Daniel Roethlisberger
16a1beb655
Fix version output on local procinfo availability
2014-11-25 23:38:37 +01:00
Daniel Roethlisberger
5fd1d7de9c
Rename flags for clarity
2014-11-21 12:03:08 +01:00
Daniel Roethlisberger
fcd008df4b
Unify asprintf error handling
2014-11-17 19:11:27 +01:00
Daniel Roethlisberger
544b93a9ab
Add procinfo status to -V
2014-11-14 16:30:07 +01:00
Daniel Roethlisberger
150650c7e9
Make local procinfo run-time optional (-i) and use src host:port
2014-11-14 16:20:07 +01:00
Daniel Roethlisberger
0d07aeff7e
Don't automatically drop to nobody if logspec is used
2014-11-13 23:38:59 +01:00
Daniel Roethlisberger
38314ea16d
Formatting changes
2014-11-13 23:38:46 +01:00
Landon Fuller
7ce301a60f
Fix incorrect format specifiers used in the -F usage example.
2014-11-07 16:49:00 -07:00
Landon Fuller
02c6e6e605
Adopt the new oom_die() usage.
2014-11-07 16:44:47 -07:00
Landon Fuller
a4c518c8a0
Merge remote-tracking branch 'origin/fix-macosx' into logspec_path_support
2014-11-07 16:43:09 -07:00
Daniel Roethlisberger
206c688219
Refactor SSL/TLS debug code
2014-11-05 21:18:53 +01:00
Daniel Roethlisberger
601cdf5b52
Add SSL/TLS protocol selection debug code
2014-11-05 20:41:41 +01:00
Daniel Roethlisberger
6b0e47dc89
Allow more control over used SSL/TLS versions
...
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.
Issue: #30
Reported by: @Apollo2342
2014-11-05 20:06:11 +01:00
Daniel Roethlisberger
cc6cb59485
Rewrite Mac OS X support to use proper XNU headers
...
Move from one set of headers per major OS X release to one set of
headers per XNU release. Fetch the header files from Apple's official
Open Source site instead of GitHub in the fetchdeps developer target.
As a side effect, 10.6.x is now supported as well (untested), and proper
headers are used for 10.10.
Issue: #39
2014-10-30 22:01:55 +00:00
Daniel Roethlisberger
42efb4a980
Slightly improve user experience for new option -m
2014-10-23 13:23:57 +02:00
Daniel Roethlisberger
ee9d434cac
Further improving OOM handling in early stages of main()
2014-10-23 13:14:06 +02:00
Daniel Roethlisberger
b1b8fe09b9
Merge pull request #35 from fix-macosx/specify-custom-gid
...
Add support for specifying an explicit group when dropping privileges.
2014-10-23 13:00:42 +02:00
Daniel Roethlisberger
bea022540f
Handle strdup() failure in early stages of main()
...
Issue: #38
Reported by: Markus Elfring
2014-10-23 12:49:12 +02:00
Landon Fuller
e6aa76b844
Implement automatic creation of parent directories.
2014-10-18 17:02:53 -06:00
Landon Fuller
06c61c16ed
Add support for specifying log paths as a specialized format string.
...
Format string handling is fully implemented, with the exception of
support for automatically creating missing directories.
2014-10-18 16:40:22 -06:00
Landon Fuller
9d54677009
Add support for specifying an explicit group when dropping privileges.
...
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
2014-10-18 00:34:51 -06:00
Landon Fuller
ecbc84438a
Fix crash in strdup() when no default NAT engine is available.
2014-10-17 19:35:44 -06:00
Daniel Roethlisberger
3226d9bfcf
No longer chroot() by default when run as root
...
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.
Issue: #21
2014-01-30 23:34:37 +01:00
Daniel Roethlisberger
db0fa32b07
Load -t certificates before dropping privileges
...
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges. This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys. This bug was
introduced in 0675219
as a spurious part of fixing #5 .
