Soner Tari
fdcf138150
Put option dbg logs in between DEBUG_OPTS macro
...
Assume ownership of further code
Clean up
2019-07-23 12:55:06 +03:00
Soner Tari
e1aac3a69d
Fix main_check_opts
2019-07-13 11:33:26 +03:00
Soner Tari
58eb907d69
Separate global and proxyspec opts
2019-07-12 14:40:04 +03:00
Soner Tari
d6f0f4cdc7
Create proxyspec options
2019-07-08 21:49:06 +03:00
Soner Tari
f9b850f63b
Add user info to SSLproxy header line, so listening programs know network users
...
Debug print conf file option
2019-03-28 14:16:59 +03:00
Soner Tari
074e5d6400
Add LeafKeyRSABits option for user to change leaf key RSA keysize in bits, so it can be set to 1024|2048|3072|4096 now
2019-03-27 03:07:36 +03:00
Soner Tari
dcaaa49f90
Improve documentation and use better names
2019-03-15 15:39:15 +03:00
Soner Tari
7b11eb15fa
Update copyright year to 2019
2019-03-13 14:42:40 +03:00
Soner Tari
76a599d464
Put the getdtablecount() solution back in, otherwise sometimes, although rarely, we get "Error 24 on listener: Too many open files" nonstop, it's better to be safe(r)
2019-03-11 02:41:16 +03:00
Soner Tari
1f451aa04d
Change user db table name to users, change mac column name to ether
...
Clean up
2019-03-02 03:44:14 +03:00
Soner Tari
c37bcc6de1
Add UserDBPath and UserTimeout options
2019-03-02 02:52:48 +03:00
Soner Tari
cde3fbca3f
Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD
...
Get ethernet address and compare with the one in userdb, on each conn setup
Create user_auth options
Rename and clean-up
2019-03-01 02:08:24 +03:00
Soner Tari
70a22f4515
Do not break the event loop if out of fds, instead properly check all retvals of libevent functions
...
So remove getdtable*() solution
2018-11-30 02:49:37 +03:00
Soner Tari
52d37297b6
Update with sslsplit develop changes, especially content logging
...
Change SIGHUP to behave like SIGUSR1
2018-11-03 18:23:31 +03:00
Soner Tari
d2e9ab4487
Merge sslsplit-develop changes
2018-09-15 02:51:26 +03:00
Soner Tari
0c8348db75
Merge sslsplit develop changes
2018-08-03 23:36:51 +03:00
Soner Tari
e8054deed3
Set option defaults in opts_new() now
...
Use bit instead of int for boolean options
2018-08-03 17:14:21 +03:00
Soner Tari
5e2724c38b
Update version to 0.5.6
...
Improve man pages and help message
2018-05-13 00:49:21 +03:00
Soner Tari
442425177c
Fix proxyspec definition and examples in usage message
2018-05-09 22:05:03 +03:00
Soner Tari
27650fab69
Support all command line options in the conf file as well
...
Update with the latest sslsplit-devel changes
2018-05-09 20:05:29 +03:00
Soner Tari
027b6e3a95
Update with sslsplit develop changes
2018-03-26 18:14:54 +03:00
Soner Tari
42348cbe41
Add Ciphers option to conf file
2018-02-28 02:16:18 +03:00
Soner Tari
9d435e180c
Update with SSLsplit 0.5.2 and develop branch changes as of 270218
2018-02-27 22:20:58 +03:00
Soner Tari
4c8831bd90
Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues
...
Add VerifyPeer and AllowWrongHost options
2018-01-18 03:18:53 +03:00
Soner Tari
392c6be48c
Add SSLproxy copyright to -v output
2017-10-26 21:41:30 +03:00
Soner Tari
a1c5d05143
Add support for log priority to error logs, so syslogd prints the correct prio for error logs now
2017-10-15 01:39:30 +03:00
Soner Tari
179aa4fc8f
Close the conn if we are out of file descriptors, or libevent will crash us
2017-09-04 13:05:51 +03:00
Soner Tari
4bf27d09e5
Add RemoveHTTPReferer option, Referer causes redirection errors with some sites
2017-09-03 23:11:20 +03:00
Soner Tari
d52ee62079
Add RemoveHTTPAcceptEncoding option
2017-08-24 13:30:23 +03:00
Soner Tari
0b5ef8b14d
Mark critical errors as CRITICAL
2017-08-21 17:53:24 +03:00
Soner Tari
7748e3ec1b
Add conf file support, with -f command line option, supports a subset of all possible options
2017-08-16 16:01:52 +03:00
Soner Tari
1a6eab50a5
Tidy and clean logs up
...
