Soner Tari
e1aac3a69d
Fix main_check_opts
5 years ago
Soner Tari
8484c8b927
Fix handling of proxyspec struct closing brace
5 years ago
Soner Tari
c9769b0d89
Fix global opts lprocinfo
5 years ago
Soner Tari
f42e682f59
Fix unit tests
5 years ago
Soner Tari
58eb907d69
Separate global and proxyspec opts
5 years ago
Soner Tari
d6f0f4cdc7
Create proxyspec options
5 years ago
Soner Tari
57ae6f07a5
Update OCSP denied comments
5 years ago
Soner Tari
70fa08a36a
Fix OCSP denied response
5 years ago
Soner Tari
3b25ea2e34
Fix http method validation: Compare 1 byte longer than method len, so that GET1 is not validated as GET
5 years ago
Soner Tari
a7d671169c
Fix handling of HTTP Accept-Encoding
5 years ago
Soner Tari
d50bb0bfa6
Fix proto http child setup
5 years ago
Soner Tari
f6a8522d1e
Enable -O2 optimization, remove -g
...
Clean up gitignore
Fix typos
5 years ago
Soner Tari
1c8a837df1
Fix FreeBSD support: Call available_fds() on FreeBSD too
5 years ago
Soner Tari
adee22db09
Fix FreeBSD support, pr #13 by @5u623l20
...
FreeBSD does not have getdtablecount() and needs netinet/in.h
5 years ago
Soner Tari
d1a3328c58
Differentiate PassSite option from Passthrough option: PassSite does not require Passthrough now
...
Remove redundant if conditions
6 years ago
Soner Tari
c146b8a0ec
Make sure sni and ssl_names are not null, fixes signal 11 crash reported by @janusloo
6 years ago
Soner Tari
22ad78c8f9
Fix passthrough conn logging
6 years ago
Soner Tari
26a73d797d
Fix passsite struct free
6 years ago
Soner Tari
c3abe74776
Add client filtering to PassSite option, per site filters can be defined using client IP addresses, users, and description keywords
6 years ago
Soner Tari
07a6c32e93
Update documentation with PassSite option
6 years ago
Soner Tari
7e17bd198e
Require ssl_names if passsite is set
6 years ago
Soner Tari
119fc8e69e
Improve passsite log messages and comments
6 years ago
Soner Tari
7e8fcbcafa
Move strncpy() call from passsite matching to initial PassSite setup
6 years ago
Soner Tari
ddeb9831ed
Add PassSite option, if the site matches SNI or common names in the SSL certificate, the connection is passed through the proxy, issue #12
6 years ago
Soner Tari
89150fe4d6
Enable more ssl info in conn logs, especially common names in crts
6 years ago
Soner Tari
24972bda48
Rearrange debug log messages
6 years ago
Soner Tari
8c2fd3cc31
Replace recursion with while loop in child max fd computation and debug logging
6 years ago
Soner Tari
3c8d6e7e4e
Fix the location of the assertion checking NULL thr conns list, nice catch by this assert() call, that it is misplaced, so add further assertions
6 years ago
Soner Tari
0eaf475193
Update documentation with the new user info in SSLproxy line
6 years ago
Soner Tari
f9b850f63b
Add user info to SSLproxy header line, so listening programs know network users
...
Debug print conf file option
6 years ago
Soner Tari
a76ce0e2b4
Remove any SSLproxy line, parent or child
...
In case parent receives SSLproxy line from local network
6 years ago
Soner Tari
11d1b64c1c
Update version to 0.6.0
6 years ago
Soner Tari
9275315541
Add OpenFilesLimit option, use 50-10000, so user does not need to modify system-wide value now
6 years ago
Soner Tari
074e5d6400
Add LeafKeyRSABits option for user to change leaf key RSA keysize in bits, so it can be set to 1024|2048|3072|4096 now
6 years ago
Soner Tari
a51cc7de57
Update RSA key size comments
6 years ago
Soner Tari
ea532a9464
Update with sslsplit develop ssl ctx improvements
6 years ago
Soner Tari
bee1a82bfc
Improve error log messages and comments
6 years ago
Soner Tari
44b125f77e
Avoid malloc/free for vars of known sizes
6 years ago
Soner Tari
d0ad45e74d
Fix autossl userauth: srvdst should call userauth and redirect too
6 years ago
Soner Tari
040d00b546
Fix passthrough mode broken by the new pending ssl conns list: It is necessary to NULL the sslctx to prevent passthrough mode trying to access it (signal 11 crash)
...
Note that we cannot redirect failed ssl connections to login page while switching to passthrough mode
Remove now redundant pxy_fd_readcb() function
6 years ago
Soner Tari
98c1186cb8
Improve documentation, and simplify code
6 years ago
Soner Tari
ad38b68ad7
Fix a possible multithreading issue: Ignore event_add() failure and do not try to close the conn after adding it to pending ssl conns list
...
Debug print pending ssl conns list
Remove redundant asprintf() calls and vars
Rename fields and fix whitespace
6 years ago
Soner Tari
50740b9f77
Remove redundant ctx fields, rename vars, rearrange code, and improve documentation
6 years ago
Soner Tari
42eb887ebb
Do not modify conn thread fields without locking on thrmgr thread, so we only modify thr load and thr conn list, no tread stats, on thrmgr now
6 years ago
Soner Tari
072dbe2611
Fix privsep PRIVSEP_REQ_UPDATE_ATIME command: Do not request an fd from sys_recvmsgfd() and sys_sendmsgfd(), otherwise opens an stdin (fd 0), causing fd leak
...
Remove redundant logging call
6 years ago
Soner Tari
bf67b617c2
Keep track of ssl conns waiting for the first packet, and remove them if they time out
...
Otherwise if no packet arrives, hence readcb does not fire, that ssl conn is lost causing memory and fd leak
Accepting a connection does not mean that a packet will be received
Use better names
6 years ago
Soner Tari
dc788862a9
Reintroduce BEV_OPT_THREADSAFE flag, after a signal 10 crash involving buffer events
...
Rearrange and fix fd close locations and conn termination
6 years ago
Soner Tari
6f2cf92e51
Do not pass BEV_OPT_THREADSAFE flag to bufferevent new socket/filter functions anymore: Multithreading issues seems to be solved now
6 years ago
Soner Tari
e145ca6eed
Refactor add/remove conn/child code
...
Fix whitespace
6 years ago
Soner Tari
cc0b94c17f
Do not do anything with the conn ctx on the thrmgr thread after setting event callbacks and/or socket connect
...
Always lock conn thr while reading ctx fields, otherwise we may get wrong values
6 years ago