Daniel Roethlisberger
0987300e28
Improve IPFW and pf wording in the documentation
2013-12-23 13:57:57 +01:00
Daniel Roethlisberger
68a60b9734
Update manual page for OpenBSD
...
Add configuration examples for both old and new OpenBSD pf syntax and
give an example of using OpenBSD pf divert sockets for redirection.
Based on the OpenBSD port patchset.
Reported by: Stuart Henderson
2013-12-17 15:28:30 +01:00
Daniel Roethlisberger
fc29806663
Fix off by one error in thrmgr error cleanup code
...
This should remove another potential source of segmentation faults when
the thread manager fails to start.
Issue: #10
Reported by: linuxton
2013-08-24 21:44:40 +02:00
Daniel Roethlisberger
29f912096b
More verbose debugging in pxy_thrmgr_run()
2013-08-23 17:28:08 +02:00
Daniel Roethlisberger
080604e3c2
Fix segfault after thread manager start failure
...
This should fix the segmentation fault in issue #10 but not the
underlying reason why the thread manager fails to start in the first
place.
Issue: #10
Reported by: linuxton
2013-08-23 16:56:12 +02:00
Daniel Roethlisberger
a94dbc8c3a
Refactor event handler for clarity
2013-08-23 15:07:07 +02:00
Daniel Roethlisberger
054ae555b5
Enable unit tests on Travis CI
2013-07-03 15:53:52 +02:00
Daniel Roethlisberger
22d98f2c21
Add Travis-CI configuration
2013-07-03 15:34:30 +02:00
Daniel Roethlisberger
33692df51a
SSLsplit 0.4.7 release
2013-07-02 16:06:16 +02:00
Daniel Roethlisberger
a0fd9c1050
Start thrmgr threads after forking
2013-07-02 15:54:46 +02:00
Daniel Roethlisberger
c73ce64c16
Update README and manual page for HPKP prevention
2013-06-29 23:29:31 +02:00
Daniel Roethlisberger
1e67db0b66
Update NEWS after merge of feature/resphdrfilter
2013-06-29 22:52:29 +02:00
Daniel Roethlisberger
38280818f8
Add HTTP content-length to connect log
2013-06-29 22:50:39 +02:00
Daniel Roethlisberger
b746a6f6bb
Add HTTP response header filtering
...
Filter response headers in order to remove HPKP headers. As an added
benefit, parse the HTTP status code and add it to the connection log.
2013-06-29 22:35:51 +02:00
Daniel Roethlisberger
82bbae7fde
make test
requires Internet connectivity
2013-06-27 09:59:18 +02:00
Daniel Roethlisberger
b662906f9b
SSLsplit 0.4.6 release
2013-06-03 17:58:03 +02:00
Daniel Roethlisberger
8fceac4201
Update NEWS for issue #9
2013-05-27 00:29:02 +02:00
Daniel Roethlisberger
2a4a9c8b23
Fix fallback to passthrough when no cert present
...
Properly reset connection state when reconnecting the dst part of the
connection. This fixes the fallback to passthrough when no certficates
are present which can be used to split the SSL.
Issue: #9
Reported by: ceear
2013-05-27 00:22:45 +02:00
Daniel Roethlisberger
ac9a2613e0
Only generate RSA leaf key if CA key present
...
Issue: #9
Reported by: ceear
2013-05-27 00:17:36 +02:00
Daniel Roethlisberger
9f23fb31aa
Log new bev connections to debug log
2013-05-27 00:03:05 +02:00
Daniel Roethlisberger
b06a2474f5
Shortcut errlog thrqueue in debug mode
2013-05-27 00:01:44 +02:00
Daniel Roethlisberger
c972501063
Update copyright notices
2013-04-24 20:36:38 +02:00
Daniel Roethlisberger
711448759c
Bind to ports before dropping privileges
...
This fixes a regression which caused bind() to ports < 1024 to fail with
the default settings of dropping privileges to nobody.
Issue: #8
Reported by: Ian Grispan
2013-04-24 17:17:23 +02:00
Daniel Roethlisberger
f99e5e34a7
Improve workaround for OpenSSL 1.0.0k/1.0.1e
...
Extend and improve the workaround introduced in commit 20b3f66120
.
Automatically replace SSL_get_certificate() with a drop-in replacement
if a version of OpenSSL known to be broken is used. This now covers the
use of SSL_get_certificate() within the connection manager as well and
resolves one more case where OpenSSL could crash.
