SSLproxy

Commit Graph

Author	SHA1	Message	Date
Daniel Roethlisberger	c4b22efa5a	Fix segmentation fault for aborted connections	10 years ago
Daniel Roethlisberger	65f56f634d	Improve error handling on logging calls	10 years ago
Daniel Roethlisberger	b5e3856a97	Move open() and mkdir() to logger thread	10 years ago
Daniel Roethlisberger	007823b16e	Fix connect logging for corner cases	10 years ago
Daniel Roethlisberger	c5b8fd127f	Add version and ciphersuite to connect and debug log	10 years ago
Daniel Roethlisberger	fcd008df4b	Unify asprintf error handling	10 years ago
Daniel Roethlisberger	b1ec5d0e09	Improve log_content_open() error handling	10 years ago
Daniel Roethlisberger	328e3320f9	Fix build for !HAVE_LOCAL_PROCINFO	10 years ago
Daniel Roethlisberger	e022b2af26	Add local process information to connect log	10 years ago
Daniel Roethlisberger	08ca5b2891	Also print pid if lookup (partially or fully) fails	10 years ago
Daniel Roethlisberger	150650c7e9	Make local procinfo run-time optional (-i) and use src host:port	10 years ago
Daniel Roethlisberger	42497693d1	Rename define for consistency	10 years ago
Daniel Roethlisberger	0237fe34dc	Only build local process info code where supported	10 years ago
Daniel Roethlisberger	966fe80c0c	Move process information code from sys to proc	10 years ago
Daniel Roethlisberger	c3922d9852	Refactor process lookup out of NAT engine code Local process lookup is independent of the NAT engine used, it depends only on the operating system's process enumeration API. Moving the code out of NAT lookup also makes it work for static and SNI proxyspecs.	10 years ago
Daniel Roethlisberger	dc7a3ee9e3	Break line to 80 cols	10 years ago
Landon Fuller	a4c518c8a0	Merge remote-tracking branch 'origin/fix-macosx' into logspec_path_support	10 years ago
Landon Fuller	efca8d73c9	Remove debugging statement.	10 years ago
Landon Fuller	81bf954c17	Merge commit '5ed49c498596995c79a5b7fda3d1ee1eb09ce8ec' into sys_proc_info	10 years ago
Landon Fuller	fe5eb66b53	Merge commit '9204418c806fc85ba04c3650dc4002bd440083ca' into nat_local_pid	10 years ago
Daniel Roethlisberger	375bf2a13c	Clarify comment about logging	10 years ago
Daniel Roethlisberger	6b0e47dc89	Allow more control over used SSL/TLS versions Add -r to force a specific SSL/TLS protocol version. Add -R to disable one or several SSL/TLS protocol versions. Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2. Issue: #30 Reported by: @Apollo2342	10 years ago
Daniel Roethlisberger	5219d494f3	Protect session cache calls from sess == NULL	10 years ago
Daniel Roethlisberger	fcb64e85e7	Make SSLv2 support opt-in instead of opt-out Migrate knobs from DISABLE_SSLV2_CLIENT and DISABLE_SSLV2_SERVER to WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER and remove the DISABLE_SSLV2_SESSION_CACHE knob entirely, automatically including the respective code if SSLv2 support is compiled into SSLsplit.	10 years ago
Daniel Roethlisberger	769fbd042d	Filter HSTS response headers to allow cert override Also remove HTTP Strict Transport Security (HSTS, RFC 6797) headers from HTTP responses. With HSTS active, the user is not allowed to accept untrusted certificates.	10 years ago
Daniel Roethlisberger	b1a7b11aea	Don't depend on the space when parsing HTTP headers	10 years ago
Daniel Roethlisberger	d85e5ddbe2	Disable SSLv2 support by default	10 years ago
Landon Fuller	8350b1deb0	Plumb user/group/path information through the logging API.	10 years ago
Landon Fuller	5ed49c4985	Implement user and group name lookup.	10 years ago
Landon Fuller	52d979e29d	Add a standard API for fetching process name, uid, and gid.	10 years ago
Landon Fuller	9204418c80	Thread pid lookup support through the NAT API. This exposes the pid lookup code as a standard attribute of NAT lookup -- if a matching process cannot be found, or if pid lookup isn't supported by the NAT backend, a pid of -1 is returned. This also adds the local_pid to the pxyconn context; this will be used to populate log strings.	10 years ago
