Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
318 Commits
2 Branches
26 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '73042d4daa'
${ noResults }
Commit Graph

52 Commits (73042d4daa1f13b51312281dc230aea2676c4a1d)

Author SHA1 Message Date
PsychoMario 73042d4daa fix mutual exclusivity, sprintf->asprintf 10 years ago
PsychoMario 61d5186864 added exclusivity with -K, man page and -h 10 years ago
PsychoMario cbb2a179f9 naive implementation with -X, no help, validation, logging 10 years ago
Daniel Roethlisberger 5ac565f5df Note that -j impacts -S and -F 10 years ago
Daniel Roethlisberger ab466aafb7 Allow -u root with pf proxyspecs on OS X 10 years ago
Daniel Roethlisberger f076336e0b Don't allow -u on Mac OS X with pf proxyspecs 
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
 10 years ago
Daniel Roethlisberger 16a1beb655 Fix version output on local procinfo availability 10 years ago
Daniel Roethlisberger 5fd1d7de9c Rename flags for clarity 10 years ago
Daniel Roethlisberger fcd008df4b Unify asprintf error handling 10 years ago
Daniel Roethlisberger 544b93a9ab Add procinfo status to -V 10 years ago
Daniel Roethlisberger 150650c7e9 Make local procinfo run-time optional (-i) and use src host:port 10 years ago
Daniel Roethlisberger 0d07aeff7e Don't automatically drop to nobody if logspec is used 10 years ago
Daniel Roethlisberger 38314ea16d Formatting changes 10 years ago
Landon Fuller 7ce301a60f
Fix incorrect format specifiers used in the -F usage example. 10 years ago
Landon Fuller 02c6e6e605
Adopt the new oom_die() usage. 10 years ago
Landon Fuller a4c518c8a0
Merge remote-tracking branch 'origin/fix-macosx' into logspec_path_support 10 years ago
Daniel Roethlisberger 206c688219 Refactor SSL/TLS debug code 10 years ago
Daniel Roethlisberger 601cdf5b52 Add SSL/TLS protocol selection debug code 10 years ago
Daniel Roethlisberger 6b0e47dc89 Allow more control over used SSL/TLS versions 
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
 10 years ago
Daniel Roethlisberger cc6cb59485 Rewrite Mac OS X support to use proper XNU headers 
Move from one set of headers per major OS X release to one set of
headers per XNU release.  Fetch the header files from Apple's official
Open Source site instead of GitHub in the fetchdeps developer target.
As a side effect, 10.6.x is now supported as well (untested), and proper
headers are used for 10.10.

Issue:		#39
 10 years ago
Daniel Roethlisberger 42efb4a980 Slightly improve user experience for new option -m 10 years ago
Daniel Roethlisberger ee9d434cac Further improving OOM handling in early stages of main() 10 years ago
Daniel Roethlisberger b1b8fe09b9 Merge pull request #35 from fix-macosx/specify-custom-gid 
Add support for specifying an explicit group when dropping privileges.
 10 years ago
Daniel Roethlisberger bea022540f Handle strdup() failure in early stages of main() 
Issue:		#38
Reported by:	Markus Elfring
 10 years ago
Landon Fuller e6aa76b844 Implement automatic creation of parent directories. 10 years ago
Landon Fuller 06c61c16ed Add support for specifying log paths as a specialized format string. 
Format string handling is fully implemented, with the exception of
support for automatically creating missing directories.
 10 years ago
Landon Fuller 9d54677009 Add support for specifying an explicit group when dropping privileges. 
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
 10 years ago
Landon Fuller ecbc84438a Fix crash in strdup() when no default NAT engine is available. 10 years ago
Daniel Roethlisberger 3226d9bfcf No longer chroot() by default when run as root 
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.

Issue:		#21
 11 years ago
Daniel Roethlisberger db0fa32b07 Load -t certificates before dropping privileges 
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges.  This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys.  This bug was
introduced in 0675219 as a spurious part of fixing #5.

Issue:		#20, #19
Reported by:	Miroslav Stampar
 11 years ago
Daniel Roethlisberger 13ed7f8425 Slightly improve error logging on log init failure 
Issue:		#13
Reported by:	vinies
 11 years ago
Daniel Roethlisberger ca923ee7f1 Update copyright notices to 2014 11 years ago
Daniel Roethlisberger ac9a2613e0 Only generate RSA leaf key if CA key present 
Issue:          #9
Reported by:    ceear
 11 years ago
Daniel Roethlisberger c972501063 Update copyright notices 12 years ago
Daniel Roethlisberger 711448759c Bind to ports before dropping privileges 
This fixes a regression which caused bind() to ports < 1024 to fail with
the default settings of dropping privileges to nobody.

Issue:          #8
Reported by:    Ian Grispan
 12 years ago
Daniel Roethlisberger 005ebd1b95 Fix syslog for more error cases 
Also fix issue #6 for target certificate loading error cases.
 12 years ago
Daniel Roethlisberger bb15224d11 Flush error queue prior to exiting 
Reorganize the cleanup code after detaching from the TTY in order to be
able to flush the error queue before calling exit().  Addresses issue #6
 12 years ago
Daniel Roethlisberger 7713f82b62 Move more log writes after log initialization 12 years ago
Daniel Roethlisberger 1995dc4b89 Reinitialize SSL mutexes after fork 
See issue #5.
 12 years ago
Daniel Roethlisberger 067521924a Cleanup tgcrt loading to protect mutexes from fork 
See issue #5.
 12 years ago
Daniel Roethlisberger 3d15f14239 Fix lost error message 12 years ago
Daniel Roethlisberger bb9c353ecb Initialize proxy after detaching from TTY 
Fixes issue #5.
 12 years ago
Daniel Roethlisberger 0073cbdc47 Make cache initialization fork()-safe 
POSIX threads require mutexes to be reinitialized after fork().  Not
doing so will break daemon mode, depending on pthread implementation.
See issue #5.
 12 years ago
Daniel Roethlisberger b27175f910 Reorder initialization in main() 12 years ago
Daniel Roethlisberger 8eb5165760 Optimize debug branching using __builtin_expect() 12 years ago
Daniel Roethlisberger 38d22415af Generic EC loading, new default curve 'secp160r2' 13 years ago
Daniel Roethlisberger 2d1ad219b9 Change default cipher suite to "ALL:-aNULL" 13 years ago
Daniel Roethlisberger 439e8a8267 Use WUNRES and MALLOC attribs and fix sloppy code 13 years ago
Daniel Roethlisberger 7aca81a7b7 Improve CA cert/key config code and docs 
Make -c and -k functional twins by also loading DH params in -c and by
fixing certificate loading in -k.  Improve the documentation for both
switches and simplify the SYNOPSIS in sslsplit(1).
 13 years ago
Daniel Roethlisberger ee98c04b29 Add generic OCSP denial 13 years ago