2013-04-24 17:15:49 +02:00
Daniel Roethlisberger
20b3f66120
Work around segfault with OpenSSL 1.0.0k/1.0.1e
...
A bug in OpenSSL 1.0.0k and 1.0.1e caused sslsplit to crash when loading
certificates using SSL_get_certificate(). Work around the bug by
directly accessing the respective members of SSL* when using any of the
broken versions of OpenSSL.
2013-04-24 15:44:06 +02:00
Daniel Roethlisberger
f27dc964a5
Add warning for OpenSSL 1.0.1e bug causing crash
2013-04-03 19:01:48 +02:00
Daniel Roethlisberger
146188b750
Improve SNI peek debugging
2013-04-03 18:12:52 +02:00
Daniel Roethlisberger
469a6e470d
Update TODO
2013-04-03 18:12:52 +02:00
Daniel Roethlisberger
bd639bf847
Fix typo in comment
2013-04-03 18:12:52 +02:00
Daniel Roethlisberger
d3a84b38f6
Add TODO item
2013-01-26 19:02:25 +01:00
Daniel Roethlisberger
92db084d25
Fix documentation of sys_sockaddr_parse()
2012-12-06 16:03:30 +01:00
Daniel Roethlisberger
37758dda59
SSLsplit 0.4.5 release
2012-11-07 18:36:51 +01:00
Daniel Roethlisberger
005ebd1b95
Fix syslog for more error cases
...
Also fix issue #6 for target certificate loading error cases.
2012-10-23 23:04:22 +02:00
Daniel Roethlisberger
6e6868c051
Update NEWS
2012-10-23 23:01:59 +02:00
Daniel Roethlisberger
d3abdfd5dc
Fix race condition on proxy startup failure
...
Yield the CPU in the main thread until the proxy thread manager is fully
started. Otherwise, the main thread could free the proxy thread manager
while the threads are still starting up, leading to a deadlock.
2012-10-23 22:52:54 +02:00
Daniel Roethlisberger
bb15224d11
Flush error queue prior to exiting
...
Reorganize the cleanup code after detaching from the TTY in order to be
able to flush the error queue before calling exit(). Addresses issue #6
2012-10-23 21:30:11 +02:00
Daniel Roethlisberger
7713f82b62
Move more log writes after log initialization
2012-10-17 00:24:26 +02:00
Daniel Roethlisberger
71f06e501c
Update NEWS
2012-10-17 00:18:46 +02:00
Daniel Roethlisberger
1995dc4b89
Reinitialize SSL mutexes after fork
...
See issue #5 .
2012-10-17 00:11:53 +02:00
Daniel Roethlisberger
067521924a
Cleanup tgcrt loading to protect mutexes from fork
...
See issue #5 .
2012-10-17 00:10:47 +02:00
Daniel Roethlisberger
173b2435d2
Allocate thread queue in start() not new()
2012-10-16 23:38:48 +02:00
Daniel Roethlisberger
3d15f14239
Fix lost error message
2012-10-16 23:37:46 +02:00
Daniel Roethlisberger
bb9c353ecb
Initialize proxy after detaching from TTY
...
Fixes issue #5 .
2012-10-16 23:20:55 +02:00
Daniel Roethlisberger
0073cbdc47
Make cache initialization fork()-safe
...
POSIX threads require mutexes to be reinitialized after fork(). Not
doing so will break daemon mode, depending on pthread implementation.
See issue #5 .
2012-10-16 23:05:37 +02:00
Daniel Roethlisberger
b27175f910
Reorder initialization in main()
2012-10-16 22:52:54 +02:00
Daniel Roethlisberger
eb6162389f
Remove commit ids from NEWS file
2012-10-16 22:02:17 +02:00
Daniel Roethlisberger
807b7c1d3b
Fix typo in manpage
2012-10-16 21:56:03 +02:00
Daniel Roethlisberger
6b2bef3920
Add separate LICENSE file
2012-10-03 01:12:12 +02:00
Daniel Roethlisberger
cdfaeedb80
Ignore all DH param files under extra/pki
2012-10-03 00:53:02 +02:00
Daniel Roethlisberger
ff6fbef91f
Add 4096-bit Diffie-Hellman to dh target
2012-10-03 00:50:50 +02:00