SSLproxy

Commit Graph

Author	SHA1	Message	Date
Daniel Roethlisberger	bbbeb7c3a4	Further improve wording for clarity	9 years ago
Daniel Roethlisberger	a0a27742dc	Rewrite description for clarity Issue: #60, #93	9 years ago
Daniel Roethlisberger	a9863c012b	Add Richard Poole to contributor lists	9 years ago
Daniel Roethlisberger	330ea4a74c	Clarify explanation of -t Issue: #84	9 years ago
Daniel Roethlisberger	77109df8d2	Improve docs on autogenerated 1024 bit RSA leaf key Issue: #83	9 years ago
Daniel Roethlisberger	6e53e93d0f	Move from sha1 to sha256 in examples and tests Note that OpenSSL may not support -sha256 on all platforms so we actually check for support before using it in `make test`. For the examples, a modern version of OpenSSL that supports -sha256 is assumed. Issue: #83	9 years ago
Daniel Roethlisberger	568b5a681c	Update documentation for new -F formats	9 years ago
Daniel Roethlisberger	ce002378b8	Use more intuitive letters for new format specs %D for Destination host, %p for the (more interesting) destination port, %S for Source host, %q for the (less interesting) source port.	9 years ago
Daniel Roethlisberger	01d10b192a	IPv6 addrs in filenames use underscore not colon Use underscore instead of colon for all IPv6 addresses in generated filenames in order to generate NTFS clean filenames. Issue: #69	9 years ago
Daniel Roethlisberger	914360eb5e	Separate host and port into separate strings Store host and port in separate strings internally and get rid of the [host]:port representation where separate host and port would be cleaner. This includes the following user-visible changes: - Generated filenames that contain host and port, such as by -S and -F %d and %s, now use a host,port format instead of [host]:port. - Connect log now uses separate fields for host and port. Issue: #69 #74 Reported by: Adam Jacob Muller	9 years ago
Daniel Roethlisberger	62cd0b8af6	Update list of contributors	9 years ago
Daniel Roethlisberger	6a78aeed2d	Minor rewording	9 years ago
Daniel Roethlisberger	692dccfeae	Merge branch 'clarify-linux-REDIRECT' of https://github.com/fd0/sslsplit into issue/76	9 years ago
Daniel Roethlisberger	91da4674e5	Update copyright, license and tagline - Update copyright to 2015 - Remove the non-standard "unmodified" from the 2-clause BSD license - Remove scalable from the tagline to avoid misinterpretations	9 years ago
Alexander Neumann	925209ef4f	Add hints for using Linux iptables REDIRECT target	9 years ago
Daniel Roethlisberger	b8d8af7b29	Document the limitations of passthrough mode (-P)	10 years ago
Daniel Roethlisberger	6ec6c56ded	Refactored -w/-W and improved docs	10 years ago
Daniel Roethlisberger	7f378251e8	Update documentation	10 years ago
PsychoMario	b34336ab4b	moved to develop branch	10 years ago
PsychoMario	5d7c52cde1	fix manpage	10 years ago
PsychoMario	4f310a877a	implemented -W to write original certs	10 years ago
PsychoMario	13dce0aa35	moved write to pxy_srccert_create, -X to -w, opts_free use	10 years ago
PsychoMario	61d5186864	added exclusivity with -K, man page and -h	10 years ago
Daniel Roethlisberger	d6b11f61b7	Clarify needed permission to open /dev/pf et al for reading Issue: #66 Reported by: Nikolay Khodov	10 years ago
Daniel Roethlisberger	b8213e756d	Merge branch 'feature/privsep' into develop Conflicts: NEWS.md main.c sslsplit.1	10 years ago
Daniel Roethlisberger	f076336e0b	Don't allow -u on Mac OS X with pf proxyspecs Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only check permissions on open(/dev/pf). This means that on OS X, it is not possible to open /dev/pf, drop privileges, and send an ioctl to the file descriptor opened earlier with EUID==0. It also means Apple broke the Unix way of dealing with device nodes - why are there file permissions on /dev/pf when they later enforce EUID==0 on use, thereby breaking basic Unix mechanisms? Work around this by disallowing -u with pf proxyspecs and by not automatically dropping to nobody on Mac OS X. Issue: #65 Reported by: Vladimir Marteev	10 years ago
