diff --git a/.travis.yml b/.travis.yml index ba6d609..ef5bbca 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,7 @@ language: c compiler: - gcc - clang -script: make && make test && ./sslsplit -V +script: make && make travis && ./sslsplit -V before_install: - sudo apt-get update -qq - sudo apt-get install -qq libssl-dev libevent-dev check diff --git a/GNUmakefile b/GNUmakefile index 9768a7d..0c3a4b0 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -397,6 +397,9 @@ endif %.o: %.c $(HDRS) GNUmakefile $(CC) -c $(CPPFLAGS) $(CFLAGS) -o $@ $< +travis: TCPPFLAGS+=-DTRAVIS +travis: test + test: TCPPFLAGS+=-D"TEST_ZEROUSR=\"$(shell id -u -n root||echo 0)\"" test: TCPPFLAGS+=-D"TEST_ZEROGRP=\"$(shell id -g -n root||echo 0)\"" test: $(TARGET).test diff --git a/LICENSE.md b/LICENSE.md index ac5e30f..b559735 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -2,7 +2,7 @@ ## Copyright -Copyright (c) 2009-2015, Daniel Roethlisberger and contributors. +Copyright (c) 2009-2016, Daniel Roethlisberger and contributors. All rights reserved. Licensed under the 2-clause BSD license contained herein. @@ -15,10 +15,15 @@ All rights reserved. Licensed under the MIT license. `xnu/xnu-*`: -Copyright (c) 1988-2010, Apple Inc. and original copyright holders. +Copyright (c) 1988-2015, Apple Inc. and original copyright holders. All rights reserved. Licensed under the APSL. +`extra/log*.py`: +Copyright (C) 2015, Maciej Kotowicz and Daniel Roethlisberger. +All rights reserved. +Licensed under a 2-clause BSD license. + See the respective source and/or license files for details. diff --git a/NEWS.md b/NEWS.md index f775d3f..23536da 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,6 +1,11 @@ ### SSLsplit develop +- Fix a rare segmentation fault upon receiving EOF on the inbound connection + while the outbound connection has not been established yet (patch by + @eunsoopark, issue #124). +- Enable full-strength DHE and ECDHE by default, even for non-RSA leaf keys, + in order to avoid weak cipher warnings from browsers (issue #119). - Fix SSL sessions to actually time out (patch by @eunsoopark, issue #115). - Add XNU headers for OS X 10.11 El Capitan (issue #116). - Fix EV_READ event re-enable bug that could lead to stalled connections diff --git a/README.md b/README.md index d188494..a9b76bb 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # SSLsplit - transparent SSL/TLS interception [![Build Status](https://travis-ci.org/droe/sslsplit.svg?branch=master)](https://travis-ci.org/droe/sslsplit) -Copyright (C) 2009-2015, [Daniel Roethlisberger](//daniel.roe.ch/). +Copyright (C) 2009-2016, [Daniel Roethlisberger](//daniel.roe.ch/). http://www.roe.ch/SSLsplit diff --git a/attrib.h b/attrib.h index 57ea02b..3cea285 100644 --- a/attrib.h +++ b/attrib.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/base64.c b/base64.c index 0d5a724..0715c4a 100644 --- a/base64.c +++ b/base64.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/base64.h b/base64.h index c9448be..ff9b5e6 100644 --- a/base64.h +++ b/base64.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/base64.t.c b/base64.t.c index 80b3051..e655245 100644 --- a/base64.t.c +++ b/base64.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cache.c b/cache.c index 67de7b7..de118e4 100644 --- a/cache.c +++ b/cache.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cache.h b/cache.h index b5d2199..11e0ef8 100644 --- a/cache.h +++ b/cache.