Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,035 Commits
2 Branches
26 Tags
3.1 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '79bacaeff3'
${ noResults }
Commit Graph

1035 Commits (79bacaeff3818b5d4a1123e49d508bf2e67a4fd9)
 

Author SHA1 Message Date
Soner Tari 0bfe5584e4 Simplify logs printed by *_main and *_main_va macros 
Since the *_main and *_main_va macros always pass 0 as fd, and the other
macros fd > 0, we can simplify the main macros.
 4 years ago
Soner Tari 05654e3bee Avoid possible crashes caused by passing NULL pointers to str*() functions 5 years ago
Soner Tari a1f24e26d0 Clean up 5 years ago
Soner Tari fd3aa5a394 Update lp with sslproxy changes, fix dst events 
Enable dst r/w events before socket connect.
Improve verbose debug logs using common header fields to better identify
connections.
Create function macros for fine* debug logs.
 5 years ago
Soner Tari 554fd3bd3a Improve code reuse, reduce code, clean up whitespace 5 years ago
Soner Tari ea57aebf15 Fix mailto 5 years ago
Soner Tari 20eb2533d1 Fix autossl crash upon protocol error, need fuzzing tests 
This happens if there was no autossl handshake prior to ClientHello,
e.g. no STARTTLS message. This is perhaps due to the SSL handshake of a
direct SSL connection, i.e. invalid protocol.
We should not crash upon protocol errors, hence the need for fuzzing
tests.
 5 years ago
Soner Tari efa2b48b94 Disable autossl passthrough 
Autossl passthrough crashes with signal 10.
 5 years ago
Soner Tari 2b702495b0 Remove comixwall.org 5 years ago
Soner Tari 5c2ac6d1bf Remove writecb for srvdst except for passthrough, remove srvdst_connected and dst_connected flags, clean up autossl 
We don't do anything in srvdst writecb except for passhtrough mode.
We handle srvdst and dst connect tasks in connectcb for them by
arranging connect events correctly, so we don't need any extra flags.
Correct connect ordering helps us remove code checking if bev exists.
There were a lot of unnecessary code in autossl. Tcp and ssl code are
decoupled now.
 5 years ago
Soner Tari a24ac850b4 Fix readcb and writecb before connected 
Do not enable srvdst readcb until connected
Enable read and write callbacks only after connected
 5 years ago
Soner Tari 64c0078ecb Update comments about writecb before connected 5 years ago
Soner Tari a0d74baa43 Update copyright year to 2020 5 years ago
Soner Tari a34c953ef0 Validate the response from the smtp server to protect the client 
Because we directly relay the packets from the server to the client
until we receive the first packet from the client, at which time we xfer
srvdst to the first child conn and effectively disable this readcb,
hence start diverting packets to the listening program.
Improve documentation.
 5 years ago
Soner Tari 1445a5cdf8 Fix smtp proto 
We enable readcb for srvdst to relay the 220 smtp greeting from the
server to the client, otherwise the conn stalls.
Related with issue #18 too.
 5 years ago
Soner Tari 1a0d46587b Check libevent version before calling bufferevent_openssl_set_allow_dirty_shutdown() 5 years ago
Soner Tari c3c228d8ce Remove ssl_shutdown_retry_delay and SSLShutdownRetryDelay, not used anymore 5 years ago
Soner Tari 10573a1b7c Copy BSDmakefile to subfolders 
So we can individually make clean them
 5 years ago
Soner Tari 9ad477e0a7 Fix misc issues with autossl 
And various improvements
 5 years ago
Soner Tari a0e475b473 Fix SSL shutdown, which fixes conn stall issue with autossl 
Otherwise, we cannot properly shutdown the src conn end of an autossl
conn, and when the next conn uses the same fd of that src, the callback
functions (e.g. the writecb) do not fire, which effectively stalls the
conn. This fixes a longtime issue with autossl support.
So remove pxysslshut.c/h files, not used anymore
 5 years ago
Soner Tari 50cfe4d789 Fix sslproxy_header_len if port len is 4, i.e. port <= 9999 
Otherwise, if we assume that the port is always 5 chars, we leave a NULL
char between the sslproxy header and CRLF, which confuses
pxy_insert_sslproxy_header() and pxy_try_remove_sslproxy_header(), and
we cannot remove the sslproxy header.
