Soner Tari
6975175117
Defer e2 setup until after parent is connected, to prevent multithreading issues
...
Refactoring, improvements
2017-07-05 22:32:10 +03:00
Soner Tari
4d88906d24
Clean up and improve
2017-07-04 18:13:34 +03:00
Soner Tari
4f6b207e57
Improve conn termination: Close children asap if there is no parent, close parent asap if there is no child
2017-07-04 12:28:04 +03:00
Soner Tari
ad1f95e465
Remove conn mutexes: Use thrmgr mutex during attach/detatch only, do eveything in the same thread, do not touch the other threads
...
Flex, fix, and improve conn termination: Make it more similar to orig sslsplit code
Fix issues, and clean-up
2017-07-04 02:12:17 +03:00
Soner Tari
ecfaf24614
Add more child info to conns list, and clean-up
2017-07-02 17:47:26 +03:00
Soner Tari
5047df8cba
Fix some of the compiler warnings, rearrange, and clean-up
2017-07-01 23:17:45 +03:00
Soner Tari
be54db770f
Add comments, improvements, and clean-up
2017-07-01 18:08:28 +03:00
Soner Tari
0b0f6b21dc
Add uuid to all conn mctxs, otherwise we cannot uniquely identify them, causing trouble especially while deleting conns
...
Fix issues, clean-up
2017-07-01 00:29:39 +03:00
Soner Tari
833e1903e1
Dump conn info list
...
Remove conns using delete list of timed out conns
Fix issues, improvements
2017-06-30 00:38:37 +03:00
Soner Tari
c11ca7a195
Fix freeing of non-ssl buffer events and fds
2017-06-27 22:11:10 +03:00
Soner Tari
4a34c4792b
travis-cgi.org issue seems to be gone now
...
Rely less on parent ctx, and more on meta ctx
Rearrange, improve, and clean-up
2017-06-27 17:09:01 +03:00
Soner Tari
82b58c2dab
Fix multithreading
...
Clean-up
2017-06-25 14:21:32 +03:00
Soner Tari
9858928b73
Add debug levels, initial
2017-06-15 19:07:37 +03:00
Soner Tari
ab600c8215
Leave if getsockname() fails
2017-06-15 12:00:53 +03:00
Soner Tari
d71533f0b9
Remove SSL proxy specific header line from the packet on the egress exit
...
Insert our header line right after the first header line in the packet in case the packet is fragmented, otherwise Squid is confused when it cannot find our header line in the first packet
2017-06-13 12:42:10 +03:00
Soner Tari
ad63380b07
Fix e2 port specs, otherwise we get:
...
"Error from socket() fd2: Protocol not supported (43)
Error opening socket: Bad file descriptor (9)"
2017-06-11 14:47:51 +03:00
Soner Tari
85a96ec844
First working SSL version, surprisingly running so fine and stable for a first prototype that I think there is something wrong and it is just running in passthrough mode :), seriously this is just the beginning.
2017-06-10 21:50:03 +03:00
Soner Tari
d033ea68dd
Plain TCP version is running good enough, next will try to switch the SSL on
2017-05-29 12:22:23 +03:00
Daniel Roethlisberger
7677fe0655
SSLsplit 0.5.0 release
2016-03-27 15:46:35 +02:00
Daniel Roethlisberger
cf79be7b2b
Fix BSDmakefile for recent versions of BSD make
2016-03-27 15:36:13 +02:00
Daniel Roethlisberger
4c7b1419e4
Include netinet/in.h for INET6_ADDRSTRLEN
2016-03-27 15:35:37 +02:00
Daniel Roethlisberger
0dbb2aee8f
Add autossl to NEWS
2016-03-27 15:07:34 +02:00
Daniel Roethlisberger
c7bc4219da
Merge branch 'feature/autossl' into develop
...
Issue: #87
Contributed by: Richard Poole
2016-03-27 15:06:58 +02:00
Daniel Roethlisberger
b1cc2b30c1
Remove debug printf
2016-03-27 15:00:16 +02:00
Daniel Roethlisberger
2b02891206
Add paragraph on autossl to README
2016-03-27 14:44:11 +02:00
Daniel Roethlisberger
29f44c3d64
Add autossl spec parsing tests and improve docs
2016-03-27 14:38:06 +02:00
Daniel Roethlisberger
ca7f20e442
Fix connect log for autossl connections
2016-03-27 13:49:50 +02:00
Daniel Roethlisberger
e67978f4dd
Merge branch 'develop' into feature/autossl
2016-03-27 13:27:38 +02:00
Daniel Roethlisberger
3c20f473fa
Rename and improve autossl peeking function
2016-03-27 13:26:39 +02:00
Daniel Roethlisberger
9843ead5d7
Copy SNI hostname from OpenSSL if ctx->sni is NULL
2016-03-27 13:25:50 +02:00
Daniel Roethlisberger
2f834419eb
Handle inbound EOF before outbound CONNECTED
...
