Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-10-31 21:20:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,113 Commits 2 Branches 27 Tags 3.1 MiB
9879c7ba49
Commit Graph

1113 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Soner Tari
9879c7ba49 Release v0.9.6 2024-07-04 11:07:40 +03:00
Soner Tari
f5df046961 Fix clang-static-analysis warnings, thanks to @disaykin 2024-07-02 21:40:03 +03:00
Soner Tari
d7bf0bd53d Use clock_gettime() instead of gettimeofday(), thanks to @disaykin 2024-07-02 21:12:46 +03:00
Soner Tari
b3705efe9d Fix deprecation warnings for function declarations without a prototype 
"warning: a function declaration without a prototype is deprecated in
all versions of C"
 2024-07-02 17:55:27 +03:00
Soner Tari
dfb783d7ba Release v0.9.5 
Bump version to 0.9.5
Update copyright year to 2024
Update NEWS
 2024-02-18 15:41:29 +03:00
Soner Tari
0e8e2c3727 Fix e2e tests with openssl 3 2023-12-27 18:08:55 +03:00
Soner Tari
a9fec35d42 Fix possible segfault in proto smtp in split mode 
srvdst is disabled in split mode, and srvdst.bev is null
 2023-12-27 18:08:34 +03:00
Soner Tari
828c1c3c69 Fix retval of privsep_server_opensock_verify() 
thanks to @Qbog
 2023-06-29 14:17:13 +03:00
Soner Tari
e049f14cc2 Replace deprecated fail_unless() with ck_assert_msg() in unit tests 
Fixes 1924 warnings such as:
warning: too many arguments for format [-Wformat-extra-args]
   64 |         fail_unless(!!buf, "no buffer returned");
 2023-05-23 16:18:19 +03:00
Soner Tari
adf9a44d22 Fix possible double free of host and serv variables, thanks to @disaykin 2023-05-23 10:36:50 +03:00
Soner Tari
e2f83eaa3a Fix possible integer overflow, thanks to @disaykin 
The value of an arithmetic expression p[1] + (p[0] << 8) is subject to
overflow due to a failure to cast operands to a larger data type before
perfoming arithmetic
 2023-05-18 00:53:37 +03:00
Soner Tari
1408e85513 Close fds only once, thanks to @disaykin 2023-05-18 00:47:47 +03:00
Soner Tari
d45e9a2f92 Fix memory leak, thanks to @disaykin 2023-05-18 00:38:43 +03:00
Soner Tari
6a92058b09 Handle ftell error, thanks to @disaykin 2023-05-18 00:34:37 +03:00
Soner Tari
3048f95485 Fix mismatched call arguments, thanks to @disaykin 2023-05-18 00:32:13 +03:00
Soner Tari
94fed777d4 Fix memory leak in case of cert key mismatch, thanks to @disaykin 2023-05-18 00:26:58 +03:00
Soner Tari
d48ba1da9a Fix file descriptor leak, thanks to @disaykin 2023-05-18 00:23:38 +03:00
Soner Tari
fc7d57469d Fix double free, thanks to @disaykin 
Bug found by Svace static analyzer
 2023-05-18 00:20:07 +03:00
Soner Tari
8168d32d03 Fix header-size calculation in IPv6 packet mirroring, thanks to @matoro 2023-05-14 01:17:38 +03:00
Soner Tari
0d7db139dd Handle partial write, thanks to @disaykin 2023-05-14 00:02:14 +03:00
Soner Tari
521a1cc3a0 Handle return value of gmtime(), thanks to @disaykin 2023-05-13 21:27:10 +03:00
Soner Tari
7f201c59de Fix double free, thanks to @disaykin 2023-05-13 21:13:17 +03:00
Soner Tari
30ed5b4200 Release v0.9.4 2022-12-26 14:44:45 +13:00
Soner Tari
bd4123375d Update testproxy version to 0.0.5 
The skip-test-harness option allows disabling the second test set in the
test harness: SSL config tests, which fails with the new versions of
OpenSSL.
TODO: We need more detailed tests and more detailed testproxy config
options.
 2022-12-24 22:17:44 +13:00
Soner Tari
6faecf21ff Fix unit tests with opaque x509 struct 
X509 is opaque since LibreSSL 3.5.2, as in OpenSSL 1.1:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2-relnotes.txt
 2022-12-24 22:17:44 +13:00
Soner Tari
187f5c7893 Use htons() not hton() 
Fixes build error in the commit 7fa67d0071
 2022-12-24 22:17:44 +13:00
piolug93
37aa3d7ed5 Fix byte order for ports in mirror trafic 
Convert values between host and network byte order.
