Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-04 12:00:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
468 Commits 2 Branches 27 Tags 3.1 MiB
85a96ec844
Commit Graph

468 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Roethlisberger
692dccfeae Merge branch 'clarify-linux-REDIRECT' of https://github.com/fd0/sslsplit into issue/76 2015-02-24 20:43:02 +01:00
Daniel Roethlisberger
20ea783cf7 Add XNU header selection fallback 
If the proper headers matching either the reported XNU version or OS X
version exactly cannot be found, use the latest headers that SSLsplit
knows about.  This fixes build on new releases of OS X that have no
source code published by Apple yet.
 2015-02-24 19:24:12 +01:00
Daniel Roethlisberger
91da4674e5 Update copyright, license and tagline 
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
 2015-02-24 19:19:20 +01:00
Alexander Neumann
925209ef4f Add hints for using Linux iptables REDIRECT target 2015-02-22 17:47:41 +01:00
Adam Jacob Muller
9267cf9bb4 add support for: 
%f - dest address
%h - dest port
%t - source address
%v - source port

format specifiers to pathspec
 2015-02-08 20:20:02 -05:00
Daniel Roethlisberger
bb071336e0 Escape # in shell invocation 
This fixes the following make error on Mac OS X versions that we don't
explicitly support yet due to missing sources:

    GNUmakefile:55: *** unterminated call to function `shell': missing `)'.
    Stop.

Reported by:	Justin Garrick
 2015-01-17 18:24:58 +01:00
Daniel Roethlisberger
c9aa840214 Quote dollar signs in shell invocation 
Reported by:	Justin Garrick
 2015-01-14 22:45:59 +01:00
Daniel Roethlisberger
b8d8af7b29 Document the limitations of passthrough mode (-P) 2015-01-04 14:21:49 +01:00
Daniel Roethlisberger
4f0a019d5a Mention TravisCI and be explicit about branching 2014-12-14 15:16:53 +01:00
Daniel Roethlisberger
f16783cee2 Move cert writer to logger thread using privsep 
Make -w and -W work in conjunction with dropping privileges and
chrooting by moving the cert writer code to a separate logger thread and
using the privsep framework to open the files if they do not exist
already.

Issue:		#70
 2014-12-13 23:52:17 +01:00
Daniel Roethlisberger
3662eeae50 Update documentation 2014-12-13 03:23:32 +01:00
Daniel Roethlisberger
27cf6c90e7 Merge branch 'feature/genstore' into develop 2014-12-13 03:20:38 +01:00
Daniel Roethlisberger
3da7407f14 Use same hash algo in RSA sigs as orig cert uses 2014-12-13 03:18:13 +01:00
Daniel Roethlisberger
6ec6c56ded Refactored -w/-W and improved docs 2014-12-13 02:36:45 +01:00
Daniel Roethlisberger
11f6742bff Add convenience functions for printing SHA1 values 2014-12-12 23:50:55 +01:00
Daniel Roethlisberger
7f378251e8 Update documentation 2014-12-12 23:22:11 +01:00
Daniel Roethlisberger
160fd991e0 Merge branch 'genstore' of https://github.com/psychomario/sslsplit into feature/genstore 2014-12-12 23:17:29 +01:00
PsychoMario
3aff928daf moved key output to main.c, caught some bugs 2014-12-12 17:28:06 +00:00
Daniel Roethlisberger
8422c6b478 Minor code cleanup of ssl_key_identifier_sha1() 2014-12-12 18:07:46 +01:00
PsychoMario
b34336ab4b moved to develop branch 2014-12-12 17:03:06 +00:00
Daniel Roethlisberger
8b0b1d0226 Add ssl_key_identifier_sha1() utility function 
Issue:		#67
 2014-12-12 17:38:34 +01:00
PsychoMario
a83cd68605 stored fpr as char* in ctx 2014-12-11 13:57:50 +00:00
PsychoMario
1736564b32 error handling 2014-12-09 23:26:00 +00:00
PsychoMario
5d7c52cde1 fix manpage 2014-12-09 21:43:49 +00:00
PsychoMario
4f310a877a implemented -W to write original certs 2014-12-09 21:43:05 +00:00
PsychoMario
a7e2d99b39 added logging of fingerprints, uppercased names 2014-12-09 21:13:04 +00:00
PsychoMario
13dce0aa35 moved write to pxy_srccert_create, -X to -w, opts_free use 2014-12-09 20:02:25 +00:00
PsychoMario
73042d4daa fix mutual exclusivity, sprintf->asprintf 2014-12-09 19:47:10 +00:00
PsychoMario
61d5186864 added exclusivity with -K, man page and -h 2014-12-09 19:40:07 +00:00
PsychoMario
cbb2a179f9 naive implementation with -X, no help, validation, logging 2014-12-09 19:08:11 +00:00
Daniel Roethlisberger
d6b11f61b7 Clarify needed permission to open /dev/pf et al for reading 
Issue:		#66
Reported by:	Nikolay Khodov
 2014-12-08 19:40:01 +01:00
Daniel Roethlisberger
39e9c898e5 Move default cipher suite spec to defaults.h 2014-11-30 22:29:40 +01:00
Daniel Roethlisberger
0a6ca2ac98 Update licensing information 2014-11-30 01:39:57 +01:00
Daniel Roethlisberger
521adb7275 Format file refs with backticks 2014-11-28 12:18:40 +01:00
Daniel Roethlisberger
e6dc9db6a4 Fix markdown links 2014-11-28 12:15:45 +01:00
Daniel Roethlisberger
f2ff2ec9f5 Link to Github author pages 2014-11-28 12:12:48 +01:00
Daniel Roethlisberger
b8ecbcd773 Split out AUTHORS.md and HACKING.md from README.md 2014-11-28 12:09:40 +01:00
Daniel Roethlisberger
b8213e756d Merge branch 'feature/privsep' into develop 
Conflicts:
	NEWS.md
	main.c
	sslsplit.1
 2014-11-28 11:08:05 +01:00
Daniel Roethlisberger
61cd0fb541 SSLsplit 0.4.10 release 2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
5ac565f5df Note that -j impacts -S and -F 2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
008821cfca Update NEWS.md 2014-11-28 10:15:09 +01:00
Daniel Roethlisberger
ab466aafb7 Allow -u root with pf proxyspecs on OS X 2014-11-28 10:03:29 +01:00
Daniel Roethlisberger
f076336e0b Don't allow -u on Mac OS X with pf proxyspecs 
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
 2014-11-28 00:13:42 +01:00
Daniel Roethlisberger
c4b22efa5a Fix segmentation fault for aborted connections 2014-11-27 23:19:54 +01:00
Daniel Roethlisberger
9341f25e6d Explicitly support Yosemite 10.10.1 with XNU 2782.1.97 2014-11-27 22:11:12 +01:00
Daniel Roethlisberger
47abb0030d Update clean target for newer clang build artefacts 2014-11-27 22:09:03 +01:00
Daniel Roethlisberger
43c0f57eec Update NEWS.md for feature/privsep 2014-11-25 23:55:15 +01:00
Daniel Roethlisberger
e69b13f2eb SIGUSR1 re-opens -l/-L log files; add defaults.h 
Issue:		#52
 2014-11-25 23:45:40 +01:00
Daniel Roethlisberger
16a1beb655 Fix version output on local procinfo availability 2014-11-25 23:38:37 +01:00
Daniel Roethlisberger
a9bd438756 Minor updates to manual page 2014-11-25 23:38:05 +01:00