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachedsess.c b/cachedsess.c index 19292c0..16f35b2 100644 --- a/cachedsess.c +++ b/cachedsess.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachedsess.h b/cachedsess.h index b68637c..572b8b0 100644 --- a/cachedsess.h +++ b/cachedsess.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachedsess.t.c b/cachedsess.t.c index 7a71ad6..7daa472 100644 --- a/cachedsess.t.c +++ b/cachedsess.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachefkcrt.c b/cachefkcrt.c index a309425..5cf9fc7 100644 --- a/cachefkcrt.c +++ b/cachefkcrt.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachefkcrt.h b/cachefkcrt.h index 07ab48d..5a3fa23 100644 --- a/cachefkcrt.h +++ b/cachefkcrt.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachefkcrt.t.c b/cachefkcrt.t.c index a1bb5fd..db5e365 100644 --- a/cachefkcrt.t.c +++ b/cachefkcrt.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachemgr.c b/cachemgr.c index 399bac5..d3f9a28 100644 --- a/cachemgr.c +++ b/cachemgr.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachemgr.h b/cachemgr.h index 50ba741..8ec7306 100644 --- a/cachemgr.h +++ b/cachemgr.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachemgr.t.c b/cachemgr.t.c index 3696446..89b329b 100644 --- a/cachemgr.t.c +++ b/cachemgr.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachessess.c b/cachessess.c index f40640d..6352cb7 100644 --- a/cachessess.c +++ b/cachessess.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachessess.h b/cachessess.h index 61e863f..c5bfce3 100644 --- a/cachessess.h +++ b/cachessess.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachessess.t.c b/cachessess.t.c index 9783add..8da5287 100644 --- a/cachessess.t.c +++ b/cachessess.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachetgcrt.c b/cachetgcrt.c index cfef8d6..b67e33b 100644 --- a/cachetgcrt.c +++ b/cachetgcrt.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachetgcrt.h b/cachetgcrt.h index abc0fb6..5dda761 100644 --- a/cachetgcrt.h +++ b/cachetgcrt.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cachetgcrt.t.c b/cachetgcrt.t.c index a85e935..3e78603 100644 --- a/cachetgcrt.t.c +++ b/cachetgcrt.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cert.c b/cert.c index 877d2e2..f728a92 100644 --- a/cert.c +++ b/cert.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cert.h b/cert.h index 26e5f97..d21a007 100644 --- a/cert.h +++ b/cert.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/cert.t.c b/cert.t.c index 50da567..7f805d7 100644 --- a/cert.t.c +++ b/cert.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/defaults.h b/defaults.h index 13304f9..28334b4 100644 --- a/defaults.h +++ b/defaults.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -60,7 +60,7 @@ /* * Default elliptic curve for EC cipher suites. */ -#define DFLT_CURVE "secp160r2" +#define DFLT_CURVE "prime256v1" #endif /* !DEFAULTS_H */ diff --git a/dynbuf.c b/dynbuf.c index 3eaff09..08feaf7 100644 --- a/dynbuf.c +++ b/dynbuf.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/dynbuf.h b/dynbuf.h index 6e302f2..ce4e0dc 100644 --- a/dynbuf.h +++ b/dynbuf.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/dynbuf.t.c b/dynbuf.t.c index b01a925..d79ef97 100644 --- a/dynbuf.t.c +++ b/dynbuf.