Commit Graph

36 Commits

Author SHA1 Message Date
Daniel Roethlisberger
0dbb2aee8f Add autossl to NEWS 2016-03-27 15:07:34 +02:00
Daniel Roethlisberger
2f834419eb Handle inbound EOF before outbound CONNECTED
Fix segmentation fault upon receiving BEV_EVENT_EOF on the inbound
bufferevent while the outbound bufferevent has not received
BEV_EVENT_CONNECTED yet.

Issue:		#124
Patch by:	Eun Soo Park
2016-03-27 12:16:57 +02:00
Daniel Roethlisberger
76cb576ab9 Update NEWS 2016-03-25 16:33:42 +01:00
Daniel Roethlisberger
b3a3c36b70 Fix the SSL session timeout calculation
Issue:		#115
Reported by:	Eun Soo Park
2016-03-15 19:45:58 +01:00
Daniel Roethlisberger
73324dcd7b Update NEWS.md 2016-03-15 19:27:46 +01:00
Daniel Roethlisberger
2bcfaf4b44 Re-enable EV_READ if disabled and outbuf empty
The event buffer write handler failes to re-enable the corresponding
read event of the opposite connection if the buffer is not only down to
less than half the limit, but completely emptied.  In that case, the
read event would never be re-enabled and the connection would stall and
time out.

Issue:		#109
Patch by:	Eun Soo Park
2015-10-25 17:54:27 +01:00
Daniel Roethlisberger
02ab680b34 Add log to PCAP conversion script
Add contributed python script for parsing the output of sslsplit -L
from a log file or named pipe and converting the log entries to an
emulated PCAP format.  Information not contained in the log, such as
sequence numbers, IP IDs etc is emulated and does not correspond to the
original packets on the network.

Issue:		#27
Contributed by:	Maciej Kotowicz
2015-10-09 11:12:59 +02:00
Daniel Roethlisberger
0e2b748bba Only init DNS when DNS is required by proxy specs
Only initialize evdns if DNS lookups are actually required by the loaded
proxy specifications.  This allows sslsplit to work in non-DNS modes in
situations where the local DNS resolver does not work, such as for local
use on a system without network connectivity.  Currently, only SNI based
proxy specs require DNS.  On systems without network connectivity, DNS
subsystem init may fail due to /etc/resolv.conf being (temporarily)
unavailable.

Issue:		#104
2015-09-27 16:39:24 +02:00
Daniel Roethlisberger
d0d3ca9d21 Update docs and -V for LibreSSL and BoringSSL 2015-08-02 22:06:51 +02:00
Daniel Roethlisberger
a084aa62ec Update NEWS.md 2015-07-28 23:58:57 +02:00
Daniel Roethlisberger
3f39f589f2 Warn on OpenSSL version mismatch in debug mode
Issue:		#88
2015-06-23 19:07:23 +02:00
Daniel Roethlisberger
b765cb7e0f Update NEWS.md for #92 2015-04-30 17:00:06 +02:00
Daniel Roethlisberger
7badc2fc13 Move all test RSA keys from 1024 bit to 2048 bit
Issue:		#83
2015-03-24 20:40:15 +01:00
Daniel Roethlisberger
7ae02fa6d0 Merge branch 'master' into develop after 0.4.11 2015-03-16 00:58:27 +01:00
Daniel Roethlisberger
22b4d3c108 SSLsplit 0.4.11 maintenance release 2015-03-16 00:24:02 +01:00
Daniel Roethlisberger
317cd8190f Reorder major bug fixes 2015-03-16 00:20:18 +01:00
Daniel Roethlisberger
c8e9f231bd Fix loading of certificate chains with OpenSSL 1.0.2
SSLsplit was directly accessing `extra_certs` within `SSL_CTX` to get to
the extra certificates chain.  When building on OpenSSL 1.0.2 or newer,
use the new API instead of directly accessing `extra_certs`.

Issue:		#79
2015-03-16 00:18:41 +01:00
Daniel Roethlisberger
568b5a681c Update documentation for new -F formats 2015-03-15 18:41:49 +01:00
Daniel Roethlisberger
01d10b192a IPv6 addrs in filenames use underscore not colon
Use underscore instead of colon for all IPv6 addresses in generated
filenames in order to generate NTFS clean filenames.

Issue:		#69
2015-03-15 17:52:04 +01:00
Daniel Roethlisberger
914360eb5e Separate host and port into separate strings
Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner.  This includes the following user-visible changes:

-   Generated filenames that contain host and port, such as by -S and
    -F %d and %s, now use a host,port format instead of [host]:port.

-   Connect log now uses separate fields for host and port.

Issue:		#69 #74
Reported by:	Adam Jacob Muller
2015-03-15 17:23:46 +01:00
Daniel Roethlisberger
a027fb68cd Fix loading of certificate chains with OpenSSL 1.0.2
SSLsplit was directly accessing `extra_certs` within `SSL_CTX` to get to
the extra certificates chain.  When building on OpenSSL 1.0.2 or newer,
use the new API instead of directly accessing `extra_certs`.

Issue:		#79
2015-03-15 00:09:36 +01:00
Daniel Roethlisberger
91da4674e5 Update copyright, license and tagline
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
2015-02-24 19:19:20 +01:00
Daniel Roethlisberger
3662eeae50 Update documentation 2014-12-13 03:23:32 +01:00
Daniel Roethlisberger
7f378251e8 Update documentation 2014-12-12 23:22:11 +01:00
Daniel Roethlisberger
b8213e756d Merge branch 'feature/privsep' into develop
Conflicts:
	NEWS.md
	main.c
	sslsplit.1
2014-11-28 11:08:05 +01:00
Daniel Roethlisberger
61cd0fb541 SSLsplit 0.4.10 release 2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
008821cfca Update NEWS.md 2014-11-28 10:15:09 +01:00
Daniel Roethlisberger
f076336e0b Don't allow -u on Mac OS X with pf proxyspecs
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
2014-11-28 00:13:42 +01:00
Daniel Roethlisberger
43c0f57eec Update NEWS.md for feature/privsep 2014-11-25 23:55:15 +01:00
Daniel Roethlisberger
125163a003 Add local process lookup on FreeBSD using sysctl() API 2014-11-19 22:30:01 +01:00
Daniel Roethlisberger
c35e40a597 Update NEWS.md for OpenSSL 0.9.8y bug workaround 2014-11-20 09:38:13 +01:00
Daniel Roethlisberger
6cc01ec32b Update NEWS.md for -i 2014-11-14 16:22:46 +01:00
Daniel Roethlisberger
f656bcabb7 Update NEWS.md 2014-11-13 23:45:49 +01:00
Daniel Roethlisberger
c8ba26f60d Update documentation after merging #56 2014-11-11 20:08:16 +01:00
Daniel Roethlisberger
6b0e47dc89 Allow more control over used SSL/TLS versions
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
2014-11-05 20:06:11 +01:00
Daniel Roethlisberger
67ed768fec Migrate documentation to markdown
Issue:		#33
2014-11-04 20:39:20 +01:00