TravisCI has removed IPv6 support in 2016. To cope with this regression
in the testing infrastructure, disable all tests on Travis that depend
on the system being able to handle ::1 as an IP address. Normal unit
testing still uses the full test suite.
Introduce HAVE_SSLV2, HAVE_SSLV3, HAVE_TLSV10, HAVE_TLSV11 and
HAVE_TLSV12 to indicate that support for the respective protocol is
available in OpenSSL. This was necessary due to the increased
complexity of testing version support following the phasing out of SSLv2
and SSLv3 from OpenSSL implementations. This fixes the build with
OpenSSL versions which have SSLv3 support removed.
While here, de-duplicate code for setting SSL_CTX options and do not set
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION anymore; it has no benefit
in the context of splitting SSL/TLS for analysis.
Reported by: Jérémie Courrèges-Anglas
Refactor and unify ssl_tls_clienthello_identify() and the earlier
ssl_tls_clienthello_parse_sni() into a single
ssl_tls_clienthello_parse() function that handles parsing ClientHello
messages for different purposes. As a result, rename the debug knob
DEBUG_SNI_PARSER into DEBUG_CLIENTHELLO_PARSER.
Fix automatic search for dependencies when multiple instances of the
same library are installed in different prefixes that we search, by
using the first one found. Automatic search is only used when
pkg-config was not found. This fixes compiler errors caused by spurious
path names within compiler or linker flags, such as
ld: can't map file, errno=22 file '/usr/lib' for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see
invocation)
While here, also make XNU header version fallback more robust and add
(diabled) version mappings for 10.10.2 and 10.10.3 which are not
published by Apple yet.
Issue: #96
Reported by: Jan Vilhuber
Allow for additional flags to pkg-config by means of a PCFLAGS variable.
This e.g. allows to set PCFLAGS='--static' for static builds in
combination with CFLAGS='-static' and LDFLAGS='-static'.
Issue: #82
Reported by: @kickwindbg
Introducing the overridable variables INSTALLUID, INSTALLGID, BINUID,
BINGID, BINMODE, MANUID, MANGID, MANMODE that allow overriding of uid,
gid and mode of installed files. Note that this solution still has the
limitation that uid, gid and mode of created directories cannot be set.
Issue: #81
Reported by: Shiloh Heurich
If the proper headers matching either the reported XNU version or OS X
version exactly cannot be found, use the latest headers that SSLsplit
knows about. This fixes build on new releases of OS X that have no
source code published by Apple yet.
This fixes the following make error on Mac OS X versions that we don't
explicitly support yet due to missing sources:
GNUmakefile:55: *** unterminated call to function `shell': missing `)'.
Stop.
Reported by: Justin Garrick
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.
Issue: #30
Reported by: @Apollo2342
Migrate knobs from DISABLE_SSLV2_CLIENT and DISABLE_SSLV2_SERVER to
WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER and remove the
DISABLE_SSLV2_SESSION_CACHE knob entirely, automatically including the
respective code if SSLv2 support is compiled into SSLsplit.
Move from one set of headers per major OS X release to one set of
headers per XNU release. Fetch the header files from Apple's official
Open Source site instead of GitHub in the fetchdeps developer target.
As a side effect, 10.6.x is now supported as well (untested), and proper
headers are used for 10.10.
Issue: #39
Support pf rdr on Mac OS X 10.7, 10.8 and 10.9 by including the missing
Apple headers in the source tree and enable private Apple code. Since
we are using an interface marked private by Apple, this code is very
experimental.
Issue: #15
Reported by: Amit Chowdhary
OpenBSD 4.7+ and FreeBSD 9.0+ also include ipfw-style divert-to in pf,
so build ipfw NAT engine as well if pf is detected.
Reported by: Stuart Henderson
Get rid of the fragile glibc auto-detection mechanism and define
_GNU_SOURCE unconditionally in order to fix the build on recent GNU libc
systems such as Debian and Ubuntu. On non-GNU libc implementations,
_GNU_SOURCE should not have any effect.
Issue: #2
Reported by: Vincent Bernat
