Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,109 Commits
2 Branches
25 Tags
3.7 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

1109 Commits (master)
 

Author SHA1 Message Date
Daniel Roethlisberger 9d5641c0e0 Update NEWS 11 years ago
Daniel Roethlisberger f348c1a372 Add libevent2 test for the weirdness that is issue #17 11 years ago
Daniel Roethlisberger 9338200705 Detect when libevent cannot parse resolv.conf 
Issue:		#17
Reported by:	Florian Schaefer
 11 years ago
Daniel Roethlisberger a80cbf73f4 Add some error-case debug messages to pxy_thrmgr_run() 11 years ago
Daniel Roethlisberger fe558af0a3 Remove duplicates from FEATURES 11 years ago
Daniel Roethlisberger e1d8a2a965 Lint fix: define some variables in smaller scope 11 years ago
Daniel Roethlisberger cd358e245a Make session.pem generation more portable 11 years ago
Daniel Roethlisberger 716139b169 Suppress SPDY/QUIC by removing Alternate-Protocol headers 11 years ago
Daniel Roethlisberger 6b99bde4fb Only use -pthread on non-Darwin systems 11 years ago
Daniel Roethlisberger ba991dcdf8 Minor overhaul of the Mac OS X hacks 11 years ago
Daniel Roethlisberger 24e57d2a12 Add .gitattributes and cleanup .gitignore 
Exclude development-only files from the distribution tarball.
 11 years ago
Daniel Roethlisberger 23d7b7fe8d Update README for the APSL components 11 years ago
Daniel Roethlisberger d4d249fb87 Update NEWS 11 years ago
Daniel Roethlisberger a5660fa3c9 Update NEWS 11 years ago
Daniel Roethlisberger 2235e1aad9 Fix memory leak in fake cert generation code 
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally.  Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
 11 years ago
Daniel Roethlisberger 05410fe9b3 Enable SSL_MODE_RELEASE_BUFFERS by default 11 years ago
Daniel Roethlisberger 202b1270e3 Create session.pem without Internet connectivity 
Use openssl s_server in order to create a temporary SSL server for
creating an SSL session dump for the unit tests to work with.  This
removes the requirement of having Internet connectivity for running the
test suite, which prevented package builds from running the unit tests.
 11 years ago
Daniel Roethlisberger 54685bab6d Update NEWS 11 years ago
Daniel Roethlisberger 56842b2f63 Fix file descriptor leak in passthrough mode (-P) 
When using passthrough mode, if a connection to a server fails with an
SSL error, sslsplit falls back to plain TCP passthrough.  When
reconnecting with plain TCP, the SSL context was freed, but the file
descriptor was never closed.  The fix remedies that by calling the
proper cleanup function for the dst bev before reconnecting.

Reported by:	Peter Haag
 11 years ago
Daniel Roethlisberger e129041c1c Add some OpenSSL refcounting comments 11 years ago
Daniel Roethlisberger c8723506e7 Update NEWS 11 years ago
Daniel Roethlisberger e7ba15f184 Remove unused variable 11 years ago
Daniel Roethlisberger 4849a9738b Set ssl fields to NULL after freeing 11 years ago
Daniel Roethlisberger 7b09128ead Fix double free of SSL_CTX 
Remove a superfluous call to SSL_CTX_free() which caused SSL_CTX
structures to be free'd twice under some circumstances.

Issue:		#16
Reported by:	Amit Chowdhary
 11 years ago
Daniel Roethlisberger b82ca9b414 Print status of free'd SSL structs in debug mode 11 years ago
Daniel Roethlisberger de27f40b04 Fix two typos in comments 11 years ago
Daniel Roethlisberger bccbdbf1cc Free SSL_CTX directly after calling SSL_new() 
Since SSL_new() increments the refcount of the passed SSL_CTX, free it
directly after handing it to SSL_new() instead of later after SSL_free().
 11 years ago
Daniel Roethlisberger a42db4d3fe Also undefine rdport in Mac pf support hack 11 years ago
Daniel Roethlisberger 6643d832d9 Add experimental support for pf on Mac OS X 
Support pf rdr on Mac OS X 10.7, 10.8 and 10.9 by including the missing
Apple headers in the source tree and enable private Apple code.  Since
we are using an interface marked private by Apple, this code is very
experimental.

