Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
354 Commits
2 Branches
26 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '11f6742bff'
${ noResults }
Commit Graph

63 Commits (11f6742bfff122f48bc4cf323e085574c5382d8b)

Author SHA1 Message Date
PsychoMario 3aff928daf moved key output to main.c, caught some bugs 10 years ago
PsychoMario b34336ab4b moved to develop branch 10 years ago
PsychoMario 4f310a877a implemented -W to write original certs 10 years ago
PsychoMario 13dce0aa35 moved write to pxy_srccert_create, -X to -w, opts_free use 10 years ago
PsychoMario 73042d4daa fix mutual exclusivity, sprintf->asprintf 10 years ago
PsychoMario 61d5186864 added exclusivity with -K, man page and -h 10 years ago
PsychoMario cbb2a179f9 naive implementation with -X, no help, validation, logging 10 years ago
Daniel Roethlisberger 39e9c898e5 Move default cipher suite spec to defaults.h 10 years ago
Daniel Roethlisberger b8213e756d Merge branch 'feature/privsep' into develop 
Conflicts:
	NEWS.md
	main.c
	sslsplit.1
 10 years ago
Daniel Roethlisberger 5ac565f5df Note that -j impacts -S and -F 10 years ago
Daniel Roethlisberger ab466aafb7 Allow -u root with pf proxyspecs on OS X 10 years ago
Daniel Roethlisberger f076336e0b Don't allow -u on Mac OS X with pf proxyspecs 
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
 10 years ago
Daniel Roethlisberger e69b13f2eb SIGUSR1 re-opens -l/-L log files; add defaults.h 
Issue:		#52
 10 years ago
Daniel Roethlisberger 16a1beb655 Fix version output on local procinfo availability 10 years ago
Daniel Roethlisberger c01ace1261 Introduce privilege separation architecture 
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets.  Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations.  This is also a
preparation for -l/-L logfile reopening through SIGUSR1.

This means that -S and -F are no longer relative to chroot() if used
with -j.  This is a deliberate POLA violation.
 10 years ago
Daniel Roethlisberger a027f87c1c Check if -u and -m user and group exist immediately 10 years ago
Daniel Roethlisberger 2d97659a6b Check if args to -j and -S are directories 10 years ago
Daniel Roethlisberger 86397dac89 Break at 80 cols 10 years ago
Daniel Roethlisberger 5fd1d7de9c Rename flags for clarity 10 years ago
Daniel Roethlisberger fcd008df4b Unify asprintf error handling 10 years ago
Daniel Roethlisberger 544b93a9ab Add procinfo status to -V 10 years ago
Daniel Roethlisberger 150650c7e9 Make local procinfo run-time optional (-i) and use src host:port 10 years ago
Daniel Roethlisberger 0d07aeff7e Don't automatically drop to nobody if logspec is used 10 years ago
Daniel Roethlisberger 38314ea16d Formatting changes 10 years ago
Landon Fuller 7ce301a60f
Fix incorrect format specifiers used in the -F usage example. 10 years ago
Landon Fuller 02c6e6e605
Adopt the new oom_die() usage. 10 years ago
Landon Fuller a4c518c8a0
Merge remote-tracking branch 'origin/fix-macosx' into logspec_path_support 10 years ago
Daniel Roethlisberger 206c688219 Refactor SSL/TLS debug code 10 years ago
Daniel Roethlisberger 601cdf5b52 Add SSL/TLS protocol selection debug code 10 years ago
Daniel Roethlisberger 6b0e47dc89 Allow more control over used SSL/TLS versions 
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
 10 years ago
Daniel Roethlisberger cc6cb59485 Rewrite Mac OS X support to use proper XNU headers 
Move from one set of headers per major OS X release to one set of
headers per XNU release.  Fetch the header files from Apple's official
Open Source site instead of GitHub in the fetchdeps developer target.
As a side effect, 10.6.x is now supported as well (untested), and proper
headers are used for 10.10.

Issue:		#39
 10 years ago
Daniel Roethlisberger 42efb4a980 Slightly improve user experience for new option -m 10 years ago
Daniel Roethlisberger ee9d434cac Further improving OOM handling in early stages of main() 10 years ago
Daniel Roethlisberger b1b8fe09b9 Merge pull request #35 from fix-macosx/specify-custom-gid 
Add support for specifying an explicit group when dropping privileges.
 10 years ago
Daniel Roethlisberger bea022540f Handle strdup() failure in early stages of main() 
Issue:		#38
Reported by:	Markus Elfring
 10 years ago
Landon Fuller e6aa76b844 Implement automatic creation of parent directories. 10 years ago
Landon Fuller 06c61c16ed Add support for specifying log paths as a specialized format string. 
Format string handling is fully implemented, with the exception of
support for automatically creating missing directories.
 10 years ago
Landon Fuller 9d54677009 Add support for specifying an explicit group when dropping privileges. 
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
 10 years ago
Landon Fuller ecbc84438a Fix crash in strdup() when no default NAT engine is available. 10 years ago
Daniel Roethlisberger 3226d9bfcf No longer chroot() by default when run as root 
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.

Issue:		#21
 11 years ago
Daniel Roethlisberger db0fa32b07 Load -t certificates before dropping privileges 
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges.  This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys.  This bug was
introduced in 0675219 as a spurious part of fixing #5.

Issue:		#20, #19
Reported by:	Miroslav Stampar
 11 years ago
Daniel Roethlisberger 13ed7f8425 Slightly improve error logging on log init failure 
Issue:		#13
Reported by:	vinies
 11 years ago
Daniel Roethlisberger ca923ee7f1 Update copyright notices to 2014 11 years ago
Daniel Roethlisberger ac9a2613e0 Only generate RSA leaf key if CA key present 
Issue:          #9
Reported by:    ceear
 11 years ago
Daniel Roethlisberger c972501063 Update copyright notices 12 years ago
Daniel Roethlisberger 711448759c Bind to ports before dropping privileges 
This fixes a regression which caused bind() to ports < 1024 to fail with
the default settings of dropping privileges to nobody.

Issue:          #8
Reported by:    Ian Grispan
 12 years ago
Daniel Roethlisberger 005ebd1b95 Fix syslog for more error cases 
Also fix issue #6 for target certificate loading error cases.
 12 years ago
Daniel Roethlisberger bb15224d11 Flush error queue prior to exiting 
Reorganize the cleanup code after detaching from the TTY in order to be
able to flush the error queue before calling exit().  Addresses issue #6
 12 years ago
Daniel Roethlisberger 7713f82b62 Move more log writes after log initialization 12 years ago
Daniel Roethlisberger 1995dc4b89 Reinitialize SSL mutexes after fork 
See issue #5.
 12 years ago