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/khash.h b/khash.h index d3b461f..e44f328 100644 --- a/khash.h +++ b/khash.h @@ -151,6 +151,14 @@ typedef unsigned long long khint64_t; #endif #endif /* kh_inline */ +#ifndef klib_unused +#if (defined __clang__ && __clang_major__ >= 3) || (defined __GNUC__ && __GNUC__ >= 3) +#define klib_unused __attribute__ ((__unused__)) +#else +#define klib_unused +#endif +#endif /* klib_unused */ + typedef khint32_t khint_t; typedef khint_t khiter_t; @@ -184,7 +192,7 @@ typedef khint_t khiter_t; static const double __ac_HASH_UPPER = 0.77; #define __KHASH_TYPE(name, khkey_t, khval_t) \ - typedef struct { \ + typedef struct kh_##name##_s { \ khint_t n_buckets, size, n_occupied, upper_bound; \ khint32_t *flags; \ khkey_t *keys; \ @@ -355,7 +363,7 @@ static const double __ac_HASH_UPPER = 0.77; __KHASH_IMPL(name, SCOPE, khkey_t, khval_t, kh_is_map, __hash_func, __hash_equal) #define KHASH_INIT(name, khkey_t, khval_t, kh_is_map, __hash_func, __hash_equal) \ - KHASH_INIT2(name, static kh_inline, khkey_t, khval_t, kh_is_map, __hash_func, __hash_equal) + KHASH_INIT2(name, static kh_inline klib_unused, khkey_t, khval_t, kh_is_map, __hash_func, __hash_equal) /* --- BEGIN OF HASH FUNCTIONS --- */ @@ -411,7 +419,7 @@ static kh_inline khint_t __ac_Wang_hash(khint_t key) key ^= (key >> 16); return key; } -#define kh_int_hash_func2(k) __ac_Wang_hash((khint_t)key) +#define kh_int_hash_func2(key) __ac_Wang_hash((khint_t)key) /* --- END OF HASH FUNCTIONS --- */ diff --git a/log.c b/log.c index 97d0d2e..1698651 100644 --- a/log.c +++ b/log.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -51,6 +51,19 @@ */ +/* + * Common code for all logs. + */ +static proxy_ctx_t *proxy_ctx = NULL; + +static void +log_exceptcb(void) +{ + if (proxy_ctx) { + proxy_loopbreak(proxy_ctx); + } +} + /* * Error log. * Switchable between stderr and syslog. @@ -937,7 +950,8 @@ log_preinit(opts_t *opts) prepcb = log_content_file_prepcb; } if (!(content_log = logger_new(reopencb, opencb, closecb, - writecb, prepcb))) { + writecb, prepcb, + log_exceptcb))) { log_content_file_fini(); goto out; } @@ -945,18 +959,21 @@ log_preinit(opts_t *opts) if (opts->connectlog) { if (log_connect_preinit(opts->connectlog) == -1) goto out; - if (!(connect_log = logger_new(log_connect_reopencb, NULL, NULL, - log_connect_writecb, NULL))) { + if (!(connect_log = logger_new(log_connect_reopencb, + NULL, NULL, + log_connect_writecb, NULL, + log_exceptcb))) { log_connect_fini(); goto out; } } if (opts->certgendir) { if (!(cert_log = logger_new(NULL, NULL, NULL, log_cert_writecb, - NULL))) + NULL, log_exceptcb))) goto out; } - if (!(err_log = logger_new(NULL, NULL, NULL, log_err_writecb, NULL))) + if (!(err_log = logger_new(NULL, NULL, NULL, log_err_writecb, NULL, + log_exceptcb))) goto out; return 0; @@ -997,8 +1014,9 @@ log_preinit_undo(void) * Return -1 on errors, 0 otherwise. */ int -log_init(opts_t *opts, int clisock1, int clisock2) +log_init(opts_t *opts, proxy_ctx_t *ctx, int clisock1, int clisock2) { + proxy_ctx = ctx; if (err_log) if (logger_start(err_log) == -1) return -1; diff --git a/log.h b/log.h index 86e5ab1..fe8c60c 100644 --- a/log.h +++ b/log.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -29,6 +29,7 @@ #define LOG_H #include "opts.h" +#include "proxy.h" #include "logger.h" #include "attrib.h" @@ -69,7 +70,7 @@ int log_cert_submit(const char *, X509 *) NONNULL(1,2) WUNRES; int log_preinit(opts_t *) NONNULL(1) WUNRES; void log_preinit_undo(void); -int log_init(opts_t *, int, int) NONNULL(1) WUNRES; +int log_init(opts_t *, proxy_ctx_t *, int, int) NONNULL(1,2) WUNRES; void log_fini(void); int log_reopen(void) WUNRES; diff --git a/logbuf.c b/logbuf.c index 6a2e9e1..a916729 100644 --- a/logbuf.c +++ b/logbuf.