Daniel Roethlisberger
ed99fc0260
Use NULL instead of '\0' to avoid type conversion
2014-10-21 15:16:09 +02:00
Daniel Roethlisberger
e64bf695dc
Update documentation after merge of #34
2014-10-21 14:55:25 +02:00
Daniel Roethlisberger
2e418f1447
Merge pull request #34 from swills/master
...
add DESTDIR, MANDIR to install target
2014-10-21 14:44:11 +02:00
Landon Fuller
93ab726671
Merge branch 'macosx-process-info' into fix-macosx
2014-10-18 20:43:56 -06:00
Landon Fuller
f36b06f8c1
Fix stupid bug caused by leaving the path string as non-NULL terminated on initialization.
...
This failed visibly when the allocated buffer did not already
lead with \0.
2014-10-18 20:41:43 -06:00
Landon Fuller
7c0c39cb2c
Merge branch 'macosx-process-info' into fix-macosx
2014-10-18 17:11:29 -06:00
Landon Fuller
e6aa76b844
Implement automatic creation of parent directories.
2014-10-18 17:02:53 -06:00
Landon Fuller
06c61c16ed
Add support for specifying log paths as a specialized format string.
...
Format string handling is fully implemented, with the exception of
support for automatically creating missing directories.
2014-10-18 16:40:22 -06:00
Landon Fuller
8350b1deb0
Plumb user/group/path information through the logging API.
2014-10-18 14:35:49 -06:00
Landon Fuller
5ed49c4985
Implement user and group name lookup.
2014-10-18 14:16:50 -06:00
Landon Fuller
52d979e29d
Add a standard API for fetching process name, uid, and gid.
2014-10-18 13:46:44 -06:00
Landon Fuller
9204418c80
Thread pid lookup support through the NAT API.
...
This exposes the pid lookup code as a standard attribute
of NAT lookup -- if a matching process cannot be found,
or if pid lookup isn't supported by the NAT backend,
a pid of -1 is returned.
This also adds the local_pid to the pxyconn context; this
will be used to populate log strings.
2014-10-18 13:16:02 -06:00
Steve Wills
b8c8cb73ed
add DESTDIR, MANDIR to install target
...
DESTDIR to allow installing in chroot
MANDIR to allow specifying different dir for man pages
2014-10-18 17:32:22 +00:00
Landon Fuller
bcc74385ab
Log the full process path, rather than the MAXCOMLEN-max process name.
2014-10-18 02:34:46 -06:00
Landon Fuller
55e8da7653
Wire up lookup of the local process/socket originating the proxied connection.
...
This uses Mac OS X's libproc to find the first process that owns
a matching socket. Currently, the results are simply logged;
the next step will be exposing this generically via
the NAT engine lookup API.
2014-10-18 02:23:25 -06:00
Landon Fuller
cb6ffeaa9d
Merge branch 'fix-macosx' into macosx-process-info
2014-10-18 00:40:29 -06:00
Landon Fuller
c412425ce1
Merge branch 'specify-custom-gid' into fix-macosx
2014-10-18 00:38:50 -06:00
Landon Fuller
a8687e0737
Merge branch 'macosx-yosemite' into fix-macosx
2014-10-18 00:38:38 -06:00
Landon Fuller
9d54677009
Add support for specifying an explicit group when dropping privileges.
...
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
2014-10-18 00:34:51 -06:00
Landon Fuller
7a5147cddf
Add libproc to the build configuration.
2014-10-18 00:09:26 -06:00
Landon Fuller
8ef5011fcb
Enable Mac OS X 10.10 feature detection
...
This is pointed at the 10.9 pf headers for testing, as
the 10.10 kernel sources are unavailable.
2014-10-17 19:45:28 -06:00
Landon Fuller
ecbc84438a
Fix crash in strdup() when no default NAT engine is available.
2014-10-17 19:35:44 -06:00
Daniel Roethlisberger
85b177f6b0
Special device nodes may be needed for -j to work
2014-08-26 14:29:56 +02:00
Daniel Roethlisberger
47c409cbb5
Don't rely on OpenSSL to pull in string.h
...
