SSLproxy

Commit Graph

Author	SHA1	Message	Date
Soner Tari	9858928b73	Add debug levels, initial	7 years ago
Soner Tari	d033ea68dd	Plain TCP version is running good enough, next will try to switch the SSL on	7 years ago
Daniel Roethlisberger	29f44c3d64	Add autossl spec parsing tests and improve docs	8 years ago
Daniel Roethlisberger	25b096450d	Modernize DHE and ECDHE support Enable full strength DHE and ECDHE by default in order to allow modern browsers to connect without weak crypto warnings. Issue: #119 Reported by: @curioustwo	8 years ago
Daniel Roethlisberger	e632490888	Add exception handler to logger, exit on errors Add exception handler mechanism to logger and use that to exit cleanly when sslsplit fails to write to a log file or fails to open a log file. Issue: #113 Reported by: Matthias Kadenbach	8 years ago
Daniel Roethlisberger	0b858431a2	Add warning if version string is bogus	8 years ago
Daniel Roethlisberger	0506024587	Update copyright notices to 2016	8 years ago
Daniel Roethlisberger	43b697d875	Initialize proxy before daemonizing Issue: #104	8 years ago
Daniel Roethlisberger	95d4a9bc35	Explicitly initialize OpenSSL with SSL proxy specs Make sure we always initialize OpenSSL explicitly, even if there are no certificates or keys loaded or generated. Previously, OpenSSL would only have been initialized if the configuration actually uses certificates or keys, which is not always the case, e.g. with -t pointing to an empty directory. Issue: #92 Reported by: xelalexv	9 years ago
Daniel Roethlisberger	77109df8d2	Improve docs on autogenerated 1024 bit RSA leaf key Issue: #83	9 years ago
Daniel Roethlisberger	80b727054b	Refactor proxyspec printing into proxyspec_str()	9 years ago
Daniel Roethlisberger	ce002378b8	Use more intuitive letters for new format specs %D for Destination host, %p for the (more interesting) destination port, %S for Source host, %q for the (less interesting) source port.	9 years ago
Daniel Roethlisberger	e17108f9b7	Merge branch 'master' of https://github.com/AdamJacobMuller/sslsplit into issue/74	9 years ago
Daniel Roethlisberger	914360eb5e	Separate host and port into separate strings Store host and port in separate strings internally and get rid of the [host]:port representation where separate host and port would be cleaner. This includes the following user-visible changes: - Generated filenames that contain host and port, such as by -S and -F %d and %s, now use a host,port format instead of [host]:port. - Connect log now uses separate fields for host and port. Issue: #69 #74 Reported by: Adam Jacob Muller	9 years ago
Daniel Roethlisberger	91da4674e5	Update copyright, license and tagline - Update copyright to 2015 - Remove the non-standard "unmodified" from the 2-clause BSD license - Remove scalable from the tagline to avoid misinterpretations	10 years ago
Adam Jacob Muller	9267cf9bb4	add support for: %f - dest address %h - dest port %t - source address %v - source port format specifiers to pathspec	10 years ago
Daniel Roethlisberger	f16783cee2	Move cert writer to logger thread using privsep Make -w and -W work in conjunction with dropping privileges and chrooting by moving the cert writer code to a separate logger thread and using the privsep framework to open the files if they do not exist already. Issue: #70	10 years ago
Daniel Roethlisberger	6ec6c56ded	Refactored -w/-W and improved docs	10 years ago
PsychoMario	3aff928daf	moved key output to main.c, caught some bugs	10 years ago
PsychoMario	b34336ab4b	moved to develop branch	10 years ago
PsychoMario	4f310a877a	implemented -W to write original certs	10 years ago
PsychoMario	13dce0aa35	moved write to pxy_srccert_create, -X to -w, opts_free use	10 years ago
PsychoMario	73042d4daa	fix mutual exclusivity, sprintf->asprintf	10 years ago
PsychoMario	61d5186864	added exclusivity with -K, man page and -h	10 years ago
PsychoMario	cbb2a179f9	naive implementation with -X, no help, validation, logging	10 years ago