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/logbuf.h b/logbuf.h index 4204ffb..231768e 100644 --- a/logbuf.h +++ b/logbuf.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/logger.c b/logger.c index 4b087ee..c2d8ffa 100644 --- a/logger.c +++ b/logger.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -49,6 +49,7 @@ struct logger { logger_close_func_t close; logger_prep_func_t prep; logger_write_func_t write; + logger_except_func_t except; thrqueue_t *queue; }; @@ -70,7 +71,7 @@ logger_clear(logger_t *logger) logger_t * logger_new(logger_reopen_func_t reopenfunc, logger_open_func_t openfunc, logger_close_func_t closefunc, logger_write_func_t writefunc, - logger_prep_func_t prepfunc) + logger_prep_func_t prepfunc, logger_except_func_t exceptfunc) { logger_t *logger; @@ -83,6 +84,7 @@ logger_new(logger_reopen_func_t reopenfunc, logger_open_func_t openfunc, logger->close = closefunc; logger->write = writefunc; logger->prep = prepfunc; + logger->except = exceptfunc; logger->queue = NULL; return logger; } @@ -186,16 +188,24 @@ logger_thread(void *arg) { logger_t *logger = arg; logbuf_t *lb; + int e = 0; while ((lb = thrqueue_dequeue(logger->queue))) { if (logbuf_ctl_isset(lb, LBFLAG_REOPEN)) { - logger->reopen(); + if (logger->reopen() != 0) + e = 1; } else if (logbuf_ctl_isset(lb, LBFLAG_OPEN)) { - logger->open(lb->fh); + if (logger->open(lb->fh) != 0) + e = 1; } else if (logbuf_ctl_isset(lb, LBFLAG_CLOSE)) { logger->close(lb->fh); } else { - logbuf_write_free(lb, logger->write); + if (logbuf_write_free(lb, logger->write) < 0) + e = 1; + } + + if (e && logger->except) { + logger->except(); } } diff --git a/logger.h b/logger.h index bb2a204..c4c0a2a 100644 --- a/logger.h +++ b/logger.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -39,11 +39,13 @@ typedef int (*logger_open_func_t)(void *); typedef void (*logger_close_func_t)(void *); typedef ssize_t (*logger_write_func_t)(void *, const void *, size_t); typedef logbuf_t * (*logger_prep_func_t)(void *, unsigned long, logbuf_t *); +typedef void (*logger_except_func_t)(void); typedef struct logger logger_t; logger_t * logger_new(logger_reopen_func_t, logger_open_func_t, logger_close_func_t, logger_write_func_t, - logger_prep_func_t) NONNULL(4) MALLOC; + logger_prep_func_t, logger_except_func_t) + NONNULL(4,6) MALLOC; void logger_free(logger_t *) NONNULL(1); int logger_start(logger_t *) NONNULL(1) WUNRES; void logger_leave(logger_t *) NONNULL(1); diff --git a/main.c b/main.c index 7016856..6d0b944 100644 --- a/main.c +++ b/main.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -70,7 +70,30 @@ static void main_version(void) { fprintf(stderr, "%s %s (built %s)\n", PNAME, version, build_date); - fprintf(stderr, "Copyright (c) 2009-2015, " + if (strlen(version) < 5) { + /* + * Note to package maintainers: If you break the version + * string in your build, it will be impossible to provide + * proper upstream support to the users of the package, + * because it will be difficult or impossible to identify + * the exact codebase that is being used by the user + * reporting a bug. The version string is provided through + * different means depending on whether the code is a git + * checkout, a tarball downloaded from GitHub or a release. + * See GNUmakefile for the gory details. + */ + fprintf(stderr, "---------------------------------------" + "---------------------------------------\n"); + fprintf(stderr, "WARNING: Something is wrong with the " + "version compiled into sslsplit!