Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-06 09:20:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
211 Commits 2 Branches 27 Tags 3.1 MiB
601cdf5b52
Commit Graph

211 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Roethlisberger
601cdf5b52 Add SSL/TLS protocol selection debug code 2014-11-05 20:41:41 +01:00
Daniel Roethlisberger
6b0e47dc89 Allow more control over used SSL/TLS versions 
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
 2014-11-05 20:06:11 +01:00
Daniel Roethlisberger
53e3d593c8 Move build status into h1 2014-11-04 20:41:48 +01:00
Daniel Roethlisberger
67ed768fec Migrate documentation to markdown 
Issue:		#33
 2014-11-04 20:39:20 +01:00
Daniel Roethlisberger
50001e5458 Avoid apparently common misunderstandings 2014-11-04 20:03:33 +01:00
Daniel Roethlisberger
0648f84bfc Remove legacy TODO file; move to Github issues 2014-11-04 18:59:56 +01:00
Daniel Roethlisberger
fb2841f645 Zero allocated elements before initializing them 
For some error conditions, the error handler depends on
ctx->thr[idx]->dnsbase to be zeroed expicitly after allocation.
To prevent this type of error, zero all allocated memory even
though it will get written to in any case.
 2014-11-04 18:36:08 +01:00
Daniel Roethlisberger
508435d929 Use correct pointer type in sizeof() 2014-11-04 18:35:00 +01:00
Daniel Roethlisberger
8dbea83b21 Prevent malloc(0) when ssl_x509_names() returns no names 2014-11-04 18:33:00 +01:00
Daniel Roethlisberger
259d470498 Use -I instead of -isystem with clang-analyzer 2014-11-04 18:31:19 +01:00
Daniel Roethlisberger
d0665377ee Remove WGET_FLAGS from developer targets 2014-11-04 18:30:26 +01:00
Daniel Roethlisberger
a299d7e3f3 Add unit tests for ssl_x509_subject() and ssl_x509_subject_cn() 2014-11-03 23:01:19 +01:00
Daniel Roethlisberger
eca1ac9a5e Rewrite ssl_x509_subject_cn() error handling 2014-11-03 22:32:22 +01:00
Daniel Roethlisberger
c210641783 Don't add XNU includes to cppcheck invocation 2014-11-03 22:31:55 +01:00
Daniel Roethlisberger
76aab3b816 Fix X509_NAME_get_text_by_NID() error handling 2014-11-03 22:10:44 +01:00
Daniel Roethlisberger
5219d494f3 Protect session cache calls from sess == NULL 2014-11-03 22:10:01 +01:00
Daniel Roethlisberger
78a573121d Add some CPPFLAGS to cppcheck arguments 2014-11-03 22:08:07 +01:00
Daniel Roethlisberger
b9ab5a03e6 SSLsplit 0.4.9 release 2014-11-03 19:42:24 +01:00
Daniel Roethlisberger
fcb64e85e7 Make SSLv2 support opt-in instead of opt-out 
Migrate knobs from DISABLE_SSLV2_CLIENT and DISABLE_SSLV2_SERVER to
WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER and remove the
DISABLE_SSLV2_SESSION_CACHE knob entirely, automatically including the
respective code if SSLv2 support is compiled into SSLsplit.
 2014-11-03 19:39:13 +01:00
Daniel Roethlisberger
edf1dac8fa Improve manual page re protocols and scalability 
Issue:		#42
 2014-11-02 20:40:53 +01:00
Daniel Roethlisberger
769fbd042d Filter HSTS response headers to allow cert override 
Also remove HTTP Strict Transport Security (HSTS, RFC 6797) headers from
HTTP responses.  With HSTS active, the user is not allowed to accept
untrusted certificates.
 2014-11-02 20:25:17 +01:00
Daniel Roethlisberger
cc6cb59485 Rewrite Mac OS X support to use proper XNU headers 
Move from one set of headers per major OS X release to one set of
headers per XNU release.  Fetch the header files from Apple's official
Open Source site instead of GitHub in the fetchdeps developer target.
As a side effect, 10.6.x is now supported as well (untested), and proper
headers are used for 10.10.

