Commit Graph

556 Commits

Author SHA1 Message Date
Daniel Roethlisberger
3da7407f14 Use same hash algo in RSA sigs as orig cert uses 2014-12-13 03:18:13 +01:00
Daniel Roethlisberger
6ec6c56ded Refactored -w/-W and improved docs 2014-12-13 02:36:45 +01:00
Daniel Roethlisberger
11f6742bff Add convenience functions for printing SHA1 values 2014-12-12 23:50:55 +01:00
Daniel Roethlisberger
7f378251e8 Update documentation 2014-12-12 23:22:11 +01:00
Daniel Roethlisberger
160fd991e0 Merge branch 'genstore' of https://github.com/psychomario/sslsplit into feature/genstore 2014-12-12 23:17:29 +01:00
PsychoMario
3aff928daf moved key output to main.c, caught some bugs 2014-12-12 17:28:06 +00:00
Daniel Roethlisberger
8422c6b478 Minor code cleanup of ssl_key_identifier_sha1() 2014-12-12 18:07:46 +01:00
PsychoMario
b34336ab4b moved to develop branch 2014-12-12 17:03:06 +00:00
Daniel Roethlisberger
8b0b1d0226 Add ssl_key_identifier_sha1() utility function
Issue:		#67
2014-12-12 17:38:34 +01:00
PsychoMario
a83cd68605 stored fpr as char* in ctx 2014-12-11 13:57:50 +00:00
PsychoMario
1736564b32 error handling 2014-12-09 23:26:00 +00:00
PsychoMario
5d7c52cde1 fix manpage 2014-12-09 21:43:49 +00:00
PsychoMario
4f310a877a implemented -W to write original certs 2014-12-09 21:43:05 +00:00
PsychoMario
a7e2d99b39 added logging of fingerprints, uppercased names 2014-12-09 21:13:04 +00:00
PsychoMario
13dce0aa35 moved write to pxy_srccert_create, -X to -w, opts_free use 2014-12-09 20:02:25 +00:00
PsychoMario
73042d4daa fix mutual exclusivity, sprintf->asprintf 2014-12-09 19:47:10 +00:00
PsychoMario
61d5186864 added exclusivity with -K, man page and -h 2014-12-09 19:40:07 +00:00
PsychoMario
cbb2a179f9 naive implementation with -X, no help, validation, logging 2014-12-09 19:08:11 +00:00
Daniel Roethlisberger
d6b11f61b7 Clarify needed permission to open /dev/pf et al for reading
Issue:		#66
Reported by:	Nikolay Khodov
2014-12-08 19:40:01 +01:00
Daniel Roethlisberger
39e9c898e5 Move default cipher suite spec to defaults.h 2014-11-30 22:29:40 +01:00
Daniel Roethlisberger
0a6ca2ac98 Update licensing information 2014-11-30 01:39:57 +01:00
Daniel Roethlisberger
521adb7275 Format file refs with backticks 2014-11-28 12:18:40 +01:00
Daniel Roethlisberger
e6dc9db6a4 Fix markdown links 2014-11-28 12:15:45 +01:00
Daniel Roethlisberger
f2ff2ec9f5 Link to Github author pages 2014-11-28 12:12:48 +01:00
Daniel Roethlisberger
b8ecbcd773 Split out AUTHORS.md and HACKING.md from README.md 2014-11-28 12:09:40 +01:00
Daniel Roethlisberger
b8213e756d Merge branch 'feature/privsep' into develop
Conflicts:
	NEWS.md
	main.c
	sslsplit.1
2014-11-28 11:08:05 +01:00
Daniel Roethlisberger
61cd0fb541 SSLsplit 0.4.10 release 2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
5ac565f5df Note that -j impacts -S and -F 2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
008821cfca Update NEWS.md 2014-11-28 10:15:09 +01:00
Daniel Roethlisberger
ab466aafb7 Allow -u root with pf proxyspecs on OS X 2014-11-28 10:03:29 +01:00
Daniel Roethlisberger
f076336e0b Don't allow -u on Mac OS X with pf proxyspecs
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
2014-11-28 00:13:42 +01:00
Daniel Roethlisberger
c4b22efa5a Fix segmentation fault for aborted connections 2014-11-27 23:19:54 +01:00
Daniel Roethlisberger
9341f25e6d Explicitly support Yosemite 10.10.1 with XNU 2782.1.97 2014-11-27 22:11:12 +01:00
Daniel Roethlisberger
47abb0030d Update clean target for newer clang build artefacts 2014-11-27 22:09:03 +01:00
Daniel Roethlisberger
43c0f57eec Update NEWS.md for feature/privsep 2014-11-25 23:55:15 +01:00
Daniel Roethlisberger
e69b13f2eb SIGUSR1 re-opens -l/-L log files; add defaults.h
Issue:		#52
2014-11-25 23:45:40 +01:00
Daniel Roethlisberger
16a1beb655 Fix version output on local procinfo availability 2014-11-25 23:38:37 +01:00
Daniel Roethlisberger
a9bd438756 Minor updates to manual page 2014-11-25 23:38:05 +01:00
Daniel Roethlisberger
12ff6e6ddf Merge https://github.com/fix-macosx/sslsplit
Conflicts:
	GNUmakefile
	main.c
2014-11-25 00:24:58 +01:00
Daniel Roethlisberger
25e3145d1f Add missing headers to fix build on FreeBSD 8.4 2014-11-25 00:10:51 +01:00
Daniel Roethlisberger
476967ccdc Add SIGUSR1 to the signals forwarded by the parent 2014-11-24 23:32:37 +01:00
Daniel Roethlisberger
0e0a465f5d Fix build on OpenBSD by adding missing includes 2014-11-24 22:49:02 +01:00
Daniel Roethlisberger
c01ace1261 Introduce privilege separation architecture
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets.  Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations.  This is also a
preparation for -l/-L logfile reopening through SIGUSR1.

This means that -S and -F are no longer relative to chroot() if used
with -j.  This is a deliberate POLA violation.
2014-11-24 22:14:09 +01:00
Daniel Roethlisberger
b3f4d25619 Make log_fini() more robust 2014-11-24 21:34:08 +01:00
Daniel Roethlisberger
a027f87c1c Check if -u and -m user and group exist immediately 2014-11-23 22:52:09 +01:00
Daniel Roethlisberger
db80d3460c Remove spurious UNUSED attribute 2014-11-23 17:27:57 +01:00
Daniel Roethlisberger
a09f42a507 Handle EINTR in sys_sendmsgfd() and sys_recvmsgfd() 2014-11-23 15:49:03 +01:00
Daniel Roethlisberger
2d97659a6b Check if args to -j and -S are directories 2014-11-23 15:46:37 +01:00
Daniel Roethlisberger
86397dac89 Break at 80 cols 2014-11-23 15:45:55 +01:00
Daniel Roethlisberger
762bd0cba1 Rename shortcut flag for clarity 2014-11-23 15:44:20 +01:00