Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-02 15:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
254 Commits 2 Branches 27 Tags 3.1 MiB
81241139c7
Commit Graph

254 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Roethlisberger
001615c53b Update khash.h to latest klib master 2014-10-28 23:59:17 +01:00
Daniel Roethlisberger
b1a7b11aea Don't depend on the space when parsing HTTP headers 2014-10-28 23:31:07 +01:00
Daniel Roethlisberger
d85e5ddbe2 Disable SSLv2 support by default 2014-10-28 23:24:37 +01:00
Daniel Roethlisberger
d6f2fa067d Update TODO and refer to github issues 2014-10-24 22:07:02 +02:00
Daniel Roethlisberger
0a225ae65c Update documentation after merging pull req #35 2014-10-23 13:28:14 +02:00
Daniel Roethlisberger
42efb4a980 Slightly improve user experience for new option -m 2014-10-23 13:23:57 +02:00
Daniel Roethlisberger
ee9d434cac Further improving OOM handling in early stages of main() 2014-10-23 13:14:06 +02:00
Daniel Roethlisberger
b1b8fe09b9 Merge pull request #35 from fix-macosx/specify-custom-gid 
Add support for specifying an explicit group when dropping privileges.
 2014-10-23 13:00:42 +02:00
Daniel Roethlisberger
bea022540f Handle strdup() failure in early stages of main() 
Issue:		#38
Reported by:	Markus Elfring
 2014-10-23 12:49:12 +02:00
Daniel Roethlisberger
b105473629 Check return values of pthread_mutex_init and friends 
Issue:		#38
Reported by:	Markus Elfring
 2014-10-23 12:27:12 +02:00
Daniel Roethlisberger
f575adadea Update documentation after merge of pull req #32 2014-10-21 15:55:56 +02:00
Daniel Roethlisberger
79c67ebed7 Merge pull request #32 from fix-macosx/macosx-yosemite 
Support Mac OS X 10.10 by using 10.9 headers
 2014-10-21 15:42:37 +02:00
Daniel Roethlisberger
ed99fc0260 Use NULL instead of '\0' to avoid type conversion 2014-10-21 15:16:09 +02:00
Daniel Roethlisberger
e64bf695dc Update documentation after merge of #34 2014-10-21 14:55:25 +02:00
Daniel Roethlisberger
2e418f1447 Merge pull request #34 from swills/master 
add DESTDIR, MANDIR to install target
 2014-10-21 14:44:11 +02:00
Landon Fuller
93ab726671 Merge branch 'macosx-process-info' into fix-macosx 2014-10-18 20:43:56 -06:00
Landon Fuller
f36b06f8c1 Fix stupid bug caused by leaving the path string as non-NULL terminated on initialization. 
This failed visibly when the allocated buffer did not already
lead with \0.
 2014-10-18 20:41:43 -06:00
Landon Fuller
7c0c39cb2c Merge branch 'macosx-process-info' into fix-macosx 2014-10-18 17:11:29 -06:00
Landon Fuller
e6aa76b844 Implement automatic creation of parent directories. 2014-10-18 17:02:53 -06:00
Landon Fuller
06c61c16ed Add support for specifying log paths as a specialized format string. 
Format string handling is fully implemented, with the exception of
support for automatically creating missing directories.
 2014-10-18 16:40:22 -06:00
Landon Fuller
8350b1deb0 Plumb user/group/path information through the logging API. 2014-10-18 14:35:49 -06:00
Landon Fuller
5ed49c4985 Implement user and group name lookup. 2014-10-18 14:16:50 -06:00
Landon Fuller
52d979e29d Add a standard API for fetching process name, uid, and gid. 2014-10-18 13:46:44 -06:00
Landon Fuller
9204418c80 Thread pid lookup support through the NAT API. 
This exposes the pid lookup code as a standard attribute
of NAT lookup -- if a matching process cannot be found,
or if pid lookup isn't supported by the NAT backend,
a pid of -1 is returned.