Daniel Roethlisberger	39e9c898e5	Move default cipher suite spec to defaults.h	10 years ago
Daniel Roethlisberger	b8213e756d	Merge branch 'feature/privsep' into develop Conflicts: NEWS.md main.c sslsplit.1	10 years ago
Daniel Roethlisberger	5ac565f5df	Note that -j impacts -S and -F	10 years ago
Daniel Roethlisberger	ab466aafb7	Allow -u root with pf proxyspecs on OS X	10 years ago
Daniel Roethlisberger	f076336e0b	Don't allow -u on Mac OS X with pf proxyspecs Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only check permissions on open(/dev/pf). This means that on OS X, it is not possible to open /dev/pf, drop privileges, and send an ioctl to the file descriptor opened earlier with EUID==0. It also means Apple broke the Unix way of dealing with device nodes - why are there file permissions on /dev/pf when they later enforce EUID==0 on use, thereby breaking basic Unix mechanisms? Work around this by disallowing -u with pf proxyspecs and by not automatically dropping to nobody on Mac OS X. Issue: #65 Reported by: Vladimir Marteev	10 years ago
Daniel Roethlisberger	e69b13f2eb	SIGUSR1 re-opens -l/-L log files; add defaults.h Issue: #52	10 years ago
Daniel Roethlisberger	16a1beb655	Fix version output on local procinfo availability	10 years ago
Daniel Roethlisberger	c01ace1261	Introduce privilege separation architecture Fork into a monitor parent process and an actual proxy child process, communicating over AF_UNIX sockets. Certain privileged operations are performed through the privileged parent process, like opening log files or listener sockets, while all other operations happen in the child process, which can now drop its privileges without side-effects for log file opening and other privileged operations. This is also a preparation for -l/-L logfile reopening through SIGUSR1. This means that -S and -F are no longer relative to chroot() if used with -j. This is a deliberate POLA violation.	10 years ago
Daniel Roethlisberger	a027f87c1c	Check if -u and -m user and group exist immediately	10 years ago
Daniel Roethlisberger	2d97659a6b	Check if args to -j and -S are directories	10 years ago
Daniel Roethlisberger	86397dac89	Break at 80 cols	10 years ago
Daniel Roethlisberger	5fd1d7de9c	Rename flags for clarity	10 years ago
Daniel Roethlisberger	fcd008df4b	Unify asprintf error handling	10 years ago
Daniel Roethlisberger	544b93a9ab	Add procinfo status to -V	10 years ago
Daniel Roethlisberger	150650c7e9	Make local procinfo run-time optional (-i) and use src host:port	10 years ago
Daniel Roethlisberger	0d07aeff7e	Don't automatically drop to nobody if logspec is used	10 years ago
Daniel Roethlisberger	38314ea16d	Formatting changes	10 years ago
Landon Fuller	7ce301a60f	Fix incorrect format specifiers used in the -F usage example.	10 years ago
Landon Fuller	02c6e6e605	Adopt the new oom_die() usage.	10 years ago
Landon Fuller	a4c518c8a0	Merge remote-tracking branch 'origin/fix-macosx' into logspec_path_support	10 years ago
Daniel Roethlisberger	206c688219	Refactor SSL/TLS debug code	10 years ago
Daniel Roethlisberger	601cdf5b52	Add SSL/TLS protocol selection debug code	10 years ago
Daniel Roethlisberger	6b0e47dc89	Allow more control over used SSL/TLS versions Add -r to force a specific SSL/TLS protocol version. Add -R to disable one or several SSL/TLS protocol versions. Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2. Issue: #30 Reported by: @Apollo2342	10 years ago
Daniel Roethlisberger	cc6cb59485	Rewrite Mac OS X support to use proper XNU headers Move from one set of headers per major OS X release to one set of headers per XNU release. Fetch the header files from Apple's official Open Source site instead of GitHub in the fetchdeps developer target. As a side effect, 10.6.x is now supported as well (untested), and proper headers are used for 10.10. Issue: #39	10 years ago
Daniel Roethlisberger	42efb4a980	Slightly improve user experience for new option -m	10 years ago

1 2

81 Commits (9858928b734d0b39536111174649a3b67b235997)