Commit Graph

27 Commits

Author SHA1 Message Date
Soner Tari
009fe9f6ad Merge sslsplit develop changes 2019-08-08 12:23:04 +03:00
Soner Tari
52d37297b6 Update with sslsplit develop changes, especially content logging
Change SIGHUP to behave like SIGUSR1
2018-11-03 18:23:31 +03:00
Soner Tari
d2e9ab4487 Merge sslsplit-develop changes 2018-09-15 02:51:26 +03:00
Soner Tari
9d435e180c Update with SSLsplit 0.5.2 and develop branch changes as of 270218 2018-02-27 22:20:58 +03:00
Soner Tari
4c8831bd90 Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues
Add VerifyPeer and AllowWrongHost options
2018-01-18 03:18:53 +03:00
Soner Tari
67ddee1585 Import sslsplit-devel changes
Add stats logs, initial
Add SSLproxy_SrcAddr header field
Clean-up
2017-07-25 16:07:39 +03:00
Soner Tari
1a446cd243 Refactoring: Create child ctx
Rearrange, clean-up
2017-07-12 01:45:15 +03:00
Soner Tari
d033ea68dd Plain TCP version is running good enough, next will try to switch the SSL on 2017-05-29 12:22:23 +03:00
Daniel Roethlisberger
0506024587 Update copyright notices to 2016 2016-03-25 12:19:23 +01:00
Daniel Roethlisberger
01d10b192a IPv6 addrs in filenames use underscore not colon
Use underscore instead of colon for all IPv6 addresses in generated
filenames in order to generate NTFS clean filenames.

Issue:		#69
2015-03-15 17:52:04 +01:00
Daniel Roethlisberger
914360eb5e Separate host and port into separate strings
Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner.  This includes the following user-visible changes:

-   Generated filenames that contain host and port, such as by -S and
    -F %d and %s, now use a host,port format instead of [host]:port.

-   Connect log now uses separate fields for host and port.

Issue:		#69 #74
Reported by:	Adam Jacob Muller
2015-03-15 17:23:46 +01:00
Daniel Roethlisberger
91da4674e5 Update copyright, license and tagline
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
2015-02-24 19:19:20 +01:00
Daniel Roethlisberger
c01ace1261 Introduce privilege separation architecture
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets.  Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations.  This is also a
preparation for -l/-L logfile reopening through SIGUSR1.

This means that -S and -F are no longer relative to chroot() if used
with -j.  This is a deliberate POLA violation.
2014-11-24 22:14:09 +01:00
Daniel Roethlisberger
a027f87c1c Check if -u and -m user and group exist immediately 2014-11-23 22:52:09 +01:00
Daniel Roethlisberger
71743feaa1 Add functions to send/recv UNIX dgram socket msgs and fds 2014-11-22 02:09:07 +01:00
Daniel Roethlisberger
fcd008df4b Unify asprintf error handling 2014-11-17 19:11:27 +01:00
Daniel Roethlisberger
18c3e055e3 Refactor recursive mkdir() into sys_mkpath() 2014-11-16 21:53:47 +01:00
Daniel Roethlisberger
966fe80c0c Move process information code from sys to proc 2014-11-14 01:01:14 +01:00
Daniel Roethlisberger
2cc353f274 Check malloc retval and mark ptr arguments non-null 2014-11-13 22:17:13 +01:00
Landon Fuller
5ed49c4985 Implement user and group name lookup. 2014-10-18 14:16:50 -06:00
Landon Fuller
52d979e29d Add a standard API for fetching process name, uid, and gid. 2014-10-18 13:46:44 -06:00
Landon Fuller
9d54677009 Add support for specifying an explicit group when dropping privileges.
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
2014-10-18 00:34:51 -06:00
Daniel Roethlisberger
06a02f946a Always explicitly name the non-null arguments
Always explicitly name which arguments are non-null, even if all
arguments are non-null.  This is to avoid bugs where newly added
arguments are automatically non-null by accident, possibly leading to
optimisation errors.

This also fixes a few potential errors related to non-null arguments;
specifically it prevents the compiler optimising away a test for sni
being NULL in cachedsess_mkkey().

Issue:		#14
Reported by:	kythyria
2014-01-06 14:28:33 +01:00
Daniel Roethlisberger
ca923ee7f1 Update copyright notices to 2014 2014-01-06 14:09:18 +01:00
Daniel Roethlisberger
c972501063 Update copyright notices 2013-04-24 20:36:38 +02:00
Daniel Roethlisberger
439e8a8267 Use WUNRES and MALLOC attribs and fix sloppy code 2012-04-23 00:35:17 +02:00
Daniel Roethlisberger
4cfdef405a Initial import of sslsplit-0.4.2 2012-04-13 14:47:30 +02:00