Obtained from: OpenBSD port patches
2014-06-21 19:20:34 +02:00
Daniel Roethlisberger
3226d9bfcf
No longer chroot() by default when run as root
...
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.
Issue: #21
2014-01-30 23:34:37 +01:00
Daniel Roethlisberger
db0fa32b07
Load -t certificates before dropping privileges
...
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges. This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys. This bug was
introduced in 0675219
as a spurious part of fixing #5 .
Issue: #20 , #19
Reported by: Miroslav Stampar
2014-01-30 22:39:39 +01:00
Daniel Roethlisberger
ac98c2d9cc
Fix segmentation fault when using -t without a CA
...
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
2014-01-30 22:21:08 +01:00
Daniel Roethlisberger
4bd9dd1fa7
Fix glob to be compatible with /bin/dash
2014-01-29 21:25:19 +01:00
Daniel Roethlisberger
53a948cd18
Improve dependency tracking for targets/ certs
2014-01-29 21:20:16 +01:00
Daniel Roethlisberger
349cd1f6ec
Add targets to .PHONY
2014-01-29 21:14:39 +01:00
Daniel Roethlisberger
f669fbbca7
Add unit test for sys_dir_eachfile()
...
Issue: #19
Reported by: Miroslav Stampar
2014-01-29 20:18:54 +01:00
Daniel Roethlisberger
658bbfa6fe
SSLsplit master
2014-01-29 20:16:34 +01:00
Daniel Roethlisberger
c4ac9c60bc
SSLsplit 0.4.8 release
2014-01-15 19:07:07 +01:00
Daniel Roethlisberger
9d5641c0e0
Update NEWS
2014-01-15 19:01:33 +01:00
Daniel Roethlisberger
f348c1a372
Add libevent2 test for the weirdness that is issue #17
2014-01-15 18:56:58 +01:00
Daniel Roethlisberger
9338200705
Detect when libevent cannot parse resolv.conf
...
Issue: #17
Reported by: Florian Schaefer
2014-01-15 10:33:43 +01:00
Daniel Roethlisberger
a80cbf73f4
Add some error-case debug messages to pxy_thrmgr_run()
2014-01-15 01:04:02 +01:00
Daniel Roethlisberger
fe558af0a3
Remove duplicates from FEATURES
2014-01-14 23:44:23 +01:00
Daniel Roethlisberger
e1d8a2a965
Lint fix: define some variables in smaller scope
2014-01-14 17:37:57 +01:00
Daniel Roethlisberger
cd358e245a
Make session.pem generation more portable
2014-01-14 17:37:17 +01:00
Daniel Roethlisberger
716139b169
Suppress SPDY/QUIC by removing Alternate-Protocol headers
2014-01-14 17:35:56 +01:00
Daniel Roethlisberger
6b99bde4fb
Only use -pthread on non-Darwin systems
2014-01-14 17:29:32 +01:00
Daniel Roethlisberger
ba991dcdf8
Minor overhaul of the Mac OS X hacks
2014-01-14 17:28:59 +01:00
Daniel Roethlisberger
24e57d2a12
Add .gitattributes and cleanup .gitignore
...
Exclude development-only files from the distribution tarball.
2014-01-14 17:14:23 +01:00
Daniel Roethlisberger
23d7b7fe8d
Update README for the APSL components
2014-01-14 01:23:09 +01:00
Daniel Roethlisberger
d4d249fb87
Update NEWS
2014-01-14 00:46:52 +01:00
Daniel Roethlisberger
a5660fa3c9
Update NEWS
2014-01-14 00:29:45 +01:00
Daniel Roethlisberger
2235e1aad9
Fix memory leak in fake cert generation code
...
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally. Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
2014-01-13 23:56:59 +01:00
Daniel Roethlisberger
05410fe9b3
Enable SSL_MODE_RELEASE_BUFFERS by default
2014-01-13 23:33:31 +01:00
Daniel Roethlisberger
202b1270e3
Create session.pem without Internet connectivity
...
Use openssl s_server in order to create a temporary SSL server for
creating an SSL session dump for the unit tests to work with. This
removes the requirement of having Internet connectivity for running the
test suite, which prevented package builds from running the unit tests.
2014-01-11 21:49:05 +01:00