\n"); + fprintf(stderr, "The version should contain a release " + "number and/or a git commit reference.\n"); + fprintf(stderr, "If using a package, please report a bug " + "to the distro package maintainer.\n"); + fprintf(stderr, "---------------------------------------" + "---------------------------------------\n"); + } + fprintf(stderr, "Copyright (c) 2009-2016, " "Daniel Roethlisberger \n"); fprintf(stderr, "http://www.roe.ch/SSLsplit\n"); if (build_info[0]) { @@ -128,7 +151,7 @@ main_usage(void) #define OPT_g #endif /* !OPENSSL_NO_DH */ #ifndef OPENSSL_NO_ECDH -" -G curve use ECDH named curve (default: " DFLT_CURVE " for non-RSA leafkey)\n" +" -G curve use ECDH named curve (default: " DFLT_CURVE ")\n" #define OPT_G "G:" #else /* OPENSSL_NO_ECDH */ #define OPT_G @@ -927,7 +950,7 @@ main(int argc, char *argv[]) ssl_reinit(); /* Post-privdrop/chroot/detach initialization, thread spawning */ - if (log_init(opts, clisock[1], clisock[2]) == -1) { + if (log_init(opts, proxy, clisock[1], clisock[2]) == -1) { fprintf(stderr, "%s: failed to init log facility: %s\n", argv0, strerror(errno)); goto out_log_failed; diff --git a/main.t.c b/main.t.c index e0ff8e7..7692a74 100644 --- a/main.t.c +++ b/main.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/nat.c b/nat.c index 3481cdf..2839a86 100644 --- a/nat.c +++ b/nat.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/nat.h b/nat.h index 7877781..fbe35f3 100644 --- a/nat.h +++ b/nat.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/opts.c b/opts.c index 845d5d9..70ba709 100644 --- a/opts.c +++ b/opts.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -446,14 +446,14 @@ proxyspec_parse(int *argc, char **argv[], const char *natengine) void proxyspec_free(proxyspec_t *spec) { - while (spec) { + do { proxyspec_t *next = spec->next; if (spec->natengine) free(spec->natengine); memset(spec, 0, sizeof(proxyspec_t)); free(spec); spec = next; - } + } while (spec); } /* diff --git a/opts.h b/opts.h index 45ea8b8..2a2e1db 100644 --- a/opts.h +++ b/opts.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/opts.t.c b/opts.t.c index 069cd94..00d66fe 100644 --- a/opts.t.c +++ b/opts.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -385,7 +385,9 @@ opts_suite(void) tc = tcase_create("proxyspec_parse"); tcase_add_test(tc, proxyspec_parse_01); - tcase_add_test(tc, proxyspec_parse_02); +#ifndef TRAVIS + tcase_add_test(tc, proxyspec_parse_02); /* IPv6 */ +#endif /* TRAVIS */ tcase_add_exit_test(tc, proxyspec_parse_03, EXIT_FAILURE); tcase_add_exit_test(tc, proxyspec_parse_04, EXIT_FAILURE); tcase_add_test(tc, proxyspec_parse_05); @@ -396,8 +398,10 @@ opts_suite(void) tcase_add_exit_test(tc, proxyspec_parse_10, EXIT_FAILURE); tcase_add_test(tc, proxyspec_parse_11); tcase_add_exit_test(tc, proxyspec_parse_12, EXIT_FAILURE); - tcase_add_test(tc, proxyspec_parse_13); - tcase_add_test(tc, proxyspec_parse_14); +#ifndef TRAVIS + tcase_add_test(tc, proxyspec_parse_13); /* IPv6 */ + tcase_add_test(tc, proxyspec_parse_14); /* IPv6 */ +#endif /* TRAVIS */ suite_add_tcase(s, tc); tc = tcase_create("opts_debug"); diff --git a/privsep.c b/privsep.c index cfa31fe..99d0762 100644 --- a/privsep.c +++ b/privsep.