SSLproxy

Commit Graph

Author	SHA1	Message	Date
Landon Fuller	9d54677009	Add support for specifying an explicit group when dropping privileges. This simplifies my use of pf(4) when using group-based rules to exclude splitssl from redirection.	10 years ago
Landon Fuller	ecbc84438a	Fix crash in strdup() when no default NAT engine is available.	10 years ago
Daniel Roethlisberger	3226d9bfcf	No longer chroot() by default when run as root No longer implicitly use -j /var/empty by default and document clearly the implications of using -j with -S and/or sni proxyspecs. Issue: #21	11 years ago
Daniel Roethlisberger	db0fa32b07	Load -t certificates before dropping privileges Load the certificates from the directory given by -t into the certificate cache after preinit, but before dropping privileges. This fixes a number of issues, such as -t directory not being found after chroot()ing to a different root, -t directory inaccessible due to changing user with -u, and when using encrypted keys. This bug was introduced in `0675219` as a spurious part of fixing #5. Issue: #20, #19 Reported by: Miroslav Stampar	11 years ago
Daniel Roethlisberger	13ed7f8425	Slightly improve error logging on log init failure Issue: #13 Reported by: vinies	11 years ago
Daniel Roethlisberger	ca923ee7f1	Update copyright notices to 2014	11 years ago
Daniel Roethlisberger	ac9a2613e0	Only generate RSA leaf key if CA key present Issue: #9 Reported by: ceear	11 years ago
Daniel Roethlisberger	c972501063	Update copyright notices	12 years ago
Daniel Roethlisberger	711448759c	Bind to ports before dropping privileges This fixes a regression which caused bind() to ports < 1024 to fail with the default settings of dropping privileges to nobody. Issue: #8 Reported by: Ian Grispan	12 years ago
Daniel Roethlisberger	005ebd1b95	Fix syslog for more error cases Also fix issue #6 for target certificate loading error cases.	12 years ago
Daniel Roethlisberger	bb15224d11	Flush error queue prior to exiting Reorganize the cleanup code after detaching from the TTY in order to be able to flush the error queue before calling exit(). Addresses issue #6	12 years ago
Daniel Roethlisberger	7713f82b62	Move more log writes after log initialization	12 years ago
Daniel Roethlisberger	1995dc4b89	Reinitialize SSL mutexes after fork See issue #5.	12 years ago
Daniel Roethlisberger	067521924a	Cleanup tgcrt loading to protect mutexes from fork See issue #5.	12 years ago
Daniel Roethlisberger	3d15f14239	Fix lost error message	12 years ago
Daniel Roethlisberger	bb9c353ecb	Initialize proxy after detaching from TTY Fixes issue #5.	12 years ago
Daniel Roethlisberger	0073cbdc47	Make cache initialization fork()-safe POSIX threads require mutexes to be reinitialized after fork(). Not doing so will break daemon mode, depending on pthread implementation. See issue #5.	12 years ago
Daniel Roethlisberger	b27175f910	Reorder initialization in main()	12 years ago
Daniel Roethlisberger	8eb5165760	Optimize debug branching using __builtin_expect()	12 years ago
Daniel Roethlisberger	38d22415af	Generic EC loading, new default curve 'secp160r2'	13 years ago
Daniel Roethlisberger	2d1ad219b9	Change default cipher suite to "ALL:-aNULL"	13 years ago
Daniel Roethlisberger	439e8a8267	Use WUNRES and MALLOC attribs and fix sloppy code	13 years ago
Daniel Roethlisberger	7aca81a7b7	Improve CA cert/key config code and docs Make -c and -k functional twins by also loading DH params in -c and by fixing certificate loading in -k. Improve the documentation for both switches and simplify the SYNOPSIS in sslsplit(1).	13 years ago
Daniel Roethlisberger	ee98c04b29	Add generic OCSP denial	13 years ago
Daniel Roethlisberger	423c1b0a32	Move volatile build-time information into separate compilation unit	13 years ago
Daniel Roethlisberger	4cfdef405a	Initial import of sslsplit-0.4.2	13 years ago

26 Commits (8350b1deb0c214b745e16044cf85326b7cfed937)