Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
308 Commits
2 Branches
25 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '47abb0030d'
${ noResults }
Commit Graph

28 Commits (47abb0030d1370d2bd5cdddc17b76d1664f91793)

Author SHA1 Message Date
Daniel Roethlisberger 341d6b77d1 Use SSL_get_certificate() hack for OpenSSL 0.9.8y 
OpenSSL 0.9.8y also crashes in OpenSSL's SSL_get_certificate() on a
NULL pointer dereference.  Fix by also using the direct access hack
developed for OpenSSL 1.0.0k and 1.0.1e with OpenSSL 0.9.8y.
 10 years ago
Daniel Roethlisberger fcd008df4b Unify asprintf error handling 10 years ago
wjensen cc0b57d341 Fix memory leaks in ssl_x509_load() and ssl_key_load(), remove unnecessary condition in ssl_x509chain_load() 10 years ago
Daniel Roethlisberger 6b0e47dc89 Allow more control over used SSL/TLS versions 
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
 10 years ago
Daniel Roethlisberger 8dbea83b21 Prevent malloc(0) when ssl_x509_names() returns no names 10 years ago
Daniel Roethlisberger eca1ac9a5e Rewrite ssl_x509_subject_cn() error handling 10 years ago
Daniel Roethlisberger 76aab3b816 Fix X509_NAME_get_text_by_NID() error handling 10 years ago
Daniel Roethlisberger ed99fc0260 Use NULL instead of '\0' to avoid type conversion 10 years ago
Daniel Roethlisberger 47c409cbb5 Don't rely on OpenSSL to pull in string.h 
Obtained from:	OpenBSD port patches
 10 years ago
Daniel Roethlisberger 2235e1aad9 Fix memory leak in fake cert generation code 
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally.  Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
 11 years ago
Daniel Roethlisberger 05410fe9b3 Enable SSL_MODE_RELEASE_BUFFERS by default 11 years ago
Daniel Roethlisberger b82ca9b414 Print status of free'd SSL structs in debug mode 11 years ago
Daniel Roethlisberger ca923ee7f1 Update copyright notices to 2014 11 years ago
Daniel Roethlisberger c972501063 Update copyright notices 11 years ago
Daniel Roethlisberger f99e5e34a7 Improve workaround for OpenSSL 1.0.0k/1.0.1e 
Extend and improve the workaround introduced in commit 20b3f66120.
Automatically replace SSL_get_certificate() with a drop-in replacement
if a version of OpenSSL known to be broken is used.  This now covers the
use of SSL_get_certificate() within the connection manager as well and
resolves one more case where OpenSSL could crash.
 11 years ago
Daniel Roethlisberger 20b3f66120 Work around segfault with OpenSSL 1.0.0k/1.0.1e 
A bug in OpenSSL 1.0.0k and 1.0.1e caused sslsplit to crash when loading
certificates using SSL_get_certificate().  Work around the bug by
directly accessing the respective members of SSL* when using any of the
broken versions of OpenSSL.
 11 years ago
Daniel Roethlisberger f27dc964a5 Add warning for OpenSSL 1.0.1e bug causing crash 11 years ago
Daniel Roethlisberger 1995dc4b89 Reinitialize SSL mutexes after fork 
See issue #5.
 12 years ago
Daniel Roethlisberger bd77e6a228 Improve ssl_tmp_dh_callback() error messages 12 years ago
Daniel Roethlisberger 79c2c6e520 Add support for 2048 and 4096 bit Diffie-Hellman 
Add group parameters for 2048 and 4096 bit Diffie-Hellman in addition to
the previous 512 and 1024 bit parameters.  Also add a meaningful error
message when a group size is requested which is not provided.
 12 years ago
Daniel Roethlisberger 38d22415af Generic EC loading, new default curve 'secp160r2' 12 years ago
Daniel Roethlisberger fa425e08d4 Fix PURIFY and warn when not seeding the RNG 12 years ago
Daniel Roethlisberger a224d1e7e8 Add facility to recognize OCSP requests 12 years ago
Daniel Roethlisberger d4be8c3e38 Refactor ssl_x509_names_to_str() for maintainability 12 years ago
Daniel Roethlisberger 04c9112621 Add OCSP URL parsing 12 years ago
Daniel Roethlisberger c75e0569b3 Fix ssl_x509_names() DNSName segfault 12 years ago
Daniel Roethlisberger ae306f3b0b Fix ssl_x509_names() to NULL-terminate buffer 12 years ago
Daniel Roethlisberger 4cfdef405a Initial import of sslsplit-0.4.2 12 years ago