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/privsep.h b/privsep.h index fb13ee2..693716c 100644 --- a/privsep.h +++ b/privsep.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/proc.c b/proc.c index a3764de..9ea69f5 100644 --- a/proc.c +++ b/proc.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/proc.h b/proc.h index 0acb905..390d1ba 100644 --- a/proc.h +++ b/proc.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/proxy.c b/proxy.c index aff810f..632f38c 100644 --- a/proxy.c +++ b/proxy.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -208,7 +208,7 @@ proxy_signal_cb(evutil_socket_t fd, UNUSED short what, void *arg) case SIGQUIT: case SIGINT: case SIGHUP: - event_base_loopbreak(ctx->evbase); + proxy_loopbreak(ctx); break; case SIGUSR1: if (log_reopen() == -1) { @@ -393,6 +393,15 @@ proxy_run(proxy_ctx_t *ctx) } } +/* + * Break the loop of the proxy, causing the proxy_run to return. + */ +void +proxy_loopbreak(proxy_ctx_t *ctx) +{ + event_base_loopbreak(ctx->evbase); +} + /* * Free the proxy data structures. */ diff --git a/proxy.h b/proxy.h index 3029fa5..349ce6a 100644 --- a/proxy.h +++ b/proxy.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -35,6 +35,7 @@ typedef struct proxy_ctx proxy_ctx_t; proxy_ctx_t * proxy_new(opts_t *, int) NONNULL(1) MALLOC; void proxy_run(proxy_ctx_t *) NONNULL(1); +void proxy_loopbreak(proxy_ctx_t *) NONNULL(1); void proxy_free(proxy_ctx_t *) NONNULL(1); #endif /* !PROXY_H */ diff --git a/pxyconn.c b/pxyconn.c index 2fde3e8..fa0ee91 100644 --- a/pxyconn.c +++ b/pxyconn.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -717,7 +717,7 @@ pxy_srcsslctx_create(pxy_conn_ctx_t *ctx, X509 *crt, STACK_OF(X509) *chain, #ifndef OPENSSL_NO_DH if (ctx->opts->dh) { SSL_CTX_set_tmp_dh(sslctx, ctx->opts->dh); - } else if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) { + } else { SSL_CTX_set_tmp_dh_callback(sslctx, ssl_tmp_dh_callback); } #endif /* !OPENSSL_NO_DH */ @@ -726,7 +726,7 @@ pxy_srcsslctx_create(pxy_conn_ctx_t *ctx, X509 *crt, STACK_OF(X509) *chain, EC_KEY *ecdh = ssl_ec_by_name(ctx->opts->ecdhcurve); SSL_CTX_set_tmp_ecdh(sslctx, ecdh); EC_KEY_free(ecdh); - } else if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) { + } else { EC_KEY *ecdh = ssl_ec_by_name(NULL); SSL_CTX_set_tmp_ecdh(sslctx, ecdh); EC_KEY_free(ecdh); @@ -2075,7 +2075,12 @@ connected: } if (events & BEV_EVENT_EOF) { - if (!other->closed) { + if (!ctx->connected) { + log_dbg_printf("EOF on inbound connection while " + "connecting to original destination\n"); + evutil_closesocket(ctx->fd); + other->closed = 1; + } else if (!other->closed) { struct evbuffer *inbuf, *outbuf; inbuf = bufferevent_get_input(bev); outbuf = bufferevent_get_output(other->bev); diff --git a/pxyconn.h b/pxyconn.h index 3a93d64..ce03879 100644 --- a/pxyconn.h +++ b/pxyconn.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/pxysslshut.c b/pxysslshut.c index ad7d1e2..607f451 100644 --- a/pxysslshut.c +++ b/pxysslshut.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/pxysslshut.h b/pxysslshut.h index e727ee8..9fa863b 100644 --- a/pxysslshut.h +++ b/pxysslshut.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/pxythrmgr.c b/pxythrmgr.c index a033198..3670c1c 100644 --- a/pxythrmgr.c +++ b/pxythrmgr.