Issue:		#39
 2014-10-30 22:01:55 +00:00
Daniel Roethlisberger
001615c53b Update khash.h to latest klib master 2014-10-28 23:59:17 +01:00
Daniel Roethlisberger
b1a7b11aea Don't depend on the space when parsing HTTP headers 2014-10-28 23:31:07 +01:00
Daniel Roethlisberger
d85e5ddbe2 Disable SSLv2 support by default 2014-10-28 23:24:37 +01:00
Daniel Roethlisberger
d6f2fa067d Update TODO and refer to github issues 2014-10-24 22:07:02 +02:00
Daniel Roethlisberger
0a225ae65c Update documentation after merging pull req #35 2014-10-23 13:28:14 +02:00
Daniel Roethlisberger
42efb4a980 Slightly improve user experience for new option -m 2014-10-23 13:23:57 +02:00
Daniel Roethlisberger
ee9d434cac Further improving OOM handling in early stages of main() 2014-10-23 13:14:06 +02:00
Daniel Roethlisberger
b1b8fe09b9 Merge pull request #35 from fix-macosx/specify-custom-gid 
Add support for specifying an explicit group when dropping privileges.
 2014-10-23 13:00:42 +02:00
Daniel Roethlisberger
bea022540f Handle strdup() failure in early stages of main() 
Issue:		#38
Reported by:	Markus Elfring
 2014-10-23 12:49:12 +02:00
Daniel Roethlisberger
b105473629 Check return values of pthread_mutex_init and friends 
Issue:		#38
Reported by:	Markus Elfring
 2014-10-23 12:27:12 +02:00
Daniel Roethlisberger
f575adadea Update documentation after merge of pull req #32 2014-10-21 15:55:56 +02:00
Daniel Roethlisberger
79c67ebed7 Merge pull request #32 from fix-macosx/macosx-yosemite 
Support Mac OS X 10.10 by using 10.9 headers
 2014-10-21 15:42:37 +02:00
Daniel Roethlisberger
ed99fc0260 Use NULL instead of '\0' to avoid type conversion 2014-10-21 15:16:09 +02:00
Daniel Roethlisberger
e64bf695dc Update documentation after merge of #34 2014-10-21 14:55:25 +02:00
Daniel Roethlisberger
2e418f1447 Merge pull request #34 from swills/master 
add DESTDIR, MANDIR to install target
 2014-10-21 14:44:11 +02:00
Steve Wills
b8c8cb73ed add DESTDIR, MANDIR to install target 
DESTDIR to allow installing in chroot
MANDIR to allow specifying different dir for man pages
 2014-10-18 17:32:22 +00:00
Landon Fuller
9d54677009 Add support for specifying an explicit group when dropping privileges. 
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
 2014-10-18 00:34:51 -06:00
Landon Fuller
8ef5011fcb Enable Mac OS X 10.10 feature detection 
This is pointed at the 10.9 pf headers for testing, as
the 10.10 kernel sources are unavailable.
 2014-10-17 19:45:28 -06:00
Landon Fuller
ecbc84438a Fix crash in strdup() when no default NAT engine is available. 2014-10-17 19:35:44 -06:00
Daniel Roethlisberger
85b177f6b0 Special device nodes may be needed for -j to work 2014-08-26 14:29:56 +02:00
Daniel Roethlisberger
47c409cbb5 Don't rely on OpenSSL to pull in string.h 
Obtained from:	OpenBSD port patches
 2014-06-21 19:20:34 +02:00
Daniel Roethlisberger
3226d9bfcf No longer chroot() by default when run as root 
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.

Issue:		#21
 2014-01-30 23:34:37 +01:00
Daniel Roethlisberger
db0fa32b07 Load -t certificates before dropping privileges 
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges.  This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys.  This bug was
introduced in 0675219 as a spurious part of fixing #5.

Issue:		#20, #19
Reported by:	Miroslav Stampar
 2014-01-30 22:39:39 +01:00
Daniel Roethlisberger
ac98c2d9cc Fix segmentation fault when using -t without a CA 
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
 2014-01-30 22:21:08 +01:00
Daniel Roethlisberger
4bd9dd1fa7 Fix glob to be compatible with /bin/dash 2014-01-29 21:25:19 +01:00
Daniel Roethlisberger
53a948cd18 Improve dependency tracking for targets/ certs 2014-01-29 21:20:16 +01:00
Daniel Roethlisberger
349cd1f6ec Add targets to .PHONY 2014-01-29 21:14:39 +01:00
Daniel Roethlisberger
f669fbbca7 Add unit test for sys_dir_eachfile() 
Issue:		#19
Reported by:	Miroslav Stampar
 2014-01-29 20:18:54 +01:00