 5 years ago
Soner Tari b848df0b0b Use __func__ not __PRETTY_FUNCTION__ as __FUNCTION__ definition 
Because __PRETTY_FUNCTION__ prints a detailed function signature on
OpenBSD
 5 years ago
Soner Tari 3af16b3228 Improve verbose debug logs using common header fields to better identify connections 
Create function macros for fine* debug logs
Fix a few memory leaks when DEBUG_PROXY enabled
Add main.mk to MKFS list
Put a few function params within DEBUG_PROXY directives
Check retval of a snprintf() call
Fix segfault with -w/-W options if no ssl proxyspec specified, also fixed in sslsplit develop: https://github.com/droe/sslsplit/issues/271
Various clean-up
 5 years ago
Soner Tari 4503203c1b Remove MEDIUM ciphers 
Cipher assertions become useless if we set ciphers to MEDIUM:HIGH, too
many ciphers would be possible
 5 years ago
Soner Tari c2e93dbbc0 Remove NO_TLS10 test case 
The problem with LibreSSL 2.7.4 was not that it didn't support tls10,
but that MEDIUM and HIGH cipher definitions were different from the
openssl version of testproxy, hence tests were failing due to no shared
ciphers
 5 years ago
Soner Tari f1c2e9e881 Detect tls protos using output of sslproxy -V 
But this is not going to work, because LibreSSL 2.7.4 says it supports
tls10, but SSL handshake fails if testproxy e2e tests for tls10 are
enabled.
 5 years ago
Soner Tari 1a9651877f Clean up 5 years ago
Soner Tari 73724bd673 Fix assertions for tls10 tests, TLSv1.0 == SSLv3 5 years ago
Soner Tari d42ba28729 Remove tls12 tests for older versions of openssl 
Clean up
 5 years ago
Soner Tari 4176ee482e Move NO_TLS vars to before_script in travis config 5 years ago
Soner Tari 3afb2b820f Fix NO_TLS vars 5 years ago
Soner Tari 9ac5a93823 Fix testproxy e2e tests for older versions of openssl and libressl 
OpenSSL 0.9.8zh and 1.0.0s do not support TLSv11.
LibreSSL 2.2.7 uses other cipher names too.
LibreSSL 2.7.4 (since 2.3.0) does not support TLSv10.
 5 years ago
Soner Tari 9ff63a1639 Disable travis testproxy tests on osx 
SSL tests fail with "SSL stream connect HandshakeError: the handshake
was interrupted" and "SSL stream error: the handshake failed: Connection
reset by peer (os error 54)"
 5 years ago
Soner Tari ceebacf240 Try fix ssl handshake error 5 years ago
Soner Tari d4aca98834 Enable debug logs for testproxy 5 years ago
Soner Tari fc1bb39de3 Fix xnu paths for osx 5 years ago
Soner Tari 19bf7fe0a5 Try travis osx vm only 5 years ago
Soner Tari 519d797459 Fix osx build, no need for nat_used() 5 years ago
Soner Tari 5f14ff2ca6 Enable all travis vms again 5 years ago
Soner Tari f44db210bb Fix openssl urls 5 years ago
Soner Tari e2fc1086cf Try fix sudo env 5 years ago
Soner Tari eb2b91f96b Enable all travis vms and add testproxy e2e tests 5 years ago
Soner Tari fb500d9a33 Clean up lp make file 5 years ago
Soner Tari 50c1c9477d Try with first travis machine, remove openssl from lp, revert trials 5 years ago
Soner Tari 60924687ed Close ocsp denied conn 
Wait until ocsp denied msg is sent and then close the conn in a new http
src w cb
 5 years ago
Soner Tari 61f3c86eab Fix e2e test for deny OCSP request 
It is not certain if the server should receive the ocsp request of the
client or not, it depends on libevent and various conditions at that
moment
 5 years ago
Soner Tari 8a1db3d469 Fix export 5 years ago
Soner Tari b1edd7e049 Export LD_LIBRARY_PATH before running lp 5 years ago
Soner Tari fcd71387d0 Use libevent 2.1.11 for testproxy e2e tests 5 years ago
Soner Tari d1374e70bb Set testproxy log level to 4 5 years ago