -K and -X are mutually exclusive.\n",
fprintf(stderr, "%s: -K and -w are mutually exclusive.\n",
argv0);
exit(EXIT_FAILURE);
}

3
opts.c
Unescape Escape View File

@ -105,6 +105,9 @@ opts_free(opts_t *opts)
if (opts->contentlog) {
free(opts->contentlog);
}
if (opts->certgendir) {
free(opts->certgendir);
}
memset(opts, 0, sizeof(opts_t));
free(opts);
}

66
pxyconn.c
Unescape Escape View File

@ -702,39 +702,6 @@ pxy_srcsslctx_create(pxy_conn_ctx_t *ctx, X509 *crt, STACK_OF(X509) *chain,
SSL_CTX_add_extra_chain_cert(sslctx, c);
}
if (ctx->opts->certgendir) {
unsigned char origfpr[SSL_X509_FPRSZ], newfpr[SSL_X509_FPRSZ];
ssl_x509_fingerprint_sha1(ctx->origcrt, origfpr);
ssl_x509_fingerprint_sha1(crt, newfpr);
char *origfprstr, *newfprstr;
asprintf(&origfprstr,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
origfpr[0], origfpr[1], origfpr[2], origfpr[3], origfpr[4],
origfpr[5], origfpr[6], origfpr[7], origfpr[8], origfpr[9],
origfpr[10], origfpr[11], origfpr[12], origfpr[13], origfpr[14],
origfpr[15], origfpr[16], origfpr[17], origfpr[18], origfpr[19]);
asprintf(&newfprstr,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
newfpr[0], newfpr[1], newfpr[2], newfpr[3], newfpr[4],
newfpr[5], newfpr[6], newfpr[7], newfpr[8], newfpr[9],
newfpr[10], newfpr[11], newfpr[12], newfpr[13], newfpr[14],
newfpr[15], newfpr[16], newfpr[17], newfpr[18], newfpr[19]);
char *keyfn, *crtfn;
asprintf(&keyfn, "%s/%s-%s.key", ctx->opts->certgendir, origfprstr, newfprstr);
asprintf(&crtfn, "%s/%s-%s.crt", ctx->opts->certgendir, origfprstr, newfprstr);
FILE *keyfd, *crtfd;
keyfd = fopen(keyfn, "w");
crtfd = fopen(crtfn, "w");
if (keyfd) {
PEM_write_PrivateKey(keyfd, key, NULL, 0, 0, NULL, NULL);
fclose(keyfd);
}
if (crtfd) {
PEM_write_X509(crtfd, crt);
fclose(crtfd);
}
}
#ifdef DEBUG_SESSION_CACHE
if (OPTS_DEBUG(ctx->opts)) {
int mode = SSL_CTX_get_session_cache_mode(sslctx);
@ -831,6 +798,39 @@ pxy_srccert_create(pxy_conn_ctx_t *ctx)
cert_set_chain(cert, ctx->opts->chain);
}
if (ctx->opts->certgendir) {
unsigned char origfpr[SSL_X509_FPRSZ], newfpr[SSL_X509_FPRSZ];
ssl_x509_fingerprint_sha1(ctx->origcrt, origfpr);
ssl_x509_fingerprint_sha1(cert->crt, newfpr);
char *origfprstr, *newfprstr;
asprintf(&origfprstr,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
origfpr[0], origfpr[1], origfpr[2], origfpr[3], origfpr[4],
origfpr[5], origfpr[6], origfpr[7], origfpr[8], origfpr[9],
origfpr[10], origfpr[11], origfpr[12], origfpr[13], origfpr[14],
origfpr[15], origfpr[16], origfpr[17], origfpr[18], origfpr[19]);
asprintf(&newfprstr,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
newfpr[0], newfpr[1], newfpr[2], newfpr[3], newfpr[4],
newfpr[5], newfpr[6], newfpr[7], newfpr[8], newfpr[9],
newfpr[10], newfpr[11], newfpr[12], newfpr[13], newfpr[14],
newfpr[15], newfpr[16], newfpr[17], newfpr[18], newfpr[19]);
char *keyfn, *crtfn;
asprintf(&keyfn, "%s/%s-%s.key", ctx->opts->certgendir, origfprstr, newfprstr);
asprintf(&crtfn, "%s/%s-%s.crt", ctx->opts->certgendir, origfprstr, newfprstr);
FILE *keyfd, *crtfd;
keyfd = fopen(keyfn, "w");
crtfd = fopen(crtfn, "w");
if (keyfd) {
PEM_write_PrivateKey(keyfd, cert->key, NULL, 0, 0, NULL, NULL);
fclose(keyfd);
}
if (crtfd) {
PEM_write_X509(crtfd, cert->crt);
fclose(crtfd);
}
}
return cert;
}

8
sslsplit.1
Unescape Escape View File

@ -30,15 +30,15 @@ sslsplit \-\- transparent and scalable SSL/TLS interception
.SH SYNOPSIS
.na
.B sslsplit
[\fB-kCKXOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP
[\fB-kCKwOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP
\fIproxyspecs\fP [...]
.br
.B sslsplit
[\fB-kCKXOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP \fB-t\fP \fIdir\fP
[\fB-kCKwOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP \fB-t\fP \fIdir\fP
\fIproxyspecs\fP [...]
.br
.B sslsplit
[\fB-OPZXdDgGsrReumjplLSFi\fP] \fB-t\fP \fIdir\fP
[\fB-OPZwdDgGsrReumjplLSFi\fP] \fB-t\fP \fIdir\fP
\fIproxyspecs\fP [...]
.br
.B sslsplit -E
@ -185,7 +185,7 @@ no matching certificate in the provided certificate directory.
Use private key from \fIpemfile\fP for certificates forged on-the-fly.
If \fB-K\fP is not given, SSLsplit will generate a random 1024-bit RSA key.
.TP
.B \-X \fIgendir\fP
.B \-w \fIgendir\fP
Write generated keys and certificates to individual files in \fIgendir\fP.
.TP
.B \-l \fIlogfile\fP

Write Preview
Loading…
Cancel
Save