Fix segmentation fault upon receiving BEV_EVENT_EOF on the inbound
bufferevent while the outbound bufferevent has not received
BEV_EVENT_CONNECTED yet.
Issue: #124
Patch by: Eun Soo Park
2016-03-27 12:16:57 +02:00
Daniel Roethlisberger
1bd963caf2
Modernize fast cipher suites example and explanation
2016-03-25 23:56:43 +01:00
Daniel Roethlisberger
ac3e845fbe
Test dnsbase and evbase for !NULL before freeing
...
Fix segmentation fault upon exiting the main loop that was introduced
when evdns initialization was made optional, resulting in dnsbase
elements not always being initialized.
Introduced in: 0e2b748
2016-03-25 23:40:45 +01:00
Daniel Roethlisberger
c76b04025e
Update khash.h to latest version
2016-03-25 16:49:27 +01:00
Daniel Roethlisberger
3bda2715c7
Don't test NONNULL spec in first loop iteration
2016-03-25 16:44:05 +01:00
Daniel Roethlisberger
88c039b059
Don't test NONNULL arguments for NULL
2016-03-25 16:41:48 +01:00
Daniel Roethlisberger
76cb576ab9
Update NEWS
2016-03-25 16:33:42 +01:00
Daniel Roethlisberger
25b096450d
Modernize DHE and ECDHE support
...
Enable full strength DHE and ECDHE by default in order to allow modern
browsers to connect without weak crypto warnings.
Issue: #119
Reported by: @curioustwo
2016-03-25 16:28:30 +01:00
Daniel Roethlisberger
e632490888
Add exception handler to logger, exit on errors
...
Add exception handler mechanism to logger and use that to exit cleanly
when sslsplit fails to write to a log file or fails to open a log file.
Issue: #113
Reported by: Matthias Kadenbach
2016-03-25 15:56:42 +01:00
Daniel Roethlisberger
0b858431a2
Add warning if version string is bogus
2016-03-25 12:34:52 +01:00
Daniel Roethlisberger
0506024587
Update copyright notices to 2016
2016-03-25 12:19:23 +01:00
Daniel Roethlisberger
1c9aa249a9
Fix Travis build by disabling tests using IPv6
...
TravisCI has removed IPv6 support in 2016. To cope with this regression
in the testing infrastructure, disable all tests on Travis that depend
on the system being able to handle ::1 as an IP address. Normal unit
testing still uses the full test suite.
2016-03-25 12:00:35 +01:00
Daniel Roethlisberger
d404063eab
Attempt at fixing TravisCI ::1 resolution
2016-03-16 11:32:40 +01:00
Daniel Roethlisberger
b3b7a7ab17
Merge branch 'develop' into feature/autossl
2016-03-15 20:13:12 +01:00
Daniel Roethlisberger
43b697d875
Initialize proxy before daemonizing
...
Issue: #104
2016-03-15 19:57:14 +01:00
Daniel Roethlisberger
b3a3c36b70
Fix the SSL session timeout calculation
...
Issue: #115
Reported by: Eun Soo Park
2016-03-15 19:45:58 +01:00
Daniel Roethlisberger
73324dcd7b
Update NEWS.md
2016-03-15 19:27:46 +01:00
Daniel Roethlisberger
88973e1757
Add support for XNU 3247.1.106, 3247.10.11 and 3248.20.55
...
Add XNU headers for OS X 10.11, 10.11.1 and 10.11.2.
2016-03-15 18:59:46 +01:00
Daniel Roethlisberger
ba2f451f5e
Fix bev write handler for other->closed case
...
When other->closed is set, the bufferevent write handler accesses
other->bev even though it is invalid. Fix this access, and as added
layer of defense against future bugs, set ->bev to NULL whenever
invalidating it, except where the connection is torn down completely.
Reported by: Eun Soo Park
Introduced in: 2bcfaf4
17d753f
Issue: #109
2015-11-08 15:44:02 +01:00
Daniel Roethlisberger
17d753fc2d
Fix NULL pointer dereference in bev write handler
...
Only manipulate other->bev if it is not NULL to avoid a NULL pointer
dereference in the proxy bufferevent write handler when only one
direction is fully established, for example during connection shutdown.
Reported by: @david-holonet
Introduced in: 2bcfaf4
Issue: #109
2015-11-01 17:56:57 +01:00