Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
695 Commits
2 Branches
26 Tags
3.1 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bee1a82bfc'
${ noResults }
Commit Graph

269 Commits (bee1a82bfcc576fb40a3793f0f47605dcc8f0791)

Author SHA1 Message Date
Soner Tari 4c8831bd90 Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues 
Add VerifyPeer and AllowWrongHost options
 7 years ago
Soner Tari a2b14097dd Verify upstream certificates, see https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html 7 years ago
Soner Tari 3ae89131dc Use different syslog facilities for error, conn, and stats logs, so they can be filtered into separate log files in syslog.conf 7 years ago
Soner Tari b064ffa668 Use llu int as unique conn id, much simpler than uuid 7 years ago
Soner Tari 137f017cb5 Fix EXPIRED message bug, other fixes and improvements 7 years ago
Soner Tari a1c5d05143 Add support for log priority to error logs, so syslogd prints the correct prio for error logs now 7 years ago
Soner Tari 179aa4fc8f Close the conn if we are out of file descriptors, or libevent will crash us 7 years ago
Soner Tari 4bf27d09e5 Add RemoveHTTPReferer option, Referer causes redirection errors with some sites 7 years ago
Soner Tari 077e97dbba Add more CRITICAL error logs 
Fix some logs
Clean-up
 7 years ago
Soner Tari d52ee62079 Add RemoveHTTPAcceptEncoding option 7 years ago
Soner Tari 0b5ef8b14d Mark critical errors as CRITICAL 7 years ago
Soner Tari 9ec58f821b Changes needed while adding SSL proxy support to WUI 
Separate mail/mails to pop3/pop3s/smtp/smpts for statistics
Write connect logs to syslog too, for statistics
Fix log lines for statistics, remove fds from err logs
 7 years ago
Soner Tari 1a6eab50a5 Tidy and clean logs up 
Add DEBUG_PROXY directive around all log_dbg_level_printf() and related lines
Log stats to syslog, similar to error logs, so that it is simpler to rotate and parse
-O w/o -g is failing bufferevent_socket_connect for parent dst, so either enable -O w/ -g, or disable -O w/o -g (-O2 is failing too)
Refactoring
 7 years ago
Soner Tari 36c89a0314 Fix crash if no logging enabled 
Disable debug, the default now
 7 years ago
Soner Tari ea6dc07248 Rename to sslproxy 
Reduce http headers to just one SSLproxy line
 7 years ago
Soner Tari 4bfc85868b Add support for pop3 (p3scan pop3 proxy) 
Send sslproxy info only once, in the first packet only
Clean-up
 7 years ago
Soner Tari 9e637dd2cc Clean-up 7 years ago
Soner Tari 1ae732f533 There are 3 dst bevs, writecbs of all of them may fire before connected event, so call eventcb first when that happens for each dst bevs. 
Check if srv_dst bev is NULL or not: Since both eventcb and writecb for srv_dst are enabled, either eventcb or writecb may get a NULL srv_dst bev, causing a crash with signal 10.
Remove unnecessary evutil_closesocket() calls, they could close the fds twice, causing conn stalls
 7 years ago
Soner Tari 5a136b7ce7 Add extra stats 
Rearrange, clean-up
 7 years ago
Soner Tari cea873e6f2 Set the OPENBSD directive at compile time 7 years ago
Soner Tari b6d1d92990 Fix use after free, other.bev may be NULL 7 years ago
Soner Tari d35e9af521 Fix use after free, other.bev may be NULL 7 years ago
Soner Tari dd7bf7b277 Fix srv_dst EOF on outbound connection before connection establishment, free conn, also move i/o debug lines to prevent segfault due to already freed srv_dst 
Remove squid header lines only in children
 7 years ago