Daniel Roethlisberger	ac98c2d9cc	Fix segmentation fault when using -t without a CA The key type checks which are used to optimize the loading of DH and ECDH parameters should check the type of the supplied server key, not the global options key.	11 years ago
Daniel Roethlisberger	e1d8a2a965	Lint fix: define some variables in smaller scope	11 years ago
Daniel Roethlisberger	716139b169	Suppress SPDY/QUIC by removing Alternate-Protocol headers	11 years ago
Daniel Roethlisberger	2235e1aad9	Fix memory leak in fake cert generation code The code in pxy_ossl_servername_cb() which generated the forged certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX struct after associating it with the SSL struct, which increments the reference count internally. Also add some comments explaining OpenSSL reference counting behaviour to be more explicit on what happens to the instances that OpenSSL keeps track of.	11 years ago
Daniel Roethlisberger	05410fe9b3	Enable SSL_MODE_RELEASE_BUFFERS by default	11 years ago
Daniel Roethlisberger	56842b2f63	Fix file descriptor leak in passthrough mode (-P) When using passthrough mode, if a connection to a server fails with an SSL error, sslsplit falls back to plain TCP passthrough. When reconnecting with plain TCP, the SSL context was freed, but the file descriptor was never closed. The fix remedies that by calling the proper cleanup function for the dst bev before reconnecting. Reported by: Peter Haag	11 years ago
Daniel Roethlisberger	e129041c1c	Add some OpenSSL refcounting comments	11 years ago
Daniel Roethlisberger	e7ba15f184	Remove unused variable	11 years ago
Daniel Roethlisberger	4849a9738b	Set ssl fields to NULL after freeing	11 years ago
Daniel Roethlisberger	7b09128ead	Fix double free of SSL_CTX Remove a superfluous call to SSL_CTX_free() which caused SSL_CTX structures to be free'd twice under some circumstances. Issue: #16 Reported by: Amit Chowdhary	11 years ago
Daniel Roethlisberger	b82ca9b414	Print status of free'd SSL structs in debug mode	11 years ago
Daniel Roethlisberger	de27f40b04	Fix two typos in comments	11 years ago
Daniel Roethlisberger	bccbdbf1cc	Free SSL_CTX directly after calling SSL_new() Since SSL_new() increments the refcount of the passed SSL_CTX, free it directly after handing it to SSL_new() instead of later after SSL_free().	11 years ago
Daniel Roethlisberger	cfa5b15223	Fix dst bufferevent BEV_EVENT_CONNECTED handler This removes the spurious "Unknown bufferevent 0x80" debug message but does not have any change in functionality, since return would have been called anyway after falling down the debug message. While here, remove the useless "ignoring event" debug message unless DEBUG_PROXY is defined, and also print the timeout flag in debug mode.	11 years ago
Daniel Roethlisberger	06a02f946a	Always explicitly name the non-null arguments Always explicitly name which arguments are non-null, even if all arguments are non-null. This is to avoid bugs where newly added arguments are automatically non-null by accident, possibly leading to optimisation errors. This also fixes a few potential errors related to non-null arguments; specifically it prevents the compiler optimising away a test for sni being NULL in cachedsess_mkkey(). Issue: #14 Reported by: kythyria	11 years ago
Daniel Roethlisberger	ca923ee7f1	Update copyright notices to 2014	11 years ago
Daniel Roethlisberger	a94dbc8c3a	Refactor event handler for clarity	11 years ago
Daniel Roethlisberger	38280818f8	Add HTTP content-length to connect log	11 years ago
Daniel Roethlisberger	b746a6f6bb	Add HTTP response header filtering Filter response headers in order to remove HPKP headers. As an added benefit, parse the HTTP status code and add it to the connection log.	11 years ago

1 2

67 Commits (c4b22efa5a2ffad8eac012aca852a112af40298d)