Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
440 Commits
2 Branches
25 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '25b096450d'
${ noResults }
Commit Graph

440 Commits (25b096450de21fd143007792cfcc566575ae1e29)
 

Author SHA1 Message Date
PsychoMario 61d5186864 added exclusivity with -K, man page and -h 10 years ago
PsychoMario cbb2a179f9 naive implementation with -X, no help, validation, logging 10 years ago
Daniel Roethlisberger d6b11f61b7 Clarify needed permission to open /dev/pf et al for reading 
Issue:		#66
Reported by:	Nikolay Khodov
 10 years ago
Daniel Roethlisberger 39e9c898e5 Move default cipher suite spec to defaults.h 10 years ago
Daniel Roethlisberger 0a6ca2ac98 Update licensing information 10 years ago
Daniel Roethlisberger 521adb7275 Format file refs with backticks 10 years ago
Daniel Roethlisberger e6dc9db6a4 Fix markdown links 10 years ago
Daniel Roethlisberger f2ff2ec9f5 Link to Github author pages 10 years ago
Daniel Roethlisberger b8ecbcd773 Split out AUTHORS.md and HACKING.md from README.md 10 years ago
Daniel Roethlisberger b8213e756d Merge branch 'feature/privsep' into develop 
Conflicts:
	NEWS.md
	main.c
	sslsplit.1
 10 years ago
Daniel Roethlisberger 61cd0fb541 SSLsplit 0.4.10 release 10 years ago
Daniel Roethlisberger 5ac565f5df Note that -j impacts -S and -F 10 years ago
Daniel Roethlisberger 008821cfca Update NEWS.md 10 years ago
Daniel Roethlisberger ab466aafb7 Allow -u root with pf proxyspecs on OS X 10 years ago
Daniel Roethlisberger f076336e0b Don't allow -u on Mac OS X with pf proxyspecs 
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
 10 years ago
Daniel Roethlisberger c4b22efa5a Fix segmentation fault for aborted connections 10 years ago
Daniel Roethlisberger 9341f25e6d Explicitly support Yosemite 10.10.1 with XNU 2782.1.97 10 years ago
Daniel Roethlisberger 47abb0030d Update clean target for newer clang build artefacts 10 years ago
Daniel Roethlisberger 43c0f57eec Update NEWS.md for feature/privsep 10 years ago
Daniel Roethlisberger e69b13f2eb SIGUSR1 re-opens -l/-L log files; add defaults.h 
Issue:		#52
 10 years ago
Daniel Roethlisberger 16a1beb655 Fix version output on local procinfo availability 10 years ago
Daniel Roethlisberger a9bd438756 Minor updates to manual page 10 years ago
Daniel Roethlisberger 12ff6e6ddf Merge https://github.com/fix-macosx/sslsplit 
Conflicts:
	GNUmakefile
	main.c
 10 years ago
Daniel Roethlisberger 25e3145d1f Add missing headers to fix build on FreeBSD 8.4 10 years ago
Daniel Roethlisberger 476967ccdc Add SIGUSR1 to the signals forwarded by the parent 10 years ago
Daniel Roethlisberger 0e0a465f5d Fix build on OpenBSD by adding missing includes 10 years ago
Daniel Roethlisberger c01ace1261 Introduce privilege separation architecture 
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets.  Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations.  This is also a
preparation for -l/-L logfile reopening through SIGUSR1.

This means that -S and -F are no longer relative to chroot() if used
with -j.  This is a deliberate POLA violation.
 10 years ago
Daniel Roethlisberger b3f4d25619 Make log_fini() more robust 10 years ago
Daniel Roethlisberger a027f87c1c Check if -u and -m user and group exist immediately 10 years ago
Daniel Roethlisberger db80d3460c Remove spurious UNUSED attribute 10 years ago
Daniel Roethlisberger a09f42a507 Handle EINTR in sys_sendmsgfd() and sys_recvmsgfd() 10 years ago
Daniel Roethlisberger 2d97659a6b Check if args to -j and -S are directories 10 years ago
Daniel Roethlisberger 86397dac89 Break at 80 cols 10 years ago
Daniel Roethlisberger 762bd0cba1 Rename shortcut flag for clarity 10 years ago
Daniel Roethlisberger 53096b2e61 Add util_max() 10 years ago
Daniel Roethlisberger 71743feaa1 Add functions to send/recv UNIX dgram socket msgs and fds 10 years ago
Daniel Roethlisberger 65f56f634d Improve error handling on logging calls 10 years ago
Daniel Roethlisberger 98520c8091 Remove old struct definition 10 years ago
Daniel Roethlisberger c24d32e9e5 Remove obsolete preinit code 10 years ago
Daniel Roethlisberger 25edad1b6a Merge branch 'rewrite/logthr' 10 years ago
Daniel Roethlisberger d1d6d295df Fixing error-case memory leaks in uid/gid lookups 10 years ago
Daniel Roethlisberger b5e3856a97 Move open() and mkdir() to logger thread 10 years ago
Daniel Roethlisberger 5fd1d7de9c Rename flags for clarity 10 years ago
Daniel Roethlisberger 77942a7abb Fix compiler warning on type conversion 10 years ago
Daniel Roethlisberger 007823b16e Fix connect logging for corner cases 10 years ago
Daniel Roethlisberger 80af8f7d52 Fix SSL_METHOD* const mismatch on OpenSSL < 1.0.0 10 years ago
Daniel Roethlisberger 125163a003 Add local process lookup on FreeBSD using sysctl() API 10 years ago
Daniel Roethlisberger 7b8ba7310d Fix uid/gid lookup where sysconf(_SC_GETPW_R_SIZE_MAX) fails 
On some platforms, sysconf(_SC_GETPW_R_SIZE_MAX) compiles but never
succeeds (e.g. FreeBSD 8.4).  Fix this by dynamically enlarging an
initially small buffer until it is large enough, and reuse the
determined buffer size on subsequent calls to the same function.
 10 years ago
Daniel Roethlisberger c35e40a597 Update NEWS.md for OpenSSL 0.9.8y bug workaround 10 years ago
Daniel Roethlisberger 341d6b77d1 Use SSL_get_certificate() hack for OpenSSL 0.9.8y 
OpenSSL 0.9.8y also crashes in OpenSSL's SSL_get_certificate() on a
NULL pointer dereference.  Fix by also using the direct access hack
developed for OpenSSL 1.0.0k and 1.0.1e with OpenSSL 0.9.8y.
 10 years ago