Soner Tari 2411f79582 Add plain or ssl info to SSLproxy specific header line 
Fix child eof bug
Flickr keeps redirecting to https with 301 unless we remove the Via line of squid, so apparently flickr assumes the existence of Via header field or squid keyword a sign of plain http, even if we are using https
Also do not send the loopback address to the Internet
Other fixes
 7 years ago
Soner Tari 67ddee1585 Import sslsplit-devel changes 
Add stats logs, initial
Add SSLproxy_SrcAddr header field
Clean-up
 7 years ago
Soner Tari 3958adce9e Replace string manipulation functions with memory functions, simplify, clean-up 7 years ago
Soner Tari 378c8c03ef Fix/improve logging, clean-up 7 years ago
Soner Tari 5a496d04e0 Make utm service port spec a command line option 
Check NULL retvals, clean-up
 7 years ago
Soner Tari 26cbefa3a4 Use inet_ntop() instead of inet_ntoa() 
Fix compiler warnings
 7 years ago
Soner Tari 34665cf3c7 Refactor for code reuse, clean-up 
Fix drive.google issue: Watermark disable mistake
 7 years ago
Soner Tari bc55a5f7bb Import sslsplit code for errorcb ERROR event, and improvements 7 years ago
Soner Tari 63c51e9edd Fix packet size 7 years ago
Soner Tari f38163f7ed Code reuse, improvements, clean-up 7 years ago
Soner Tari f38c3b4552 Enable HTTP code, needs extensive refactoring and clean-up 7 years ago
Soner Tari 74c2e18e43 BEV_OPT_DEFER_CALLBACKS seems responsible for the issue with srv_dst, libevent acts as if we call event connect() ourselves. See: Launching connections on socket-based bufferevents at http://www.wangafu.net/~nickm/libevent-book/Ref6_bufferevent.html. So enable writecb and assume write event as CONNECTED too. 7 years ago
Soner Tari 72687803e1 Fix multithreading, potential NULL retval, and other refactoring issues 
Fix clean-up after errors
 7 years ago
Soner Tari 5aae8fa320 Detach while freeing parent ctx, because we attach while creating the parent ctx, this should fix a signal 10 crash 7 years ago
Soner Tari e013eadf23 Make child eventcb more similar to parent's eventcb 
Re-enable closing srv_dst, TCP conns still stall even without it
 7 years ago
Soner Tari a23d3ecb7b Closing srv_dst causes TCP conns to stall sometimes (SSL cons were ok), so disabled for now 
Make eventcb more similar to original sslsplit code
 7 years ago
Soner Tari 1b9a192947 Remove recursion while freeing children, parent frees children in a loop now 
Improve, simplify, clean-up
 7 years ago
Soner Tari ae35623c15 Remove meta ctx completely 
Fix issues
 7 years ago
Soner Tari 09e1c858b9 Refactoring to remove mctx 7 years ago
Soner Tari 133584361f Rename and clean-up 7 years ago
Soner Tari 496a4f090d Refactoring: Simplify, reduce, rearrange, rename, and clean-up 
Get rid of now unnecessary child info struct and functions
 7 years ago
Soner Tari d7094d7138 Refactoring: Simplify, reduce, rearrange, rename, and clean-up 
Got rid of now unnecessary pxy_conn_is_ready_to_free*() functions
Got rid of now unnecessary duplicate child and parent free functions: pxy_*_conn_free()
Fix error handling
 7 years ago
Soner Tari 1a446cd243 Refactoring: Create child ctx 
Rearrange, clean-up
 7 years ago
Soner Tari fc60db0e74 Disable the workaround for dst connection issues, NULL r/w cbs 
Reduce the conn timeout to 30s again
 7 years ago
Soner Tari 85875be00f Sometimes dst write cb fires but not event cb, especially if the listener cb is not finished yet, so the conn stalls. This is a workaround for this error condition, nothing else seems to work. 
Clean-up
