Commit Graph

53 Commits

Author SHA1 Message Date
Soner Tari
9da7437919 Release v0.8.0 2020-05-24 00:22:23 +03:00
Soner Tari
826b612c1e Fix build version
Improve documentation
2020-05-21 16:22:32 +03:00
Soner Tari
59ce88b1ac Move tmp proxyspec vars to new tmp struct
These vars are used while configuring proxyspecs, and freed right after
they are used. So they should not be in proxyspec struct.
Refactor accordingly.
2020-05-14 00:14:40 +03:00
Soner Tari
ac4285cef1 Fix POP3 and SMTP protocol validation, thanks to the new testproxy e2e tests
Add testproxy e2e tests for POP3 and SMTP protocol validation.

We have detected that POP3 and SMTP protocol validation was broken
thanks to these new testproxy e2e tests. This is yet another example why
e2e tests are important.
2020-05-11 17:01:38 +03:00
Soner Tari
f3ac5ee4f2 Move passsite flag to sslctx
The passsite flag is ssl specific.
2020-05-10 21:53:24 +03:00
Soner Tari
f8580d6ac7 Update news
This is the first SSLproxy specific changelog.
2020-05-09 22:16:44 +03:00
Soner Tari
009fe9f6ad Merge sslsplit develop changes 2019-08-08 12:23:04 +03:00
Soner Tari
0d5af14325 Improve exit status handling, merged from sslsplit 2019-08-03 15:31:40 +03:00
Soner Tari
52d37297b6 Update with sslsplit develop changes, especially content logging
Change SIGHUP to behave like SIGUSR1
2018-11-03 18:23:31 +03:00
Soner Tari
d2e9ab4487 Merge sslsplit-develop changes 2018-09-15 02:51:26 +03:00
Soner Tari
0c8348db75 Merge sslsplit develop changes 2018-08-03 23:36:51 +03:00
Soner Tari
27650fab69 Support all command line options in the conf file as well
Update with the latest sslsplit-devel changes
2018-05-09 20:05:29 +03:00
Soner Tari
027b6e3a95 Update with sslsplit develop changes 2018-03-26 18:14:54 +03:00
Soner Tari
9d435e180c Update with SSLsplit 0.5.2 and develop branch changes as of 270218 2018-02-27 22:20:58 +03:00
Soner Tari
4c8831bd90 Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues
Add VerifyPeer and AllowWrongHost options
2018-01-18 03:18:53 +03:00
Soner Tari
67ddee1585 Import sslsplit-devel changes
Add stats logs, initial
Add SSLproxy_SrcAddr header field
Clean-up
2017-07-25 16:07:39 +03:00
Daniel Roethlisberger
7677fe0655 SSLsplit 0.5.0 release 2016-03-27 15:46:35 +02:00
Daniel Roethlisberger
0dbb2aee8f Add autossl to NEWS 2016-03-27 15:07:34 +02:00
Daniel Roethlisberger
2f834419eb Handle inbound EOF before outbound CONNECTED
Fix segmentation fault upon receiving BEV_EVENT_EOF on the inbound
bufferevent while the outbound bufferevent has not received
BEV_EVENT_CONNECTED yet.

Issue:		#124
Patch by:	Eun Soo Park
2016-03-27 12:16:57 +02:00
Daniel Roethlisberger
76cb576ab9 Update NEWS 2016-03-25 16:33:42 +01:00
Daniel Roethlisberger
b3a3c36b70 Fix the SSL session timeout calculation
Issue:		#115
Reported by:	Eun Soo Park
2016-03-15 19:45:58 +01:00
Daniel Roethlisberger
73324dcd7b Update NEWS.md 2016-03-15 19:27:46 +01:00
Daniel Roethlisberger
2bcfaf4b44 Re-enable EV_READ if disabled and outbuf empty
The event buffer write handler failes to re-enable the corresponding
read event of the opposite connection if the buffer is not only down to
less than half the limit, but completely emptied.  In that case, the
read event would never be re-enabled and the connection would stall and
time out.

Issue:		#109
Patch by:	Eun Soo Park
2015-10-25 17:54:27 +01:00
Daniel Roethlisberger
02ab680b34 Add log to PCAP conversion script
Add contributed python script for parsing the output of sslsplit -L
from a log file or named pipe and converting the log entries to an
emulated PCAP format.  Information not contained in the log, such as
sequence numbers, IP IDs etc is emulated and does not correspond to the
original packets on the network.

