Daniel Roethlisberger
3da7407f14
Use same hash algo in RSA sigs as orig cert uses
2014-12-13 03:18:13 +01:00
Daniel Roethlisberger
6ec6c56ded
Refactored -w/-W and improved docs
2014-12-13 02:36:45 +01:00
Daniel Roethlisberger
11f6742bff
Add convenience functions for printing SHA1 values
2014-12-12 23:50:55 +01:00
Daniel Roethlisberger
7f378251e8
Update documentation
2014-12-12 23:22:11 +01:00
Daniel Roethlisberger
160fd991e0
Merge branch 'genstore' of https://github.com/psychomario/sslsplit into feature/genstore
2014-12-12 23:17:29 +01:00
PsychoMario
3aff928daf
moved key output to main.c, caught some bugs
2014-12-12 17:28:06 +00:00
Daniel Roethlisberger
8422c6b478
Minor code cleanup of ssl_key_identifier_sha1()
2014-12-12 18:07:46 +01:00
PsychoMario
b34336ab4b
moved to develop branch
2014-12-12 17:03:06 +00:00
Daniel Roethlisberger
8b0b1d0226
Add ssl_key_identifier_sha1() utility function
...
Issue: #67
2014-12-12 17:38:34 +01:00
PsychoMario
a83cd68605
stored fpr as char* in ctx
2014-12-11 13:57:50 +00:00
PsychoMario
1736564b32
error handling
2014-12-09 23:26:00 +00:00
PsychoMario
5d7c52cde1
fix manpage
2014-12-09 21:43:49 +00:00
PsychoMario
4f310a877a
implemented -W to write original certs
2014-12-09 21:43:05 +00:00
PsychoMario
a7e2d99b39
added logging of fingerprints, uppercased names
2014-12-09 21:13:04 +00:00
PsychoMario
13dce0aa35
moved write to pxy_srccert_create, -X to -w, opts_free use
2014-12-09 20:02:25 +00:00
PsychoMario
73042d4daa
fix mutual exclusivity, sprintf->asprintf
2014-12-09 19:47:10 +00:00
PsychoMario
61d5186864
added exclusivity with -K, man page and -h
2014-12-09 19:40:07 +00:00
PsychoMario
cbb2a179f9
naive implementation with -X, no help, validation, logging
2014-12-09 19:08:11 +00:00
Daniel Roethlisberger
d6b11f61b7
Clarify needed permission to open /dev/pf et al for reading
...
Issue: #66
Reported by: Nikolay Khodov
2014-12-08 19:40:01 +01:00
Daniel Roethlisberger
39e9c898e5
Move default cipher suite spec to defaults.h
2014-11-30 22:29:40 +01:00
Daniel Roethlisberger
0a6ca2ac98
Update licensing information
2014-11-30 01:39:57 +01:00
Daniel Roethlisberger
521adb7275
Format file refs with backticks
2014-11-28 12:18:40 +01:00
Daniel Roethlisberger
e6dc9db6a4
Fix markdown links
2014-11-28 12:15:45 +01:00
Daniel Roethlisberger
f2ff2ec9f5
Link to Github author pages
2014-11-28 12:12:48 +01:00
Daniel Roethlisberger
b8ecbcd773
Split out AUTHORS.md and HACKING.md from README.md
2014-11-28 12:09:40 +01:00
Daniel Roethlisberger
b8213e756d
Merge branch 'feature/privsep' into develop
...
Conflicts:
NEWS.md
main.c
sslsplit.1
2014-11-28 11:08:05 +01:00
Daniel Roethlisberger
61cd0fb541
SSLsplit 0.4.10 release
2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
5ac565f5df
Note that -j impacts -S and -F
2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
008821cfca
Update NEWS.md
2014-11-28 10:15:09 +01:00
Daniel Roethlisberger
ab466aafb7
Allow -u root with pf proxyspecs on OS X
2014-11-28 10:03:29 +01:00
Daniel Roethlisberger
f076336e0b
Don't allow -u on Mac OS X with pf proxyspecs
...
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf). This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0. It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms? Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.
Issue: #65
Reported by: Vladimir Marteev
2014-11-28 00:13:42 +01:00
Daniel Roethlisberger
c4b22efa5a
Fix segmentation fault for aborted connections
2014-11-27 23:19:54 +01:00
Daniel Roethlisberger
9341f25e6d
Explicitly support Yosemite 10.10.1 with XNU 2782.1.97
2014-11-27 22:11:12 +01:00
Daniel Roethlisberger
47abb0030d
Update clean target for newer clang build artefacts
2014-11-27 22:09:03 +01:00
Daniel Roethlisberger
43c0f57eec
Update NEWS.md for feature/privsep
2014-11-25 23:55:15 +01:00
Daniel Roethlisberger
e69b13f2eb
SIGUSR1 re-opens -l/-L log files; add defaults.h
...
Issue: #52
2014-11-25 23:45:40 +01:00
Daniel Roethlisberger
16a1beb655
Fix version output on local procinfo availability
2014-11-25 23:38:37 +01:00
Daniel Roethlisberger
a9bd438756
Minor updates to manual page
2014-11-25 23:38:05 +01:00
Daniel Roethlisberger
12ff6e6ddf
Merge https://github.com/fix-macosx/sslsplit
...
Conflicts:
GNUmakefile
main.c
2014-11-25 00:24:58 +01:00
Daniel Roethlisberger
25e3145d1f
Add missing headers to fix build on FreeBSD 8.4
2014-11-25 00:10:51 +01:00
Daniel Roethlisberger
476967ccdc
Add SIGUSR1 to the signals forwarded by the parent
2014-11-24 23:32:37 +01:00
Daniel Roethlisberger
0e0a465f5d
Fix build on OpenBSD by adding missing includes
2014-11-24 22:49:02 +01:00
Daniel Roethlisberger
c01ace1261
Introduce privilege separation architecture
...
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets. Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations. This is also a
preparation for -l/-L logfile reopening through SIGUSR1.
This means that -S and -F are no longer relative to chroot() if used
with -j. This is a deliberate POLA violation.
2014-11-24 22:14:09 +01:00
Daniel Roethlisberger
b3f4d25619
Make log_fini() more robust
2014-11-24 21:34:08 +01:00
Daniel Roethlisberger
a027f87c1c
Check if -u and -m user and group exist immediately
2014-11-23 22:52:09 +01:00
Daniel Roethlisberger
db80d3460c
Remove spurious UNUSED attribute
2014-11-23 17:27:57 +01:00
Daniel Roethlisberger
a09f42a507
Handle EINTR in sys_sendmsgfd() and sys_recvmsgfd()
2014-11-23 15:49:03 +01:00
Daniel Roethlisberger
2d97659a6b
Check if args to -j and -S are directories
2014-11-23 15:46:37 +01:00
Daniel Roethlisberger
86397dac89
Break at 80 cols
2014-11-23 15:45:55 +01:00
Daniel Roethlisberger
762bd0cba1
Rename shortcut flag for clarity
2014-11-23 15:44:20 +01:00