 7 years ago
Soner Tari 590a693998 Rearrange and clean-up 7 years ago
Soner Tari e8332f11cf Make conn termination more similar to orig sslsplit code 
Free child info struct of a deleted child
Rename, rearrange, and clean-up
 7 years ago
Soner Tari d6e1ed2cef Fix a potential issue which could forward a packet without any SSL proxy address 
Rename, rearrange, and clean-up
 7 years ago
Soner Tari e3266cc811 Fix closing fd2 when uninit, i.e. fd2=0, which was freeing stdin 
Clean-up and improvements
 7 years ago
Soner Tari 8ad3b5db25 Defer all e2 setup until after parent is connected 
Clean-up and improvements
 7 years ago
Soner Tari 6975175117 Defer e2 setup until after parent is connected, to prevent multithreading issues 
Refactoring, improvements
 7 years ago
Soner Tari 4d88906d24 Clean up and improve 7 years ago
Soner Tari 4f6b207e57 Improve conn termination: Close children asap if there is no parent, close parent asap if there is no child 7 years ago
Soner Tari ad1f95e465 Remove conn mutexes: Use thrmgr mutex during attach/detatch only, do eveything in the same thread, do not touch the other threads 
Flex, fix, and improve conn termination: Make it more similar to orig sslsplit code
Fix issues, and clean-up
 7 years ago
Soner Tari ecfaf24614 Add more child info to conns list, and clean-up 7 years ago
Soner Tari 5047df8cba Fix some of the compiler warnings, rearrange, and clean-up 7 years ago
Soner Tari be54db770f Add comments, improvements, and clean-up 7 years ago
Soner Tari 0b0f6b21dc Add uuid to all conn mctxs, otherwise we cannot uniquely identify them, causing trouble especially while deleting conns 
Fix issues, clean-up
 7 years ago
Soner Tari 833e1903e1 Dump conn info list 
Remove conns using delete list of timed out conns
Fix issues, improvements
 7 years ago
Soner Tari c11ca7a195 Fix freeing of non-ssl buffer events and fds 7 years ago
Soner Tari 4a34c4792b travis-cgi.org issue seems to be gone now 
Rely less on parent ctx, and more on meta ctx
Rearrange, improve, and clean-up
 7 years ago
Soner Tari 82b58c2dab Fix multithreading 
Clean-up
 7 years ago
Soner Tari 9858928b73 Add debug levels, initial 7 years ago
Soner Tari ab600c8215 Leave if getsockname() fails 7 years ago
Soner Tari d71533f0b9 Remove SSL proxy specific header line from the packet on the egress exit 
Insert our header line right after the first header line in the packet in case the packet is fragmented, otherwise Squid is confused when it cannot find our header line in the first packet
 7 years ago
Soner Tari 85a96ec844 First working SSL version, surprisingly running so fine and stable for a first prototype that I think there is something wrong and it is just running in passthrough mode :), seriously this is just the beginning. 7 years ago
Soner Tari d033ea68dd Plain TCP version is running good enough, next will try to switch the SSL on 7 years ago
Daniel Roethlisberger ca7f20e442 Fix connect log for autossl connections 9 years ago
Daniel Roethlisberger e67978f4dd Merge branch 'develop' into feature/autossl 9 years ago
Daniel Roethlisberger 3c20f473fa Rename and improve autossl peeking function 9 years ago
Daniel Roethlisberger 9843ead5d7 Copy SNI hostname from OpenSSL if ctx->sni is NULL 9 years ago
Daniel Roethlisberger 2f834419eb Handle inbound EOF before outbound CONNECTED 
Fix segmentation fault upon receiving BEV_EVENT_EOF on the inbound
bufferevent while the outbound bufferevent has not received
BEV_EVENT_CONNECTED yet.

