implemented -W to write original certs

2024-11-18 03:25:31 +00:00 · 2014-12-09 21:43:05 +00:00 · 2014-12-09 21:43:05 +00:00 · 4f310a877a
commit 4f310a877a
parent a7e2d99b39
4 changed files with 24 additions and 1 deletions
--- a/main.c
+++ b/main.c
@ -113,6 +113,7 @@ main_usage(void)
 "  -C pemfile  use CA chain from pemfile (intermediate and root CA certs)\n"
 "  -K pemfile  use key from pemfile for leaf certs (default: generate)\n"
 "  -w gendir   write generated key/cert pairs to gendir\n"
+"  -W gendir   same as -w but also write the original cert\n"
 "  -t certdir  use cert+chain+key PEM files from certdir to target all sites\n"
 "              matching the common names (non-matching: generate if CA)\n"
 "  -O          deny all OCSP requests on all proxyspecs\n"
@ -276,7 +277,7 @@ main(int argc, char *argv[])
 	}

 	while ((ch = getopt(argc, argv, OPT_g OPT_G OPT_Z OPT_i
-	                    "k:c:C:K:t:OPs:r:R:e:Eu:m:j:p:l:L:S:F:dDVhw:")) != -1) {
+	                    "k:c:C:K:t:OPs:r:R:e:Eu:m:j:p:l:L:S:F:dDVhW:w:")) != -1) {
 		switch (ch) {
 			case 'c':
 				if (opts->cacrt)
@ -520,7 +521,16 @@ main(int argc, char *argv[])
 				opts->contentlog_isdir = 0;
 				opts->contentlog_isspec = 1;
 				break;
+			case 'W':
+				opts->writeorig = 1;
+				if (opts->certgendir)
+					free(opts->certgendir);
+				opts->certgendir = strdup(optarg);
+				if (!opts->certgendir)
+					oom_die(argv0);
+				break;
 			case 'w':
+				opts->writeorig = 0;
 				if (opts->certgendir)
 					free(opts->certgendir);
 				opts->certgendir = strdup(optarg);
--- a/opts.h
+++ b/opts.h
@ -101,6 +101,7 @@ typedef struct opts {
 #endif /* !OPENSSL_NO_ECDH */
 	proxyspec_t *spec;
 	char *certgendir;
+	unsigned int writeorig: 1;
 } opts_t;

 opts_t *opts_new(void) MALLOC;
--- a/pxyconn.c
+++ b/pxyconn.c
@ -869,6 +869,15 @@ pxy_srccert_create(pxy_conn_ctx_t *ctx)
 			PEM_write_X509(crtfd, cert->crt);
 			fclose(crtfd);
 		}
+		if (ctx->opts->writeorig) {
+			char *origfn;
+			asprintf(&origfn, "%s/%s.crt", ctx->opts->certgendir, origfprstr);
+			FILE *origfd = fopen(origfn, "w");
+			if (origfd) {
+				PEM_write_X509(origfd, ctx->origcrt);
+				fclose(origfd);
+			}
+		}
 	}

 	return cert;
--- a/sslsplit.1
+++ b/sslsplit.1
@ -188,6 +188,9 @@ If \fB-K\fP is not given, SSLsplit will generate a random 1024-bit RSA key.
 .B \-w \fIgendir\fP
 Write generated keys and certificates to individual files in \fIgendir\fP.
 .TP
+.B \-W \fIgendir\fP
+Same as -w, but also write original certificates
+.TP
 .B \-l \fIlogfile\fP
 Log connections to \fIlogfile\fP in a single line per connection format,
 including addresses and ports and some HTTP and SSL information, if available.