Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-02 15:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
182 Commits 2 Branches 27 Tags 3.1 MiB
b1b8fe09b9
Commit Graph

182 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Roethlisberger
b1b8fe09b9 Merge pull request #35 from fix-macosx/specify-custom-gid 
Add support for specifying an explicit group when dropping privileges.
 2014-10-23 13:00:42 +02:00
Daniel Roethlisberger
bea022540f Handle strdup() failure in early stages of main() 
Issue:		#38
Reported by:	Markus Elfring
 2014-10-23 12:49:12 +02:00
Daniel Roethlisberger
b105473629 Check return values of pthread_mutex_init and friends 
Issue:		#38
Reported by:	Markus Elfring
 2014-10-23 12:27:12 +02:00
Daniel Roethlisberger
f575adadea Update documentation after merge of pull req #32 2014-10-21 15:55:56 +02:00
Daniel Roethlisberger
79c67ebed7 Merge pull request #32 from fix-macosx/macosx-yosemite 
Support Mac OS X 10.10 by using 10.9 headers
 2014-10-21 15:42:37 +02:00
Daniel Roethlisberger
ed99fc0260 Use NULL instead of '\0' to avoid type conversion 2014-10-21 15:16:09 +02:00
Daniel Roethlisberger
e64bf695dc Update documentation after merge of #34 2014-10-21 14:55:25 +02:00
Daniel Roethlisberger
2e418f1447 Merge pull request #34 from swills/master 
add DESTDIR, MANDIR to install target
 2014-10-21 14:44:11 +02:00
Steve Wills
b8c8cb73ed add DESTDIR, MANDIR to install target 
DESTDIR to allow installing in chroot
MANDIR to allow specifying different dir for man pages
 2014-10-18 17:32:22 +00:00
Landon Fuller
9d54677009 Add support for specifying an explicit group when dropping privileges. 
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
 2014-10-18 00:34:51 -06:00
Landon Fuller
8ef5011fcb Enable Mac OS X 10.10 feature detection 
This is pointed at the 10.9 pf headers for testing, as
the 10.10 kernel sources are unavailable.
 2014-10-17 19:45:28 -06:00
Landon Fuller
ecbc84438a Fix crash in strdup() when no default NAT engine is available. 2014-10-17 19:35:44 -06:00
Daniel Roethlisberger
85b177f6b0 Special device nodes may be needed for -j to work 2014-08-26 14:29:56 +02:00
Daniel Roethlisberger
47c409cbb5 Don't rely on OpenSSL to pull in string.h 
Obtained from:	OpenBSD port patches
 2014-06-21 19:20:34 +02:00
Daniel Roethlisberger
3226d9bfcf No longer chroot() by default when run as root 
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.

Issue:		#21
 2014-01-30 23:34:37 +01:00
Daniel Roethlisberger
db0fa32b07 Load -t certificates before dropping privileges 
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges.  This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys.  This bug was
introduced in 0675219 as a spurious part of fixing #5.