Issue:		#124
Patch by:	Eun Soo Park
 9 years ago
Daniel Roethlisberger 25b096450d Modernize DHE and ECDHE support 
Enable full strength DHE and ECDHE by default in order to allow modern
browsers to connect without weak crypto warnings.

Issue:		#119
Reported by:	@curioustwo
 9 years ago
Daniel Roethlisberger 0506024587 Update copyright notices to 2016 9 years ago
Daniel Roethlisberger b3b7a7ab17 Merge branch 'develop' into feature/autossl 9 years ago
Daniel Roethlisberger ba2f451f5e Fix bev write handler for other->closed case 
When other->closed is set, the bufferevent write handler accesses
other->bev even though it is invalid.  Fix this access, and as added
layer of defense against future bugs, set ->bev to NULL whenever
invalidating it, except where the connection is torn down completely.

Reported by:	Eun Soo Park
Introduced in:	2bcfaf4 17d753f
Issue:		#109
 9 years ago
Daniel Roethlisberger 17d753fc2d Fix NULL pointer dereference in bev write handler 
Only manipulate other->bev if it is not NULL to avoid a NULL pointer
dereference in the proxy bufferevent write handler when only one
direction is fully established, for example during connection shutdown.

Reported by:	@david-holonet
Introduced in:	2bcfaf4
Issue:		#109
 9 years ago
Daniel Roethlisberger 2bcfaf4b44 Re-enable EV_READ if disabled and outbuf empty 
The event buffer write handler failes to re-enable the corresponding
read event of the opposite connection if the buffer is not only down to
less than half the limit, but completely emptied.  In that case, the
read event would never be re-enabled and the connection would stall and
time out.

Issue:		#109
Patch by:	Eun Soo Park
 9 years ago
Daniel Roethlisberger 57a2ab8588 Rewrite protocol version macros and refactoring 
Introduce HAVE_SSLV2, HAVE_SSLV3, HAVE_TLSV10, HAVE_TLSV11 and
HAVE_TLSV12 to indicate that support for the respective protocol is
available in OpenSSL.  This was necessary due to the increased
complexity of testing version support following the phasing out of SSLv2
and SSLv3 from OpenSSL implementations.  This fixes the build with
OpenSSL versions which have SSLv3 support removed.

While here, de-duplicate code for setting SSL_CTX options and do not set
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION anymore; it has no benefit
in the context of splitting SSL/TLS for analysis.

Reported by:	Jérémie Courrèges-Anglas
 9 years ago
Daniel Roethlisberger 769da7565e Style fix 9 years ago
Daniel Roethlisberger a08a7233ab Move free() to the else branch where it belongs 
This prevents free(NULL) in case of failures in ssl_x509_fingerprint().

Issue:		#103
Reported by:	@david-stratusee
 9 years ago
Daniel Roethlisberger f12dd5bb92 Fix debug mode memory leak of cert fingerprint 
Issue:		#103
Reported by:	Scot Loach
 9 years ago
Daniel Roethlisberger 74f62c3e5e Refactor and unify ClientHello parsers 
Refactor and unify ssl_tls_clienthello_identify() and the earlier
ssl_tls_clienthello_parse_sni() into a single
ssl_tls_clienthello_parse() function that handles parsing ClientHello
messages for different purposes.  As a result, rename the debug knob
DEBUG_SNI_PARSER into DEBUG_CLIENTHELLO_PARSER.
 10 years ago
Daniel Roethlisberger 6671a82aed Rename genericstarttls to autossl and improve docs 
Issue:		#87
 10 years ago
Richard Poole 5c8b5e30d5 connection upgrade feature: upgrade tcp to ssl on client hello 
This code looks at the beginning of each read from the src for something
that looks like an ssl client hello message; if it finds one it tries to
upgrade the connection to proxied ssl. So it works only in the simple
case where the connection has no binary data before the upgrade attempt
(so there are no false positives), and where the client hello comes at
the beginning of a packet from the source.
 10 years ago
Richard Poole 0f2714ed8a spelling fix 10 years ago
Richard Poole 1f1f7b5559 bugfix: correct calls to log_dbg_printf 10 years ago
Daniel Roethlisberger 914360eb5e Separate host and port into separate strings 
Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner.  This includes the following user-visible changes:

-   Generated filenames that contain host and port, such as by -S and
    -F %d and %s, now use a host,port format instead of [host]:port.

-   Connect log now uses separate fields for host and port.

Issue:		#69 #74
Reported by:	Adam Jacob Muller
 10 years ago
Daniel Roethlisberger 91da4674e5 Update copyright, license and tagline 
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
 10 years ago
Daniel Roethlisberger f16783cee2 Move cert writer to logger thread using privsep 
Make -w and -W work in conjunction with dropping privileges and
chrooting by moving the cert writer code to a separate logger thread and
using the privsep framework to open the files if they do not exist
already.

