Release v0.8.2

NEWS.md

@@ -1,4 +1,11 @@
 
+### SSLproxy 0.8.2 2020-12-14
+
+-   Add DivertUsers and PassUsers options.
+-   Allow mirroring without explicit target, copied from SSLsplit.
+-   Various fixes and improvements.
+
+
 ### SSLproxy 0.8.1 2020-09-07
 
 -   Partial support for TLS 1.3. No support for encrypted SNI yet. TLS 1.3 is 

src/sslproxy.1

@@ -29,7 +29,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "sslproxy" "1" "07 September 2020" "v0.8.1" "SSLproxy"
+.TH "sslproxy" "1" "14 December 2020" "v0.8.2" "SSLproxy"
 .SH NAME
 sslproxy \-\- transparent SSL/TLS proxy for decrypting and diverting network 
 traffic to other programs for deep SSL inspection
@@ -154,6 +154,16 @@ terminated. Since this atime update is run using a privsep command, it is
 expensive. So, to reduce the frequency of such updates, it is deferred until 
 the user idle time is more than half of the timeout period.
 .LP
+DivertUsers and PassUsers options can be used to divert, pass through, or 
+block users. If neither DivertUsers nor PassUsers is defined, all users are 
+diverted to listening programs. Connections from users in DivertUsers, if 
+defined, are diverted to listening programs. Connections from users in 
+PassUsers, if defined, are simply passed through to their original 
+destinations. Users not listed in DivertUsers or PassUsers are blocked. If no 
+DivertUsers list is defined, only users not listed in PassUsers are diverted 
+to listening programs. These user lists can be defined globally or 
+per-proxyspec.
+.LP
 If enabled, the ValidateProto option validates protocols in proxy 
 specifications. If a connection cannot pass protocol validation, then it is 
 terminated. This feature currently supports HTTP, POP3, and SMTP protocols.

src/sslproxy.conf

@@ -1,4 +1,4 @@
-# Sample configuration for sslproxy v0.8.1
+# Sample configuration for sslproxy v0.8.2
 #
 # Use the -f command line option to start sslproxy with a config file.
 # See sslproxy.conf(5) and sslproxy(1) for documentation.

src/sslproxy.conf.5

@@ -26,7 +26,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "sslproxy.conf" "5" "07 September 2020" "v0.8.1" "SSLproxy"
+.TH "sslproxy.conf" "5" "14 December 2020" "v0.8.2" "SSLproxy"
 .SH "NAME"
 .LP 
 \fBsslproxy.conf\fR \- Configuration file for SSLproxy
@@ -263,6 +263,17 @@ Require authentication for users to use SSLproxy.
 .br
 Default: no
 .TP
+\fBDivertUsers STRING\fR
+Comma separated list of users. Connections from these users are diverted to 
+listening programs. Users not listed in DivertUsers or PassUsers are blocked. 
+Max of 50 users can be listed.
+.TP
+\fBPassUsers STRING\fR
+Comma separated list of users. Connections from these users are simply passed 
+through to their original destinations, not diverted to listening programs. 
+Users not listed in DivertUsers or PassUsers are blocked. 
+Max of 50 users can be listed.
+.TP
 \fBUserDBPath STRING\fR
 Path to user db file.
 .TP
@@ -352,6 +363,10 @@ VerifyPeer
 .br
 UserAuth
 .br
+DivertUsers
+.br
+PassUsers
+.br
 UserTimeout
 .br
 UserAuthURL

tests/testproxy/sslproxy.conf

@@ -1,4 +1,4 @@
-# TestProxy test configuration for sslproxy v0.8.1
+# TestProxy test configuration for sslproxy v0.8.2
 
 # Global options
 #User _sslproxy

tests/testproxy/sslproxy_no_tls11.conf

@@ -1,4 +1,4 @@
-# TestProxy test configuration for sslproxy v0.8.1
+# TestProxy test configuration for sslproxy v0.8.2
 
 # Global options
 #User _sslproxy

tests/testproxy/sslproxy_no_tls13.conf

@@ -1,4 +1,4 @@
-# TestProxy test configuration for sslproxy v0.8.1
+# TestProxy test configuration for sslproxy v0.8.2
 
 # Global options
 #User _sslproxy