Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
213 Commits
2 Branches
26 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '375bf2a13c'
${ noResults }
Commit Graph

43 Commits (375bf2a13c164c98515641f46b87856e7ec71d76)

Author SHA1 Message Date
Daniel Roethlisberger 375bf2a13c Clarify comment about logging 10 years ago
Daniel Roethlisberger 6b0e47dc89 Allow more control over used SSL/TLS versions 
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
 10 years ago
Daniel Roethlisberger 5219d494f3 Protect session cache calls from sess == NULL 10 years ago
Daniel Roethlisberger fcb64e85e7 Make SSLv2 support opt-in instead of opt-out 
Migrate knobs from DISABLE_SSLV2_CLIENT and DISABLE_SSLV2_SERVER to
WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER and remove the
DISABLE_SSLV2_SESSION_CACHE knob entirely, automatically including the
respective code if SSLv2 support is compiled into SSLsplit.
 10 years ago
Daniel Roethlisberger 769fbd042d Filter HSTS response headers to allow cert override 
Also remove HTTP Strict Transport Security (HSTS, RFC 6797) headers from
HTTP responses.  With HSTS active, the user is not allowed to accept
untrusted certificates.
 10 years ago
Daniel Roethlisberger b1a7b11aea Don't depend on the space when parsing HTTP headers 10 years ago
Daniel Roethlisberger d85e5ddbe2 Disable SSLv2 support by default 10 years ago
Daniel Roethlisberger ac98c2d9cc Fix segmentation fault when using -t without a CA 
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
 11 years ago
Daniel Roethlisberger e1d8a2a965 Lint fix: define some variables in smaller scope 11 years ago
Daniel Roethlisberger 716139b169 Suppress SPDY/QUIC by removing Alternate-Protocol headers 11 years ago
Daniel Roethlisberger 2235e1aad9 Fix memory leak in fake cert generation code 
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally.  Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
 11 years ago
Daniel Roethlisberger 05410fe9b3 Enable SSL_MODE_RELEASE_BUFFERS by default 11 years ago
Daniel Roethlisberger 56842b2f63 Fix file descriptor leak in passthrough mode (-P) 
When using passthrough mode, if a connection to a server fails with an
SSL error, sslsplit falls back to plain TCP passthrough.  When
reconnecting with plain TCP, the SSL context was freed, but the file
descriptor was never closed.  The fix remedies that by calling the
proper cleanup function for the dst bev before reconnecting.

Reported by:	Peter Haag
 11 years ago
Daniel Roethlisberger e129041c1c Add some OpenSSL refcounting comments 11 years ago
Daniel Roethlisberger e7ba15f184 Remove unused variable 11 years ago
Daniel Roethlisberger 4849a9738b Set ssl fields to NULL after freeing 11 years ago
Daniel Roethlisberger 7b09128ead Fix double free of SSL_CTX 
Remove a superfluous call to SSL_CTX_free() which caused SSL_CTX
structures to be free'd twice under some circumstances.

Issue:		#16
Reported by:	Amit Chowdhary
 11 years ago
Daniel Roethlisberger b82ca9b414 Print status of free'd SSL structs in debug mode 11 years ago
Daniel Roethlisberger de27f40b04 Fix two typos in comments 11 years ago
Daniel Roethlisberger bccbdbf1cc Free SSL_CTX directly after calling SSL_new() 
Since SSL_new() increments the refcount of the passed SSL_CTX, free it
directly after handing it to SSL_new() instead of later after SSL_free().
 11 years ago
Daniel Roethlisberger cfa5b15223 Fix dst bufferevent BEV_EVENT_CONNECTED handler 
This removes the spurious "Unknown bufferevent 0x80" debug message but
does not have any change in functionality, since return would have been
called anyway after falling down the debug message.

While here, remove the useless "ignoring event" debug message unless
DEBUG_PROXY is defined, and also print the timeout flag in debug mode.
 11 years ago
Daniel Roethlisberger 06a02f946a Always explicitly name the non-null arguments 
Always explicitly name which arguments are non-null, even if all
arguments are non-null.  This is to avoid bugs where newly added
arguments are automatically non-null by accident, possibly leading to
optimisation errors.

This also fixes a few potential errors related to non-null arguments;
specifically it prevents the compiler optimising away a test for sni
being NULL in cachedsess_mkkey().

Issue:		#14
Reported by:	kythyria
 11 years ago
Daniel Roethlisberger ca923ee7f1 Update copyright notices to 2014 11 years ago
Daniel Roethlisberger a94dbc8c3a Refactor event handler for clarity 11 years ago
Daniel Roethlisberger 38280818f8 Add HTTP content-length to connect log 11 years ago
Daniel Roethlisberger b746a6f6bb Add HTTP response header filtering 
Filter response headers in order to remove HPKP headers.  As an added
benefit, parse the HTTP status code and add it to the connection log.
 11 years ago
Daniel Roethlisberger 2a4a9c8b23 Fix fallback to passthrough when no cert present 
Properly reset connection state when reconnecting the dst part of the
connection.  This fixes the fallback to passthrough when no certficates
are present which can be used to split the SSL.

Issue:          #9
Reported by:    ceear
 11 years ago
Daniel Roethlisberger 9f23fb31aa Log new bev connections to debug log 11 years ago
Daniel Roethlisberger c972501063 Update copyright notices 11 years ago
Daniel Roethlisberger 146188b750 Improve SNI peek debugging 11 years ago
Daniel Roethlisberger bb15224d11 Flush error queue prior to exiting 
Reorganize the cleanup code after detaching from the TTY in order to be
able to flush the error queue before calling exit().  Addresses issue #6
 12 years ago
Daniel Roethlisberger 457c2621b8 Fix warning when SSLv2 session cache is enabled 12 years ago
Daniel Roethlisberger 8eb5165760 Optimize debug branching using __builtin_expect() 12 years ago
Daniel Roethlisberger 38d22415af Generic EC loading, new default curve 'secp160r2' 12 years ago
Daniel Roethlisberger a592f7149c Improve error handling for no origcrt situations 12 years ago
Daniel Roethlisberger 605c1ab6e6 Improve error recovery under low memory conditions 12 years ago
Daniel Roethlisberger 3fd9084fe1 Quickly decide on GET URIs obviously not OCSP 12 years ago
Daniel Roethlisberger ee98c04b29 Add generic OCSP denial 12 years ago
Daniel Roethlisberger 9f40fbc473 Replace empty strings with dash when logging 12 years ago
Daniel Roethlisberger 07d591fccf Skip whitespace when parsing HTTP headers 12 years ago
Daniel Roethlisberger 083b02d78d Minor reformatting 12 years ago
Daniel Roethlisberger d4be8c3e38 Refactor ssl_x509_names_to_str() for maintainability 12 years ago
Daniel Roethlisberger 4cfdef405a Initial import of sslsplit-0.4.2 12 years ago