Issue:		#70
 10 years ago
Daniel Roethlisberger 6ec6c56ded Refactored -w/-W and improved docs 10 years ago
PsychoMario 3aff928daf moved key output to main.c, caught some bugs 10 years ago
PsychoMario a83cd68605 stored fpr as char* in ctx 10 years ago
PsychoMario 1736564b32 error handling 10 years ago
PsychoMario 4f310a877a implemented -W to write original certs 10 years ago
PsychoMario a7e2d99b39 added logging of fingerprints, uppercased names 10 years ago
PsychoMario 13dce0aa35 moved write to pxy_srccert_create, -X to -w, opts_free use 10 years ago
PsychoMario 73042d4daa fix mutual exclusivity, sprintf->asprintf 10 years ago
PsychoMario cbb2a179f9 naive implementation with -X, no help, validation, logging 10 years ago
Daniel Roethlisberger c4b22efa5a Fix segmentation fault for aborted connections 10 years ago
Daniel Roethlisberger 65f56f634d Improve error handling on logging calls 10 years ago
Daniel Roethlisberger b5e3856a97 Move open() and mkdir() to logger thread 10 years ago
Daniel Roethlisberger 007823b16e Fix connect logging for corner cases 10 years ago
Daniel Roethlisberger c5b8fd127f Add version and ciphersuite to connect and debug log 10 years ago
Daniel Roethlisberger fcd008df4b Unify asprintf error handling 10 years ago
Daniel Roethlisberger b1ec5d0e09 Improve log_content_open() error handling 10 years ago
Daniel Roethlisberger 328e3320f9 Fix build for !HAVE_LOCAL_PROCINFO 10 years ago
Daniel Roethlisberger e022b2af26 Add local process information to connect log 10 years ago
Daniel Roethlisberger 08ca5b2891 Also print pid if lookup (partially or fully) fails 10 years ago
Daniel Roethlisberger 150650c7e9 Make local procinfo run-time optional (-i) and use src host:port 10 years ago
Daniel Roethlisberger 42497693d1 Rename define for consistency 10 years ago
Daniel Roethlisberger 0237fe34dc Only build local process info code where supported 10 years ago
Daniel Roethlisberger 966fe80c0c Move process information code from sys to proc 10 years ago
Daniel Roethlisberger c3922d9852 Refactor process lookup out of NAT engine code 
Local process lookup is independent of the NAT engine used, it depends
only on the operating system's process enumeration API.  Moving the code
out of NAT lookup also makes it work for static and SNI proxyspecs.
 10 years ago
Daniel Roethlisberger dc7a3ee9e3 Break line to 80 cols 10 years ago
Landon Fuller a4c518c8a0
Merge remote-tracking branch 'origin/fix-macosx' into logspec_path_support 10 years ago
Landon Fuller efca8d73c9
Remove debugging statement. 10 years ago
Landon Fuller 81bf954c17
Merge commit '5ed49c498596995c79a5b7fda3d1ee1eb09ce8ec' into sys_proc_info 10 years ago
Landon Fuller fe5eb66b53
Merge commit '9204418c806fc85ba04c3650dc4002bd440083ca' into nat_local_pid 10 years ago
Daniel Roethlisberger 375bf2a13c Clarify comment about logging 10 years ago
Daniel Roethlisberger 6b0e47dc89 Allow more control over used SSL/TLS versions 
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
 10 years ago
Daniel Roethlisberger 5219d494f3 Protect session cache calls from sess == NULL 10 years ago
Daniel Roethlisberger fcb64e85e7 Make SSLv2 support opt-in instead of opt-out 
Migrate knobs from DISABLE_SSLV2_CLIENT and DISABLE_SSLV2_SERVER to
WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER and remove the
DISABLE_SSLV2_SESSION_CACHE knob entirely, automatically including the
respective code if SSLv2 support is compiled into SSLsplit.
 10 years ago
Daniel Roethlisberger 769fbd042d Filter HSTS response headers to allow cert override 
Also remove HTTP Strict Transport Security (HSTS, RFC 6797) headers from
HTTP responses.  With HSTS active, the user is not allowed to accept
untrusted certificates.
 10 years ago
Daniel Roethlisberger b1a7b11aea Don't depend on the space when parsing HTTP headers 10 years ago
Daniel Roethlisberger d85e5ddbe2 Disable SSLv2 support by default 10 years ago
Landon Fuller 8350b1deb0 Plumb user/group/path information through the logging API. 10 years ago
Landon Fuller 5ed49c4985 Implement user and group name lookup. 10 years ago
Landon Fuller 52d979e29d Add a standard API for fetching process name, uid, and gid. 10 years ago
Landon Fuller 9204418c80 Thread pid lookup support through the NAT API. 
This exposes the pid lookup code as a standard attribute
of NAT lookup -- if a matching process cannot be found,
or if pid lookup isn't supported by the NAT backend,
a pid of -1 is returned.