Add DEBUG_PROXY directive around all log_dbg_level_printf() and related lines
Log stats to syslog, similar to error logs, so that it is simpler to rotate and parse
-O w/o -g is failing bufferevent_socket_connect for parent dst, so either enable -O w/ -g, or disable -O w/o -g (-O2 is failing too)
Refactoring
2017-08-13 04:36:33 +03:00
Soner Tari
ea6dc07248
Rename to sslproxy
...
Reduce http headers to just one SSLproxy line
2017-08-11 15:01:51 +03:00
Soner Tari
1ae732f533
There are 3 dst bevs, writecbs of all of them may fire before connected event, so call eventcb first when that happens for each dst bevs.
...
Check if srv_dst bev is NULL or not: Since both eventcb and writecb for srv_dst are enabled, either eventcb or writecb may get a NULL srv_dst bev, causing a crash with signal 10.
Remove unnecessary evutil_closesocket() calls, they could close the fds twice, causing conn stalls
2017-08-01 14:57:49 +03:00
Soner Tari
67ddee1585
Import sslsplit-devel changes
...
Add stats logs, initial
Add SSLproxy_SrcAddr header field
Clean-up
2017-07-25 16:07:39 +03:00
Soner Tari
5047df8cba
Fix some of the compiler warnings, rearrange, and clean-up
2017-07-01 23:17:45 +03:00
Soner Tari
9858928b73
Add debug levels, initial
2017-06-15 19:07:37 +03:00
Soner Tari
d033ea68dd
Plain TCP version is running good enough, next will try to switch the SSL on
2017-05-29 12:22:23 +03:00
Daniel Roethlisberger
29f44c3d64
Add autossl spec parsing tests and improve docs
2016-03-27 14:38:06 +02:00
Daniel Roethlisberger
25b096450d
Modernize DHE and ECDHE support
...
Enable full strength DHE and ECDHE by default in order to allow modern
browsers to connect without weak crypto warnings.
Issue: #119
Reported by: @curioustwo
2016-03-25 16:28:30 +01:00
Daniel Roethlisberger
e632490888
Add exception handler to logger, exit on errors
...
Add exception handler mechanism to logger and use that to exit cleanly
when sslsplit fails to write to a log file or fails to open a log file.
Issue: #113
Reported by: Matthias Kadenbach
2016-03-25 15:56:42 +01:00
Daniel Roethlisberger
0b858431a2
Add warning if version string is bogus
2016-03-25 12:34:52 +01:00
Daniel Roethlisberger
0506024587
Update copyright notices to 2016
2016-03-25 12:19:23 +01:00
Daniel Roethlisberger
43b697d875
Initialize proxy before daemonizing
...
Issue: #104
2016-03-15 19:57:14 +01:00
Daniel Roethlisberger
95d4a9bc35
Explicitly initialize OpenSSL with SSL proxy specs
...
Make sure we always initialize OpenSSL explicitly, even if there are no
certificates or keys loaded or generated. Previously, OpenSSL would
only have been initialized if the configuration actually uses
certificates or keys, which is not always the case, e.g. with -t
pointing to an empty directory.
Issue: #92
Reported by: xelalexv
2015-04-30 16:58:35 +02:00
Daniel Roethlisberger
77109df8d2
Improve docs on autogenerated 1024 bit RSA leaf key
...
Issue: #83
2015-03-24 20:33:38 +01:00
Daniel Roethlisberger
80b727054b
Refactor proxyspec printing into proxyspec_str()
2015-03-15 22:55:34 +01:00
Daniel Roethlisberger
ce002378b8
Use more intuitive letters for new format specs
...
%D for Destination host, %p for the (more interesting) destination port,
%S for Source host, %q for the (less interesting) source port.
2015-03-15 18:39:36 +01:00
Daniel Roethlisberger
e17108f9b7
Merge branch 'master' of https://github.com/AdamJacobMuller/sslsplit into issue/74
2015-03-15 18:28:10 +01:00
Daniel Roethlisberger
914360eb5e
Separate host and port into separate strings
...
Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner. This includes the following user-visible changes:
- Generated filenames that contain host and port, such as by -S and
-F %d and %s, now use a host,port format instead of [host]:port.
- Connect log now uses separate fields for host and port.
Issue: #69 #74
Reported by: Adam Jacob Muller
2015-03-15 17:23:46 +01:00