Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-18 03:25:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

added exclusivity with -K, man page and -h

Browse Source
This commit is contained in:
PsychoMario 2014-12-09 19:40:07 +00:00
parent cbb2a179f9
commit 61d5186864
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
main.c
View File

@ -112,6 +112,7 @@ main_usage(void)
" -k pemfile use CA key (and cert) from pemfile to sign forged certs\n" " -k pemfile use CA key (and cert) from pemfile to sign forged certs\n"
" -C pemfile use CA chain from pemfile (intermediate and root CA certs)\n" " -C pemfile use CA chain from pemfile (intermediate and root CA certs)\n"
" -K pemfile use key from pemfile for leaf certs (default: generate)\n" " -K pemfile use key from pemfile for leaf certs (default: generate)\n"
" -X gendir write generated key/cert pairs to gendir\n"
" -t certdir use cert+chain+key PEM files from certdir to target all sites\n" " -t certdir use cert+chain+key PEM files from certdir to target all sites\n"
" matching the common names (non-matching: generate if CA)\n" " matching the common names (non-matching: generate if CA)\n"
" -O deny all OCSP requests on all proxyspecs\n" " -O deny all OCSP requests on all proxyspecs\n"
@ -561,6 +562,11 @@ main(int argc, char *argv[])
argv0); argv0);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (opts->certgendir && opts->key)) {
fprintf(stderr, "%s: -K and -X are mutually exclusive.\n",
argv0);
exit(EXIT_FAILURE);
}
if (!opts->spec) { if (!opts->spec) {
fprintf(stderr, "%s: no proxyspec specified.\n", argv0); fprintf(stderr, "%s: no proxyspec specified.\n", argv0);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);

9
sslsplit.1
View File

@ -30,15 +30,15 @@ sslsplit \-\- transparent and scalable SSL/TLS interception
.SH SYNOPSIS .SH SYNOPSIS
.na .na
.B sslsplit .B sslsplit
[\fB-kCKOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP [\fB-kCKXOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP
\fIproxyspecs\fP [...] \fIproxyspecs\fP [...]
.br .br
.B sslsplit .B sslsplit
[\fB-kCKOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP \fB-t\fP \fIdir\fP [\fB-kCKXOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP \fB-t\fP \fIdir\fP
\fIproxyspecs\fP [...] \fIproxyspecs\fP [...]
.br .br
.B sslsplit .B sslsplit
[\fB-OPZdDgGsrReumjplLSFi\fP] \fB-t\fP \fIdir\fP [\fB-OPZXdDgGsrReumjplLSFi\fP] \fB-t\fP \fIdir\fP
\fIproxyspecs\fP [...] \fIproxyspecs\fP [...]
.br .br
.B sslsplit -E .B sslsplit -E
@ -185,6 +185,9 @@ no matching certificate in the provided certificate directory.
Use private key from \fIpemfile\fP for certificates forged on-the-fly. Use private key from \fIpemfile\fP for certificates forged on-the-fly.
If \fB-K\fP is not given, SSLsplit will generate a random 1024-bit RSA key. If \fB-K\fP is not given, SSLsplit will generate a random 1024-bit RSA key.
.TP .TP
.B \-X \fIgendir\fP
Write generated keys and certificates to individual files in \fIgendir\fP.
.TP
.B \-l \fIlogfile\fP .B \-l \fIlogfile\fP
Log connections to \fIlogfile\fP in a single line per connection format, Log connections to \fIlogfile\fP in a single line per connection format,
including addresses and ports and some HTTP and SSL information, if available. including addresses and ports and some HTTP and SSL information, if available.