This also adds the local_pid to the pxyconn context; this
will be used to populate log strings.
 2014-10-18 13:16:02 -06:00
Steve Wills
b8c8cb73ed add DESTDIR, MANDIR to install target 
DESTDIR to allow installing in chroot
MANDIR to allow specifying different dir for man pages
 2014-10-18 17:32:22 +00:00
Landon Fuller
bcc74385ab Log the full process path, rather than the MAXCOMLEN-max process name. 2014-10-18 02:34:46 -06:00
Landon Fuller
55e8da7653 Wire up lookup of the local process/socket originating the proxied connection. 
This uses Mac OS X's libproc to find the first process that owns
a matching socket. Currently, the results are simply logged;
the next step will be exposing this generically via
the NAT engine lookup API.
 2014-10-18 02:23:25 -06:00
Landon Fuller
cb6ffeaa9d Merge branch 'fix-macosx' into macosx-process-info 2014-10-18 00:40:29 -06:00
Landon Fuller
c412425ce1 Merge branch 'specify-custom-gid' into fix-macosx 2014-10-18 00:38:50 -06:00
Landon Fuller
a8687e0737 Merge branch 'macosx-yosemite' into fix-macosx 2014-10-18 00:38:38 -06:00
Landon Fuller
9d54677009 Add support for specifying an explicit group when dropping privileges. 
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
 2014-10-18 00:34:51 -06:00
Landon Fuller
7a5147cddf Add libproc to the build configuration. 2014-10-18 00:09:26 -06:00
Landon Fuller
8ef5011fcb Enable Mac OS X 10.10 feature detection 
This is pointed at the 10.9 pf headers for testing, as
the 10.10 kernel sources are unavailable.
 2014-10-17 19:45:28 -06:00
Landon Fuller
ecbc84438a Fix crash in strdup() when no default NAT engine is available. 2014-10-17 19:35:44 -06:00
Daniel Roethlisberger
85b177f6b0 Special device nodes may be needed for -j to work 2014-08-26 14:29:56 +02:00
Daniel Roethlisberger
47c409cbb5 Don't rely on OpenSSL to pull in string.h 
Obtained from:	OpenBSD port patches
 2014-06-21 19:20:34 +02:00
Daniel Roethlisberger
3226d9bfcf No longer chroot() by default when run as root 
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.

Issue:		#21
 2014-01-30 23:34:37 +01:00
Daniel Roethlisberger
db0fa32b07 Load -t certificates before dropping privileges 
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges.  This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys.  This bug was
introduced in 0675219 as a spurious part of fixing #5.

Issue:		#20, #19
Reported by:	Miroslav Stampar
 2014-01-30 22:39:39 +01:00
Daniel Roethlisberger
ac98c2d9cc Fix segmentation fault when using -t without a CA 
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
 2014-01-30 22:21:08 +01:00
Daniel Roethlisberger
4bd9dd1fa7 Fix glob to be compatible with /bin/dash 2014-01-29 21:25:19 +01:00
Daniel Roethlisberger
53a948cd18 Improve dependency tracking for targets/ certs 2014-01-29 21:20:16 +01:00
Daniel Roethlisberger
349cd1f6ec Add targets to .PHONY 2014-01-29 21:14:39 +01:00
Daniel Roethlisberger
f669fbbca7 Add unit test for sys_dir_eachfile() 
Issue:		#19
Reported by:	Miroslav Stampar
 2014-01-29 20:18:54 +01:00
Daniel Roethlisberger
658bbfa6fe SSLsplit master 2014-01-29 20:16:34 +01:00
Daniel Roethlisberger
c4ac9c60bc SSLsplit 0.4.8 release 2014-01-15 19:07:07 +01:00
Daniel Roethlisberger
9d5641c0e0 Update NEWS 2014-01-15 19:01:33 +01:00
Daniel Roethlisberger
f348c1a372 Add libevent2 test for the weirdness that is issue #17 2014-01-15 18:56:58 +01:00
Daniel Roethlisberger
9338200705 Detect when libevent cannot parse resolv.conf 
Issue:		#17
Reported by:	Florian Schaefer
 2014-01-15 10:33:43 +01:00
Daniel Roethlisberger
a80cbf73f4 Add some error-case debug messages to pxy_thrmgr_run() 2014-01-15 01:04:02 +01:00
Daniel Roethlisberger
fe558af0a3 Remove duplicates from FEATURES 2014-01-14 23:44:23 +01:00