Issue:		#15
Reported by:	Amit Chowdhary
 11 years ago
Daniel Roethlisberger 032605e9d3 Update khash to 0.2.8 11 years ago
Daniel Roethlisberger cfa5b15223 Fix dst bufferevent BEV_EVENT_CONNECTED handler 
This removes the spurious "Unknown bufferevent 0x80" debug message but
does not have any change in functionality, since return would have been
called anyway after falling down the debug message.

While here, remove the useless "ignoring event" debug message unless
DEBUG_PROXY is defined, and also print the timeout flag in debug mode.
 11 years ago
Daniel Roethlisberger a0bf21b1a4 Add basic pthread sanity check test case 
Issue:		#13
Reported by:	vinies
 11 years ago
Daniel Roethlisberger 90fd8ec28e Update NEWS 11 years ago
Daniel Roethlisberger 13ed7f8425 Slightly improve error logging on log init failure 
Issue:		#13
Reported by:	vinies
 11 years ago
Daniel Roethlisberger 06a02f946a Always explicitly name the non-null arguments 
Always explicitly name which arguments are non-null, even if all
arguments are non-null.  This is to avoid bugs where newly added
arguments are automatically non-null by accident, possibly leading to
optimisation errors.

This also fixes a few potential errors related to non-null arguments;
specifically it prevents the compiler optimising away a test for sni
being NULL in cachedsess_mkkey().

Issue:		#14
Reported by:	kythyria
 11 years ago
Daniel Roethlisberger ca923ee7f1 Update copyright notices to 2014 11 years ago
Daniel Roethlisberger 7839de3b0d Update NEWS 11 years ago
Daniel Roethlisberger 13c85ce5c1 Also build ipfw if pf is detected 
OpenBSD 4.7+ and FreeBSD 9.0+ also include ipfw-style divert-to in pf,
so build ipfw NAT engine as well if pf is detected.

Reported by:	Stuart Henderson
 11 years ago
Daniel Roethlisberger 8cc81c7f1c FreeBSD pf also has divert-to since 9.0-RELEASE 11 years ago
Daniel Roethlisberger 0987300e28 Improve IPFW and pf wording in the documentation 11 years ago
Daniel Roethlisberger 68a60b9734 Update manual page for OpenBSD 
Add configuration examples for both old and new OpenBSD pf syntax and
give an example of using OpenBSD pf divert sockets for redirection.
Based on the OpenBSD port patchset.

Reported by:	Stuart Henderson
 11 years ago
Daniel Roethlisberger fc29806663 Fix off by one error in thrmgr error cleanup code 
This should remove another potential source of segmentation faults when
the thread manager fails to start.

Issue:          #10
Reported by:    linuxton
 11 years ago
Daniel Roethlisberger 29f912096b More verbose debugging in pxy_thrmgr_run() 11 years ago
Daniel Roethlisberger 080604e3c2 Fix segfault after thread manager start failure 
This should fix the segmentation fault in issue #10 but not the
underlying reason why the thread manager fails to start in the first
place.

Issue:          #10
Reported by:    linuxton
 11 years ago
Daniel Roethlisberger a94dbc8c3a Refactor event handler for clarity 11 years ago
Daniel Roethlisberger 054ae555b5 Enable unit tests on Travis CI 11 years ago
Daniel Roethlisberger 22d98f2c21 Add Travis-CI configuration 11 years ago
Daniel Roethlisberger 33692df51a SSLsplit 0.4.7 release 11 years ago
Daniel Roethlisberger a0fd9c1050 Start thrmgr threads after forking 11 years ago
Daniel Roethlisberger c73ce64c16 Update README and manual page for HPKP prevention 11 years ago