Issue:		#27
Contributed by:	Maciej Kotowicz
2015-10-09 11:12:59 +02:00
Daniel Roethlisberger
0e2b748bba Only init DNS when DNS is required by proxy specs
Only initialize evdns if DNS lookups are actually required by the loaded
proxy specifications.  This allows sslsplit to work in non-DNS modes in
situations where the local DNS resolver does not work, such as for local
use on a system without network connectivity.  Currently, only SNI based
proxy specs require DNS.  On systems without network connectivity, DNS
subsystem init may fail due to /etc/resolv.conf being (temporarily)
unavailable.

Issue:		#104
2015-09-27 16:39:24 +02:00
Daniel Roethlisberger
d0d3ca9d21 Update docs and -V for LibreSSL and BoringSSL 2015-08-02 22:06:51 +02:00
Daniel Roethlisberger
a084aa62ec Update NEWS.md 2015-07-28 23:58:57 +02:00
Daniel Roethlisberger
3f39f589f2 Warn on OpenSSL version mismatch in debug mode
Issue:		#88
2015-06-23 19:07:23 +02:00
Daniel Roethlisberger
b765cb7e0f Update NEWS.md for #92 2015-04-30 17:00:06 +02:00
Daniel Roethlisberger
7badc2fc13 Move all test RSA keys from 1024 bit to 2048 bit
Issue:		#83
2015-03-24 20:40:15 +01:00
Daniel Roethlisberger
7ae02fa6d0 Merge branch 'master' into develop after 0.4.11 2015-03-16 00:58:27 +01:00
Daniel Roethlisberger
22b4d3c108 SSLsplit 0.4.11 maintenance release 2015-03-16 00:24:02 +01:00
Daniel Roethlisberger
317cd8190f Reorder major bug fixes 2015-03-16 00:20:18 +01:00
Daniel Roethlisberger
c8e9f231bd Fix loading of certificate chains with OpenSSL 1.0.2
SSLsplit was directly accessing `extra_certs` within `SSL_CTX` to get to
the extra certificates chain.  When building on OpenSSL 1.0.2 or newer,
use the new API instead of directly accessing `extra_certs`.

Issue:		#79
2015-03-16 00:18:41 +01:00
Daniel Roethlisberger
568b5a681c Update documentation for new -F formats 2015-03-15 18:41:49 +01:00
Daniel Roethlisberger
01d10b192a IPv6 addrs in filenames use underscore not colon
Use underscore instead of colon for all IPv6 addresses in generated
filenames in order to generate NTFS clean filenames.

Issue:		#69
2015-03-15 17:52:04 +01:00
Daniel Roethlisberger
914360eb5e Separate host and port into separate strings
Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner.  This includes the following user-visible changes:

-   Generated filenames that contain host and port, such as by -S and
    -F %d and %s, now use a host,port format instead of [host]:port.

-   Connect log now uses separate fields for host and port.

Issue:		#69 #74
Reported by:	Adam Jacob Muller
2015-03-15 17:23:46 +01:00
Daniel Roethlisberger
a027fb68cd Fix loading of certificate chains with OpenSSL 1.0.2
SSLsplit was directly accessing `extra_certs` within `SSL_CTX` to get to
the extra certificates chain.  When building on OpenSSL 1.0.2 or newer,
use the new API instead of directly accessing `extra_certs`.

Issue:		#79
2015-03-15 00:09:36 +01:00
Daniel Roethlisberger
91da4674e5 Update copyright, license and tagline
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
2015-02-24 19:19:20 +01:00
Daniel Roethlisberger
3662eeae50 Update documentation 2014-12-13 03:23:32 +01:00
Daniel Roethlisberger
7f378251e8 Update documentation 2014-12-12 23:22:11 +01:00
Daniel Roethlisberger
b8213e756d Merge branch 'feature/privsep' into develop
Conflicts:
	NEWS.md
	main.c
	sslsplit.1
2014-11-28 11:08:05 +01:00
Daniel Roethlisberger
61cd0fb541 SSLsplit 0.4.10 release 2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
008821cfca Update NEWS.md 2014-11-28 10:15:09 +01:00
Daniel Roethlisberger
f076336e0b Don't allow -u on Mac OS X with pf proxyspecs
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
2014-11-28 00:13:42 +01:00
Daniel Roethlisberger
43c0f57eec Update NEWS.md for feature/privsep 2014-11-25 23:55:15 +01:00
Daniel Roethlisberger
125163a003 Add local process lookup on FreeBSD using sysctl() API 2014-11-19 22:30:01 +01:00
Daniel Roethlisberger
c35e40a597 Update NEWS.md for OpenSSL 0.9.8y bug workaround 2014-11-20 09:38:13 +01:00
Daniel Roethlisberger
6cc01ec32b Update NEWS.md for -i 2014-11-14 16:22:46 +01:00
Daniel Roethlisberger
f656bcabb7 Update NEWS.md 2014-11-13 23:45:49 +01:00