Issue: #20 , #19
Reported by: Miroslav Stampar
2014-01-30 22:39:39 +01:00
Daniel Roethlisberger
13ed7f8425
Slightly improve error logging on log init failure
...
Issue: #13
Reported by: vinies
2014-01-06 19:03:29 +01:00
Daniel Roethlisberger
ca923ee7f1
Update copyright notices to 2014
2014-01-06 14:09:18 +01:00
Daniel Roethlisberger
ac9a2613e0
Only generate RSA leaf key if CA key present
...
Issue: #9
Reported by: ceear
2013-05-27 00:17:36 +02:00
Daniel Roethlisberger
c972501063
Update copyright notices
2013-04-24 20:36:38 +02:00
Daniel Roethlisberger
711448759c
Bind to ports before dropping privileges
...
This fixes a regression which caused bind() to ports < 1024 to fail with
the default settings of dropping privileges to nobody.
Issue: #8
Reported by: Ian Grispan
2013-04-24 17:17:23 +02:00
Daniel Roethlisberger
005ebd1b95
Fix syslog for more error cases
...
Also fix issue #6 for target certificate loading error cases.
2012-10-23 23:04:22 +02:00
Daniel Roethlisberger
bb15224d11
Flush error queue prior to exiting
...
Reorganize the cleanup code after detaching from the TTY in order to be
able to flush the error queue before calling exit(). Addresses issue #6
2012-10-23 21:30:11 +02:00
Daniel Roethlisberger
7713f82b62
Move more log writes after log initialization
2012-10-17 00:24:26 +02:00
Daniel Roethlisberger
1995dc4b89
Reinitialize SSL mutexes after fork
...
See issue #5 .
2012-10-17 00:11:53 +02:00
Daniel Roethlisberger
067521924a
Cleanup tgcrt loading to protect mutexes from fork
...
See issue #5 .
2012-10-17 00:10:47 +02:00
Daniel Roethlisberger
3d15f14239
Fix lost error message
2012-10-16 23:37:46 +02:00
Daniel Roethlisberger
bb9c353ecb
Initialize proxy after detaching from TTY
...
Fixes issue #5 .
2012-10-16 23:20:55 +02:00
Daniel Roethlisberger
0073cbdc47
Make cache initialization fork()-safe
...
POSIX threads require mutexes to be reinitialized after fork(). Not
doing so will break daemon mode, depending on pthread implementation.
See issue #5 .
2012-10-16 23:05:37 +02:00
Daniel Roethlisberger
b27175f910
Reorder initialization in main()
2012-10-16 22:52:54 +02:00
Daniel Roethlisberger
8eb5165760
Optimize debug branching using __builtin_expect()
2012-05-13 15:24:50 +02:00
Daniel Roethlisberger
38d22415af
Generic EC loading, new default curve 'secp160r2'
2012-05-11 17:39:12 +02:00
Daniel Roethlisberger
2d1ad219b9
Change default cipher suite to "ALL:-aNULL"
2012-05-02 14:59:47 +02:00
Daniel Roethlisberger
439e8a8267
Use WUNRES and MALLOC attribs and fix sloppy code
2012-04-23 00:35:17 +02:00
Daniel Roethlisberger
7aca81a7b7
Improve CA cert/key config code and docs
...
Make -c and -k functional twins by also loading DH params in -c and by
fixing certificate loading in -k. Improve the documentation for both
switches and simplify the SYNOPSIS in sslsplit(1).
2012-04-22 22:59:00 +02:00
Daniel Roethlisberger
ee98c04b29
Add generic OCSP denial
2012-04-22 19:12:38 +02:00
Daniel Roethlisberger
423c1b0a32
Move volatile build-time information into separate compilation unit
2012-04-13 22:40:36 +02:00
Daniel Roethlisberger
4cfdef405a
Initial import of sslsplit-0.4.2
2012-04-13 14:47:30 +02:00