Daniel Roethlisberger	e69b13f2eb	SIGUSR1 re-opens -l/-L log files; add defaults.h Issue: #52	10 years ago
Daniel Roethlisberger	a9bd438756	Minor updates to manual page	10 years ago
Daniel Roethlisberger	c01ace1261	Introduce privilege separation architecture Fork into a monitor parent process and an actual proxy child process, communicating over AF_UNIX sockets. Certain privileged operations are performed through the privileged parent process, like opening log files or listener sockets, while all other operations happen in the child process, which can now drop its privileges without side-effects for log file opening and other privileged operations. This is also a preparation for -l/-L logfile reopening through SIGUSR1. This means that -S and -F are no longer relative to chroot() if used with -j. This is a deliberate POLA violation.	10 years ago
Daniel Roethlisberger	125163a003	Add local process lookup on FreeBSD using sysctl() API	10 years ago
Daniel Roethlisberger	84dfba04f2	Update manual page	10 years ago
Daniel Roethlisberger	96ad8f92af	Add -i and restore order	10 years ago
Daniel Roethlisberger	81241139c7	Merge branch 'logspec_path_support' of git://github.com/fix-macosx/sslsplit into issue/55	10 years ago
Daniel Roethlisberger	a5ccfa3d4b	Remove SSLv2 bug section and add contributors	10 years ago
Landon Fuller	bea605d7ca	Update the man page to include the -F option and its logspec directives.	10 years ago
Daniel Roethlisberger	6b0e47dc89	Allow more control over used SSL/TLS versions Add -r to force a specific SSL/TLS protocol version. Add -R to disable one or several SSL/TLS protocol versions. Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2. Issue: #30 Reported by: @Apollo2342	10 years ago
Daniel Roethlisberger	edf1dac8fa	Improve manual page re protocols and scalability Issue: #42	10 years ago
Daniel Roethlisberger	769fbd042d	Filter HSTS response headers to allow cert override Also remove HTTP Strict Transport Security (HSTS, RFC 6797) headers from HTTP responses. With HSTS active, the user is not allowed to accept untrusted certificates.	10 years ago
Daniel Roethlisberger	0a225ae65c	Update documentation after merging pull req #35	10 years ago
Daniel Roethlisberger	85b177f6b0	Special device nodes may be needed for -j to work	10 years ago
Daniel Roethlisberger	3226d9bfcf	No longer chroot() by default when run as root No longer implicitly use -j /var/empty by default and document clearly the implications of using -j with -S and/or sni proxyspecs. Issue: #21	11 years ago
Daniel Roethlisberger	6643d832d9	Add experimental support for pf on Mac OS X Support pf rdr on Mac OS X 10.7, 10.8 and 10.9 by including the missing Apple headers in the source tree and enable private Apple code. Since we are using an interface marked private by Apple, this code is very experimental. Issue: #15 Reported by: Amit Chowdhary	11 years ago
Daniel Roethlisberger	ca923ee7f1	Update copyright notices to 2014	11 years ago
Daniel Roethlisberger	8cc81c7f1c	FreeBSD pf also has divert-to since 9.0-RELEASE	11 years ago
Daniel Roethlisberger	0987300e28	Improve IPFW and pf wording in the documentation	11 years ago
Daniel Roethlisberger	68a60b9734	Update manual page for OpenBSD Add configuration examples for both old and new OpenBSD pf syntax and give an example of using OpenBSD pf divert sockets for redirection. Based on the OpenBSD port patchset. Reported by: Stuart Henderson	11 years ago
Daniel Roethlisberger	c73ce64c16	Update README and manual page for HPKP prevention	11 years ago
Daniel Roethlisberger	c972501063	Update copyright notices	11 years ago
Daniel Roethlisberger	807b7c1d3b	Fix typo in manpage	12 years ago
Daniel Roethlisberger	62af96e413	Clarify when it is preferred to use SNI proxyspecs	12 years ago

1 2

58 Commits (29f7ae7bb402d9bcf84becfad1adf04d36be56ff)