Issue:		#20, #19
Reported by:	Miroslav Stampar
 2014-01-30 22:39:39 +01:00
Daniel Roethlisberger
ac98c2d9cc Fix segmentation fault when using -t without a CA 
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
 2014-01-30 22:21:08 +01:00
Daniel Roethlisberger
4bd9dd1fa7 Fix glob to be compatible with /bin/dash 2014-01-29 21:25:19 +01:00
Daniel Roethlisberger
53a948cd18 Improve dependency tracking for targets/ certs 2014-01-29 21:20:16 +01:00
Daniel Roethlisberger
349cd1f6ec Add targets to .PHONY 2014-01-29 21:14:39 +01:00
Daniel Roethlisberger
f669fbbca7 Add unit test for sys_dir_eachfile() 
Issue:		#19
Reported by:	Miroslav Stampar
 2014-01-29 20:18:54 +01:00
Daniel Roethlisberger
658bbfa6fe SSLsplit master 2014-01-29 20:16:34 +01:00
Daniel Roethlisberger
c4ac9c60bc SSLsplit 0.4.8 release 2014-01-15 19:07:07 +01:00
Daniel Roethlisberger
9d5641c0e0 Update NEWS 2014-01-15 19:01:33 +01:00
Daniel Roethlisberger
f348c1a372 Add libevent2 test for the weirdness that is issue #17 2014-01-15 18:56:58 +01:00
Daniel Roethlisberger
9338200705 Detect when libevent cannot parse resolv.conf 
Issue:		#17
Reported by:	Florian Schaefer
 2014-01-15 10:33:43 +01:00
Daniel Roethlisberger
a80cbf73f4 Add some error-case debug messages to pxy_thrmgr_run() 2014-01-15 01:04:02 +01:00
Daniel Roethlisberger
fe558af0a3 Remove duplicates from FEATURES 2014-01-14 23:44:23 +01:00
Daniel Roethlisberger
e1d8a2a965 Lint fix: define some variables in smaller scope 2014-01-14 17:37:57 +01:00
Daniel Roethlisberger
cd358e245a Make session.pem generation more portable 2014-01-14 17:37:17 +01:00
Daniel Roethlisberger
716139b169 Suppress SPDY/QUIC by removing Alternate-Protocol headers 2014-01-14 17:35:56 +01:00
Daniel Roethlisberger
6b99bde4fb Only use -pthread on non-Darwin systems 2014-01-14 17:29:32 +01:00
Daniel Roethlisberger
ba991dcdf8 Minor overhaul of the Mac OS X hacks 2014-01-14 17:28:59 +01:00
Daniel Roethlisberger
24e57d2a12 Add .gitattributes and cleanup .gitignore 
Exclude development-only files from the distribution tarball.
 2014-01-14 17:14:23 +01:00
Daniel Roethlisberger
23d7b7fe8d Update README for the APSL components 2014-01-14 01:23:09 +01:00
Daniel Roethlisberger
d4d249fb87 Update NEWS 2014-01-14 00:46:52 +01:00
Daniel Roethlisberger
a5660fa3c9 Update NEWS 2014-01-14 00:29:45 +01:00
Daniel Roethlisberger
2235e1aad9 Fix memory leak in fake cert generation code 
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally.  Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
 2014-01-13 23:56:59 +01:00
Daniel Roethlisberger
05410fe9b3 Enable SSL_MODE_RELEASE_BUFFERS by default 2014-01-13 23:33:31 +01:00
Daniel Roethlisberger
202b1270e3 Create session.pem without Internet connectivity 
Use openssl s_server in order to create a temporary SSL server for
creating an SSL session dump for the unit tests to work with.  This
removes the requirement of having Internet connectivity for running the
test suite, which prevented package builds from running the unit tests.
 2014-01-11 21:49:05 +01:00
Daniel Roethlisberger
54685bab6d Update NEWS 2014-01-11 19:14:11 +01:00
Daniel Roethlisberger
56842b2f63 Fix file descriptor leak in passthrough mode (-P) 
When using passthrough mode, if a connection to a server fails with an
SSL error, sslsplit falls back to plain TCP passthrough.  When
reconnecting with plain TCP, the SSL context was freed, but the file
descriptor was never closed.  The fix remedies that by calling the
proper cleanup function for the dst bev before reconnecting.

Reported by:	Peter Haag
 2014-01-11 19:12:00 +01:00
Daniel Roethlisberger
e129041c1c Add some OpenSSL refcounting comments 2014-01-11 19:03:15 +01:00
Daniel Roethlisberger
c8723506e7 Update NEWS 2014-01-11 17:55:17 +01:00
Daniel Roethlisberger
e7ba15f184 Remove unused variable 2014-01-11 17:55:01 +01:00
Daniel Roethlisberger
4849a9738b Set ssl fields to NULL after freeing 2014-01-11 17:35:36 +01:00
Daniel Roethlisberger
7b09128ead Fix double free of SSL_CTX 
Remove a superfluous call to SSL_CTX_free() which caused SSL_CTX
structures to be free'd twice under some circumstances.

Issue:		#16
Reported by:	Amit Chowdhary
 2014-01-11 17:30:06 +01:00
Daniel Roethlisberger
b82ca9b414 Print status of free'd SSL structs in debug mode 2014-01-11 17:28:41 +01:00
Daniel Roethlisberger
de27f40b04 Fix two typos in comments 2014-01-11 15:17:31 +01:00
Daniel Roethlisberger
bccbdbf1cc Free SSL_CTX directly after calling SSL_new() 
Since SSL_new() increments the refcount of the passed SSL_CTX, free it
directly after handing it to SSL_new() instead of later after SSL_free().
 2014-01-11 00:39:28 +01:00