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * @@ -119,9 +119,6 @@ pxy_thrmgr_run(pxy_thrmgr_ctx_t *ctx) { int idx = -1, dns = 0; - if (!ctx) - return -1; - dns = opts_has_dns_spec(ctx->opts); pthread_mutex_init(&ctx->mutex, NULL); @@ -210,8 +207,6 @@ leave: void pxy_thrmgr_free(pxy_thrmgr_ctx_t *ctx) { - if (!ctx) - return; pthread_mutex_destroy(&ctx->mutex); if (ctx->thr) { for (int idx = 0; idx < ctx->num_thr; idx++) { @@ -222,8 +217,12 @@ pxy_thrmgr_free(pxy_thrmgr_ctx_t *ctx) pthread_join(ctx->thr[idx]->thr, NULL); } for (int idx = 0; idx < ctx->num_thr; idx++) { - evdns_base_free(ctx->thr[idx]->dnsbase, 0); - event_base_free(ctx->thr[idx]->evbase); + if (ctx->thr[idx]->dnsbase) { + evdns_base_free(ctx->thr[idx]->dnsbase, 0); + } + if (ctx->thr[idx]->evbase) { + event_base_free(ctx->thr[idx]->evbase); + } free(ctx->thr[idx]); } free(ctx->thr); diff --git a/pxythrmgr.h b/pxythrmgr.h index 83e2986..819b7c4 100644 --- a/pxythrmgr.h +++ b/pxythrmgr.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/pxythrmgr.t.c b/pxythrmgr.t.c index 56ff5d8..5f41484 100644 --- a/pxythrmgr.t.c +++ b/pxythrmgr.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/ssl.c b/ssl.c index ff58616..822285b 100644 --- a/ssl.c +++ b/ssl.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/ssl.h b/ssl.h index dfc4159..c817f05 100644 --- a/ssl.h +++ b/ssl.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/ssl.t.c b/ssl.t.c index e2b41f0..997794f 100644 --- a/ssl.t.c +++ b/ssl.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/sslsplit.1 b/sslsplit.1 index b600746..6b2e300 100644 --- a/sslsplit.1 +++ b/sslsplit.1 @@ -1,5 +1,5 @@ .\" SSLsplit - transparent SSL/TLS interception -.\" Copyright (c) 2009-2015, Daniel Roethlisberger +.\" Copyright (c) 2009-2016, Daniel Roethlisberger .\" All rights reserved. .\" http://www.roe.ch/SSLsplit .\" @@ -140,24 +140,14 @@ Use Diffie-Hellman group parameters from \fIpemfile\fP for Ephemereal Diffie-Hellman (EDH/DHE) cipher suites. If \fB-g\fP is not given, SSLsplit first tries to load DH parameters from the PEM files given by \fB-K\fP, \fB-k\fP or \fB-c\fP. If no DH parameters are found in the key files, built-in -512 or 1024 bit group parameters are automatically used iff a non-RSA private -key is given with \fB-K\fP. -This is because DSA/DSS private keys can by themselves only be used for signing -and thus require DH to exchange an SSL/TLS session key. -If \fB-g\fP is given, the parameters from the given \fIpemfile\fP will always -be used, even with RSA private keys (within the cipher suites available in -OpenSSL). +group parameters are automatically used. The \fB-g\fP option is only available if SSLsplit was built against a version of OpenSSL which supports Diffie-Hellman cipher suites. .TP .B \-G \fIcurve\fP -Use the named \fIcurve\fP for Ephemereal Elliptic Curve Diffie-Hellman (EECDH) -cipher suites. If \fB-G\fP is not given, a default curve (\fBsecp160r2\fP) is -used automatically iff a non-RSA private key is given with \fB-K\fP. -This is because ECDSA/ECDSS private keys can by themselves only be used for -signing and thus require ECDH to exchange an SSL/TLS session key. -If \fB-G\fP is given, the named \fIcurve\fP will always be used, even with RSA -private keys (within the cipher suites available in OpenSSL). +Use the named \fIcurve\fP for Ephemereal Elliptic Curve