This also adds the local_pid to the pxyconn context; this
will be used to populate log strings.
 10 years ago
Daniel Roethlisberger ac98c2d9cc Fix segmentation fault when using -t without a CA 
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
 11 years ago
Daniel Roethlisberger e1d8a2a965 Lint fix: define some variables in smaller scope 11 years ago
Daniel Roethlisberger 716139b169 Suppress SPDY/QUIC by removing Alternate-Protocol headers 11 years ago
Daniel Roethlisberger 2235e1aad9 Fix memory leak in fake cert generation code 
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally.  Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
 11 years ago
Daniel Roethlisberger 05410fe9b3 Enable SSL_MODE_RELEASE_BUFFERS by default 11 years ago
Daniel Roethlisberger 56842b2f63 Fix file descriptor leak in passthrough mode (-P) 
When using passthrough mode, if a connection to a server fails with an
SSL error, sslsplit falls back to plain TCP passthrough.  When
reconnecting with plain TCP, the SSL context was freed, but the file
descriptor was never closed.  The fix remedies that by calling the
proper cleanup function for the dst bev before reconnecting.

Reported by:	Peter Haag
 11 years ago
Daniel Roethlisberger e129041c1c Add some OpenSSL refcounting comments 11 years ago
Daniel Roethlisberger e7ba15f184 Remove unused variable 11 years ago
Daniel Roethlisberger 4849a9738b Set ssl fields to NULL after freeing 11 years ago
Daniel Roethlisberger 7b09128ead Fix double free of SSL_CTX 
Remove a superfluous call to SSL_CTX_free() which caused SSL_CTX
structures to be free'd twice under some circumstances.

Issue:		#16
Reported by:	Amit Chowdhary
 11 years ago
Daniel Roethlisberger b82ca9b414 Print status of free'd SSL structs in debug mode 11 years ago
Daniel Roethlisberger de27f40b04 Fix two typos in comments 11 years ago
Daniel Roethlisberger bccbdbf1cc Free SSL_CTX directly after calling SSL_new() 
Since SSL_new() increments the refcount of the passed SSL_CTX, free it
directly after handing it to SSL_new() instead of later after SSL_free().
 11 years ago
Daniel Roethlisberger cfa5b15223 Fix dst bufferevent BEV_EVENT_CONNECTED handler 
This removes the spurious "Unknown bufferevent 0x80" debug message but
does not have any change in functionality, since return would have been
called anyway after falling down the debug message.

While here, remove the useless "ignoring event" debug message unless
DEBUG_PROXY is defined, and also print the timeout flag in debug mode.
 11 years ago
Daniel Roethlisberger 06a02f946a Always explicitly name the non-null arguments 
Always explicitly name which arguments are non-null, even if all
arguments are non-null.  This is to avoid bugs where newly added
arguments are automatically non-null by accident, possibly leading to
optimisation errors.

This also fixes a few potential errors related to non-null arguments;
specifically it prevents the compiler optimising away a test for sni
being NULL in cachedsess_mkkey().

Issue:		#14
Reported by:	kythyria
 11 years ago
Daniel Roethlisberger ca923ee7f1 Update copyright notices to 2014 11 years ago
Daniel Roethlisberger a94dbc8c3a Refactor event handler for clarity 11 years ago