Commit Graph

791 Commits

Author SHA1 Message Date
Daniel Roethlisberger
a592f7149c Improve error handling for no origcrt situations 2012-05-02 15:37:47 +02:00
Daniel Roethlisberger
605c1ab6e6 Improve error recovery under low memory conditions 2012-05-02 15:02:59 +02:00
Daniel Roethlisberger
2d1ad219b9 Change default cipher suite to "ALL:-aNULL" 2012-05-02 14:59:47 +02:00
Daniel Roethlisberger
1bd2872b20 DH group parameters are also loaded from -c 2012-05-02 13:46:18 +02:00
Daniel Roethlisberger
0e19243307 Reorder wildcard rules and improve error messages 2012-05-02 13:35:36 +02:00
Daniel Roethlisberger
43df203914 Handle empty strings correctly in URL routines 2012-05-01 02:01:31 +02:00
Daniel Roethlisberger
b6a0ff0c76 Free proxyspecs if they (unexpectedly) parse okay 2012-05-01 01:47:01 +02:00
Daniel Roethlisberger
ddbb945406 Rename unit test sources to fix language detection 2012-05-01 01:42:59 +02:00
Daniel Roethlisberger
90351cda7f Handle SSL_ERROR_SSL quietly when shutting down 2012-04-30 23:27:51 +02:00
Daniel Roethlisberger
5861d786f5 Update TODO 2012-04-30 23:27:41 +02:00
Daniel Roethlisberger
982ad89f2f Add generation of a password protected RSA key 2012-04-30 22:48:19 +02:00
Daniel Roethlisberger
e6c7b2e3ca Mention PKG_CONFIG_PATH 2012-04-23 01:03:38 +02:00
Daniel Roethlisberger
fa425e08d4 Fix PURIFY and warn when not seeding the RNG 2012-04-23 00:51:02 +02:00
Daniel Roethlisberger
439e8a8267 Use WUNRES and MALLOC attribs and fix sloppy code 2012-04-23 00:35:17 +02:00
Daniel Roethlisberger
64cf874925 Header self-sufficience cleanup round 2012-04-23 00:33:33 +02:00
Daniel Roethlisberger
7aca81a7b7 Improve CA cert/key config code and docs
Make -c and -k functional twins by also loading DH params in -c and by
fixing certificate loading in -k.  Improve the documentation for both
switches and simplify the SYNOPSIS in sslsplit(1).
2012-04-22 22:59:00 +02:00
Daniel Roethlisberger
c5335afc3b Handle empty strings correctly in Base64 routines 2012-04-22 22:30:32 +02:00
Daniel Roethlisberger
3fd9084fe1 Quickly decide on GET URIs obviously not OCSP 2012-04-22 21:55:19 +02:00
Daniel Roethlisberger
ee98c04b29 Add generic OCSP denial 2012-04-22 19:12:38 +02:00
Daniel Roethlisberger
bd86854be6 Add URL decoder 2012-04-22 18:39:15 +02:00
Daniel Roethlisberger
a224d1e7e8 Add facility to recognize OCSP requests 2012-04-22 18:02:58 +02:00
Daniel Roethlisberger
f354aecfd9 Add base64 encoder and decoder implementations 2012-04-22 17:59:49 +02:00
Daniel Roethlisberger
480dbca2bb Remove bogus test case numbers 2012-04-22 16:47:29 +02:00
Daniel Roethlisberger
9f40fbc473 Replace empty strings with dash when logging 2012-04-22 13:36:44 +02:00
Daniel Roethlisberger
07d591fccf Skip whitespace when parsing HTTP headers 2012-04-22 13:35:08 +02:00
Daniel Roethlisberger
f57062ccda Add __attribute__((pure)) 2012-04-22 13:25:57 +02:00
Daniel Roethlisberger
083b02d78d Minor reformatting 2012-04-22 12:43:23 +02:00
Daniel Roethlisberger
94b5e8ba7b Revert CDP syntax to be OpenSSL 0.9.x compatible 2012-04-18 00:05:15 +02:00
Daniel Roethlisberger
8474346ed9 Rebuild certs after config changes 2012-04-18 00:05:15 +02:00
Daniel Roethlisberger
8b520cf4de Redirect BSD make to GNU make 2012-04-18 00:02:14 +02:00
Daniel Roethlisberger
d4be8c3e38 Refactor ssl_x509_names_to_str() for maintainability 2012-04-17 23:35:43 +02:00
Daniel Roethlisberger
04c9112621 Add OCSP URL parsing 2012-04-17 23:03:59 +02:00
Daniel Roethlisberger
c75e0569b3 Fix ssl_x509_names() DNSName segfault 2012-04-17 22:59:15 +02:00
Daniel Roethlisberger
6a93c73164 Add test server cert with OCSP and CDP extensions 2012-04-17 22:44:06 +02:00
Daniel Roethlisberger
ae306f3b0b Fix ssl_x509_names() to NULL-terminate buffer 2012-04-17 21:55:47 +02:00
Daniel Roethlisberger
557537957f Use FORCE target to force rebuild of version.o 2012-04-13 22:55:48 +02:00
Daniel Roethlisberger
423c1b0a32 Move volatile build-time information into separate compilation unit 2012-04-13 22:40:36 +02:00
Daniel Roethlisberger
cf0f3e66aa Avoid using the non-portable echo -e 2012-04-13 22:22:57 +02:00
Daniel Roethlisberger
f76077c00f Undefine IPv6 compat defs to fix nat_version()
For Linux netfilter, IPV6_ORIGINAL_DST and SOL_IPV6 are defined to
SO_ORIGINAL_DST and SOL_IP respectively if they are not defined by the
system headers (they aren't defined on vanilla kernels).  Undefine these
compatibility definitions after use, in order not to mess up the
diagnostic output of nat_version().
2012-04-13 21:14:33 +02:00
Daniel Roethlisberger
419cb7d31f Add targets for manual page conversion 2012-04-13 15:25:07 +02:00
Daniel Roethlisberger
4cfdef405a Initial import of sslsplit-0.4.2 2012-04-13 14:47:30 +02:00