Diffie-Hellman (ECDHE) +cipher suites. If \fB-G\fP is not given, a default curve (\fBprime256v1\fP) is +used automatically. The \fB-G\fP option is only available if SSLsplit was built against a version of OpenSSL which supports Elliptic Curve Diffie-Hellman cipher suites. .TP @@ -646,16 +636,17 @@ instead of querying a NAT engine: .RE .LP The original example, but using SSL options optimized for speed by disabling -compression and selecting only fast block cipher cipher suites and using a -precomputed private key \fBleaf.key\fP for the forged certificates -(most significant speed increase is gained by choosing fast algorithms and -small keysizes for the CA and leaf private keys; check \fBopenssl speed\fP for -algorithm performance on your system and note that clients may not support all -algorithms and key sizes): +compression and selecting only fast cipher cipher suites and using a +precomputed private key \fBleaf.key\fP for the forged certificates. Most +significant speed increase is gained by choosing fast algorithms and small +keysizes for the CA and leaf private keys. Check \fBopenssl speed\fP for +algorithm performance on your system. Note that clients may not support all +algorithms and key sizes. Also, some clients warn their users about cipher +suites they consider weak. .LP .HS .nf -\fBsslsplit -Z -s NULL:RC4:AES128 -K leaf.key \\ +\fBsslsplit -Z -s NULL:RC4:AES128:-DHE -K leaf.key \\ -k ca.key -c ca.crt -l connect.log -L /tmp \\ https ::1 10443 https 127.0.0.1 10443 \\ http ::1 10080 http 127.0.0.1 10080\fP diff --git a/sys.c b/sys.c index cfbd097..dfceaa9 100644 --- a/sys.c +++ b/sys.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/sys.h b/sys.h index c53ea17..ebc95c1 100644 --- a/sys.h +++ b/sys.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/sys.t.c b/sys.t.c index b0f6c31..62cc273 100644 --- a/sys.t.c +++ b/sys.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/thrqueue.c b/thrqueue.c index ff874c7..07a25a2 100644 --- a/thrqueue.c +++ b/thrqueue.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/thrqueue.h b/thrqueue.h index 46f5eee..9484c15 100644 --- a/thrqueue.h +++ b/thrqueue.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/url.c b/url.c index f11ce0d..86fc39f 100644 --- a/url.c +++ b/url.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/url.h b/url.h index 2d279ac..dfd74fe 100644 --- a/url.h +++ b/url.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/url.t.c b/url.t.c index 887c23d..df0fee0 100644 --- a/url.t.c +++ b/url.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/util.c b/util.c index 7365f46..e661c88 100644 --- a/util.c +++ b/util.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/util.h b/util.h index 44238f1..b6a4117 100644 --- a/util.h +++ b/util.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/util.t.c b/util.t.c index 6949ff9..24cd510 100644 --- a/util.t.c +++ b/util.t.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/version.c b/version.c index ddb4096..2626854 100644 --- a/version.c +++ b/version.c @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit * diff --git a/version.h b/version.h index d15537b..0061c50 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ /* * SSLsplit - transparent SSL/TLS interception - * Copyright (c) 2009-2015, Daniel Roethlisberger + * Copyright (c) 2009-2016, Daniel Roethlisberger * All rights reserved. * http://www.roe.ch/SSLsplit *