SSLproxy

Commit Graph

Author	SHA1	Message	Date
Daniel Roethlisberger	c9aa840214	Quote dollar signs in shell invocation Reported by: Justin Garrick	10 years ago
Daniel Roethlisberger	b8d8af7b29	Document the limitations of passthrough mode (-P)	10 years ago
Daniel Roethlisberger	4f0a019d5a	Mention TravisCI and be explicit about branching	10 years ago
Daniel Roethlisberger	f16783cee2	Move cert writer to logger thread using privsep Make -w and -W work in conjunction with dropping privileges and chrooting by moving the cert writer code to a separate logger thread and using the privsep framework to open the files if they do not exist already. Issue: #70	10 years ago
Daniel Roethlisberger	3662eeae50	Update documentation	10 years ago
Daniel Roethlisberger	27cf6c90e7	Merge branch 'feature/genstore' into develop	10 years ago
Daniel Roethlisberger	3da7407f14	Use same hash algo in RSA sigs as orig cert uses	10 years ago
Daniel Roethlisberger	6ec6c56ded	Refactored -w/-W and improved docs	10 years ago
Daniel Roethlisberger	11f6742bff	Add convenience functions for printing SHA1 values	10 years ago
Daniel Roethlisberger	7f378251e8	Update documentation	10 years ago
Daniel Roethlisberger	160fd991e0	Merge branch 'genstore' of https://github.com/psychomario/sslsplit into feature/genstore	10 years ago
PsychoMario	3aff928daf	moved key output to main.c, caught some bugs	10 years ago
Daniel Roethlisberger	8422c6b478	Minor code cleanup of ssl_key_identifier_sha1()	10 years ago
PsychoMario	b34336ab4b	moved to develop branch	10 years ago
Daniel Roethlisberger	8b0b1d0226	Add ssl_key_identifier_sha1() utility function Issue: #67	10 years ago
PsychoMario	a83cd68605	stored fpr as char* in ctx	10 years ago
PsychoMario	1736564b32	error handling	10 years ago
PsychoMario	5d7c52cde1	fix manpage	10 years ago
PsychoMario	4f310a877a	implemented -W to write original certs	10 years ago
PsychoMario	a7e2d99b39	added logging of fingerprints, uppercased names	10 years ago
PsychoMario	13dce0aa35	moved write to pxy_srccert_create, -X to -w, opts_free use	10 years ago
PsychoMario	73042d4daa	fix mutual exclusivity, sprintf->asprintf	10 years ago
PsychoMario	61d5186864	added exclusivity with -K, man page and -h	10 years ago
PsychoMario	cbb2a179f9	naive implementation with -X, no help, validation, logging	10 years ago
Daniel Roethlisberger	d6b11f61b7	Clarify needed permission to open /dev/pf et al for reading Issue: #66 Reported by: Nikolay Khodov	10 years ago
Daniel Roethlisberger	39e9c898e5	Move default cipher suite spec to defaults.h	10 years ago
Daniel Roethlisberger	0a6ca2ac98	Update licensing information	10 years ago
Daniel Roethlisberger	521adb7275	Format file refs with backticks	10 years ago
Daniel Roethlisberger	e6dc9db6a4	Fix markdown links	10 years ago
Daniel Roethlisberger	f2ff2ec9f5	Link to Github author pages	10 years ago
Daniel Roethlisberger	b8ecbcd773	Split out AUTHORS.md and HACKING.md from README.md	10 years ago
Daniel Roethlisberger	b8213e756d	Merge branch 'feature/privsep' into develop Conflicts: NEWS.md main.c sslsplit.1	10 years ago
Daniel Roethlisberger	61cd0fb541	SSLsplit 0.4.10 release	10 years ago
Daniel Roethlisberger	5ac565f5df	Note that -j impacts -S and -F	10 years ago
Daniel Roethlisberger	008821cfca	Update NEWS.md	10 years ago
Daniel Roethlisberger	ab466aafb7	Allow -u root with pf proxyspecs on OS X	10 years ago
Daniel Roethlisberger	f076336e0b	Don't allow -u on Mac OS X with pf proxyspecs Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only check permissions on open(/dev/pf). This means that on OS X, it is not possible to open /dev/pf, drop privileges, and send an ioctl to the file descriptor opened earlier with EUID==0. It also means Apple broke the Unix way of dealing with device nodes - why are there file permissions on /dev/pf when they later enforce EUID==0 on use, thereby breaking basic Unix mechanisms? Work around this by disallowing -u with pf proxyspecs and by not automatically dropping to nobody on Mac OS X. Issue: #65 Reported by: Vladimir Marteev	10 years ago
Daniel Roethlisberger	c4b22efa5a	Fix segmentation fault for aborted connections	10 years ago
Daniel Roethlisberger	9341f25e6d	Explicitly support Yosemite 10.10.1 with XNU 2782.1.97	10 years ago
Daniel Roethlisberger	47abb0030d	Update clean target for newer clang build artefacts	10 years ago
Daniel Roethlisberger	43c0f57eec	Update NEWS.md for feature/privsep	10 years ago
Daniel Roethlisberger	e69b13f2eb	SIGUSR1 re-opens -l/-L log files; add defaults.h Issue: #52	10 years ago
Daniel Roethlisberger	16a1beb655	Fix version output on local procinfo availability	10 years ago
Daniel Roethlisberger	a9bd438756	Minor updates to manual page	10 years ago
Daniel Roethlisberger	12ff6e6ddf	Merge https://github.com/fix-macosx/sslsplit Conflicts: GNUmakefile main.c	10 years ago
Daniel Roethlisberger	25e3145d1f	Add missing headers to fix build on FreeBSD 8.4	10 years ago
Daniel Roethlisberger	476967ccdc	Add SIGUSR1 to the signals forwarded by the parent	10 years ago
Daniel Roethlisberger	0e0a465f5d	Fix build on OpenBSD by adding missing includes	10 years ago
Daniel Roethlisberger	c01ace1261	Introduce privilege separation architecture Fork into a monitor parent process and an actual proxy child process, communicating over AF_UNIX sockets. Certain privileged operations are performed through the privileged parent process, like opening log files or listener sockets, while all other operations happen in the child process, which can now drop its privileges without side-effects for log file opening and other privileged operations. This is also a preparation for -l/-L logfile reopening through SIGUSR1. This means that -S and -F are no longer relative to chroot() if used with -j. This is a deliberate POLA violation.	10 years ago
Daniel Roethlisberger	b3f4d25619	Make log_fini() more robust	10 years ago

1 2 3 4 5 ...

362 Commits (c9aa8402140b51aca717833cdbef30372d8783b7) All Branches Search

362 Commits (c9aa8402140b51aca717833cdbef30372d8783b7)

All Branches