 2022-12-24 22:17:44 +13:00
Soner Tari
91fc80cb67 Fix warning for array subscript outside array bounds in function declaration 
Thanks to gcc version 11.2.0
 2022-09-24 11:09:30 +03:00
Soner Tari
e456f56001 Release v0.9.3 2022-05-02 22:40:39 +03:00
Soner Tari
b78a367d76 Silence warning for unused var on OpenBSD 2022-04-23 15:09:36 +03:00
Soner Tari
604fb58646 Fix macOS header selection 
Must have been broken since the restructuring of the source tree
 2022-04-19 21:34:43 +03:00
Soner Tari
c3feea53f9 Make sure natengine is not NULL before freeing 2022-04-19 21:27:45 +03:00
Soner Tari
674893cc79 Fix compiler warnings for format spec for size_t 2022-04-19 21:27:26 +03:00
Soner Tari
efc0be9991 Re-enable osx on travis 
XNU versions fixed now
 2022-04-19 21:26:51 +03:00
Soner Tari
01d0b156d6 Decouple autossl code handling underlying bufs 
And clean up redundant child callbacks
 2022-04-18 22:35:48 +03:00
Soner Tari
0124fb33c5 Update XNU headers for macOS 
About 2 years old.
 2022-04-18 18:21:57 +03:00
Soner Tari
3a215f4f3f Use parent protoctx for autossl ctx 
This fixes a crash.
And improve logging.
 2022-04-11 14:11:40 +03:00
Soner Tari
63a48308cd Fix autossl without STARTTLS in divert mode 
In the previous implementation, the use case for autossl was assumed to
be STARTTLS with POP3 or SMTP. But there are users who use autossl with
HTTP too. The split mode was fine, but the divert mode was broken. This
change makes autossl a generic upgrade mechanism.
Also fix sslproxy line in autossl, change p to s if upgraded.
Add e2e tests for autossl in divert and split mode.
 2022-04-11 01:11:54 +03:00
Soner Tari
45abd2e85c Make sure srvdst.bev is not NULL in autossl 2022-04-09 15:08:27 +03:00
Soner Tari
fce838e43b Move code handling underlying bevs to autossl 
Non-autossl protos do not have underlying bevs, so we should not try
check them. But there are still a couple of functions left which needs
to be moved to autossl.
 2022-04-09 14:39:34 +03:00
Soner Tari
571720e24c OR not AND retval -1 with term and enomem flags 
Similarly to what we do in pxy_listener_acceptcb_child().
 2022-04-09 12:19:38 +03:00
Soner Tari
fec19b8c8b Remove unnecessary function calls 2022-04-09 00:07:50 +03:00
Soner Tari
e43564635a Add WUNRES and NONNULL attribs to function types with return values 
Otherwise gcc does not issue warnings for them.
 2022-04-08 22:01:47 +03:00
Soner Tari
76ea48f2d0 Remove srvdst_xferred flag 
Setting srvdst.bev to NULL can be used as a flag to indicate that we
have reused the srvdst of the parent as the dst of the first child conn.
This also prevents access to srvdst.bev after we do the xfer, without
any extra flag.
 2022-04-08 21:42:48 +03:00
Soner Tari
02a6cc12e6 Remove redundant srvdst_xferred flag in child ctx 2022-04-08 12:43:33 +03:00
Soner Tari
dc40f74c13 Update copyright year to 2022 2022-04-06 22:35:26 +03:00
Soner Tari
722c2f59d2 Disable srvdst events asap when xferring to child and in split mode 
This is the correct implementation. And disabling later on is
problematic while terminating, and can even cause a crash.
 2022-04-06 20:30:06 +03:00
Soner Tari
61e28a5c86 Fix crash in split mode if we try to access srvdst while terminating 
Disable events and NULL callbacks of srvdst at assignment time to dst,
not at termination.
 2022-04-06 16:44:46 +03:00
Soner Tari
af6b40b5bf Fix natengine opt passed in proxyspec on command line 2022-04-06 14:43:41 +03:00
Soner Tari
2e8e677bac Discard underlying bufs while closing, sending errors, and denying ocsp 
Also refactor for code reuse.
Since we are closing in all such cases, performance is not important.
 2022-04-06 14:19:48 +03:00