This exposes the pid lookup code as a standard attribute
of NAT lookup -- if a matching process cannot be found,
or if pid lookup isn't supported by the NAT backend,
a pid of -1 is returned.
This also adds the local_pid to the pxyconn context; this
will be used to populate log strings.
This uses Mac OS X's libproc to find the first process that owns
a matching socket. Currently, the results are simply logged;
the next step will be exposing this generically via
the NAT engine lookup API.
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges. This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys. This bug was
introduced in 0675219 as a spurious part of fixing #5.
Issue: #20, #19
Reported by: Miroslav Stampar
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally. Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
Use openssl s_server in order to create a temporary SSL server for
creating an SSL session dump for the unit tests to work with. This
removes the requirement of having Internet connectivity for running the
test suite, which prevented package builds from running the unit tests.
When using passthrough mode, if a connection to a server fails with an
SSL error, sslsplit falls back to plain TCP passthrough. When
reconnecting with plain TCP, the SSL context was freed, but the file
descriptor was never closed. The fix remedies that by calling the
proper cleanup function for the dst bev before reconnecting.
Reported by: Peter Haag
