Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-02 15:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
363 Commits 2 Branches 27 Tags 3.1 MiB
bb071336e0
Commit Graph

363 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Roethlisberger
bb071336e0 Escape # in shell invocation 
This fixes the following make error on Mac OS X versions that we don't
explicitly support yet due to missing sources:

    GNUmakefile:55: *** unterminated call to function `shell': missing `)'.
    Stop.

Reported by:	Justin Garrick
 2015-01-17 18:24:58 +01:00
Daniel Roethlisberger
c9aa840214 Quote dollar signs in shell invocation 
Reported by:	Justin Garrick
 2015-01-14 22:45:59 +01:00
Daniel Roethlisberger
b8d8af7b29 Document the limitations of passthrough mode (-P) 2015-01-04 14:21:49 +01:00
Daniel Roethlisberger
4f0a019d5a Mention TravisCI and be explicit about branching 2014-12-14 15:16:53 +01:00
Daniel Roethlisberger
f16783cee2 Move cert writer to logger thread using privsep 
Make -w and -W work in conjunction with dropping privileges and
chrooting by moving the cert writer code to a separate logger thread and
using the privsep framework to open the files if they do not exist
already.

Issue:		#70
 2014-12-13 23:52:17 +01:00
Daniel Roethlisberger
3662eeae50 Update documentation 2014-12-13 03:23:32 +01:00
Daniel Roethlisberger
27cf6c90e7 Merge branch 'feature/genstore' into develop 2014-12-13 03:20:38 +01:00
Daniel Roethlisberger
3da7407f14 Use same hash algo in RSA sigs as orig cert uses 2014-12-13 03:18:13 +01:00
Daniel Roethlisberger
6ec6c56ded Refactored -w/-W and improved docs 2014-12-13 02:36:45 +01:00
Daniel Roethlisberger
11f6742bff Add convenience functions for printing SHA1 values 2014-12-12 23:50:55 +01:00
Daniel Roethlisberger
7f378251e8 Update documentation 2014-12-12 23:22:11 +01:00
Daniel Roethlisberger
160fd991e0 Merge branch 'genstore' of https://github.com/psychomario/sslsplit into feature/genstore 2014-12-12 23:17:29 +01:00
PsychoMario
3aff928daf moved key output to main.c, caught some bugs 2014-12-12 17:28:06 +00:00
Daniel Roethlisberger
8422c6b478 Minor code cleanup of ssl_key_identifier_sha1() 2014-12-12 18:07:46 +01:00
PsychoMario
b34336ab4b moved to develop branch 2014-12-12 17:03:06 +00:00
Daniel Roethlisberger
8b0b1d0226 Add ssl_key_identifier_sha1() utility function 
Issue:		#67
 2014-12-12 17:38:34 +01:00
PsychoMario
a83cd68605 stored fpr as char* in ctx 2014-12-11 13:57:50 +00:00
PsychoMario
1736564b32 error handling 2014-12-09 23:26:00 +00:00
PsychoMario
5d7c52cde1 fix manpage 2014-12-09 21:43:49 +00:00
PsychoMario
4f310a877a implemented -W to write original certs 2014-12-09 21:43:05 +00:00
PsychoMario
a7e2d99b39 added logging of fingerprints, uppercased names 2014-12-09 21:13:04 +00:00
PsychoMario
13dce0aa35 moved write to pxy_srccert_create, -X to -w, opts_free use 2014-12-09 20:02:25 +00:00
PsychoMario
73042d4daa fix mutual exclusivity, sprintf->asprintf 2014-12-09 19:47:10 +00:00
PsychoMario
61d5186864 added exclusivity with -K, man page and -h 2014-12-09 19:40:07 +00:00
PsychoMario
cbb2a179f9 naive implementation with -X, no help, validation, logging 2014-12-09 19:08:11 +00:00
Daniel Roethlisberger
d6b11f61b7 Clarify needed permission to open /dev/pf et al for reading 
Issue:		#66
Reported by:	Nikolay Khodov
 2014-12-08 19:40:01 +01:00
Daniel Roethlisberger
39e9c898e5 Move default cipher suite spec to defaults.h 2014-11-30 22:29:40 +01:00
Daniel Roethlisberger
0a6ca2ac98 Update licensing information 2014-11-30 01:39:57 +01:00
Daniel Roethlisberger
521adb7275 Format file refs with backticks 2014-11-28 12:18:40 +01:00
Daniel Roethlisberger
e6dc9db6a4 Fix markdown links 2014-11-28 12:15:45 +01:00
Daniel Roethlisberger
f2ff2ec9f5 Link to Github author pages 2014-11-28 12:12:48 +01:00
Daniel Roethlisberger
b8ecbcd773 Split out AUTHORS.md and HACKING.md from README.md 2014-11-28 12:09:40 +01:00
Daniel Roethlisberger
b8213e756d Merge branch 'feature/privsep' into develop 
Conflicts:
	NEWS.md
	main.c
	sslsplit.1
 2014-11-28 11:08:05 +01:00
Daniel Roethlisberger
61cd0fb541 SSLsplit 0.4.10 release 2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
5ac565f5df Note that -j impacts -S and -F 2014-11-28 10:28:58 +01:00
Daniel Roethlisberger
008821cfca Update NEWS.md 2014-11-28 10:15:09 +01:00
Daniel Roethlisberger
ab466aafb7 Allow -u root with pf proxyspecs on OS X 2014-11-28 10:03:29 +01:00
Daniel Roethlisberger
f076336e0b Don't allow -u on Mac OS X with pf proxyspecs 
Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf).  This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0.  It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms?  Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.

Issue:		#65
Reported by:	Vladimir Marteev
 2014-11-28 00:13:42 +01:00
Daniel Roethlisberger
c4b22efa5a Fix segmentation fault for aborted connections 2014-11-27 23:19:54 +01:00
Daniel Roethlisberger
9341f25e6d Explicitly support Yosemite 10.10.1 with XNU 2782.1.97 2014-11-27 22:11:12 +01:00
Daniel Roethlisberger
47abb0030d Update clean target for newer clang build artefacts 2014-11-27 22:09:03 +01:00
Daniel Roethlisberger
43c0f57eec Update NEWS.md for feature/privsep 2014-11-25 23:55:15 +01:00
Daniel Roethlisberger
e69b13f2eb SIGUSR1 re-opens -l/-L log files; add defaults.h 
Issue:		#52
 2014-11-25 23:45:40 +01:00
Daniel Roethlisberger
16a1beb655 Fix version output on local procinfo availability 2014-11-25 23:38:37 +01:00
Daniel Roethlisberger
a9bd438756 Minor updates to manual page 2014-11-25 23:38:05 +01:00
Daniel Roethlisberger
12ff6e6ddf Merge https://github.com/fix-macosx/sslsplit 
Conflicts:
	GNUmakefile
	main.c
 2014-11-25 00:24:58 +01:00
Daniel Roethlisberger
25e3145d1f Add missing headers to fix build on FreeBSD 8.4 2014-11-25 00:10:51 +01:00
Daniel Roethlisberger
476967ccdc Add SIGUSR1 to the signals forwarded by the parent 2014-11-24 23:32:37 +01:00
Daniel Roethlisberger
0e0a465f5d Fix build on OpenBSD by adding missing includes 2014-11-24 22:49:02 +01:00
Daniel Roethlisberger
c01ace1261 Introduce privilege separation architecture 
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets.  Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations.  This is also a
preparation for -l/-L logfile reopening through SIGUSR1.

This means that -S and -F are no longer relative to chroot() if used
with -j.  This is a deliberate POLA violation.
 2014-11-24 22:14:09 +01:00