Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
362 Commits
2 Branches
26 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c9aa840214'
${ noResults }
Commit Graph

362 Commits (c9aa8402140b51aca717833cdbef30372d8783b7)
 

Author SHA1 Message Date
Daniel Roethlisberger 33692df51a SSLsplit 0.4.7 release 11 years ago
Daniel Roethlisberger a0fd9c1050 Start thrmgr threads after forking 11 years ago
Daniel Roethlisberger c73ce64c16 Update README and manual page for HPKP prevention 11 years ago
Daniel Roethlisberger 1e67db0b66 Update NEWS after merge of feature/resphdrfilter 11 years ago
Daniel Roethlisberger 38280818f8 Add HTTP content-length to connect log 11 years ago
Daniel Roethlisberger b746a6f6bb Add HTTP response header filtering 
Filter response headers in order to remove HPKP headers.  As an added
benefit, parse the HTTP status code and add it to the connection log.
 11 years ago
Daniel Roethlisberger 82bbae7fde `make test` requires Internet connectivity 11 years ago
Daniel Roethlisberger b662906f9b SSLsplit 0.4.6 release 11 years ago
Daniel Roethlisberger 8fceac4201 Update NEWS for issue #9 11 years ago
Daniel Roethlisberger 2a4a9c8b23 Fix fallback to passthrough when no cert present 
Properly reset connection state when reconnecting the dst part of the
connection.  This fixes the fallback to passthrough when no certficates
are present which can be used to split the SSL.

Issue:          #9
Reported by:    ceear
 11 years ago
Daniel Roethlisberger ac9a2613e0 Only generate RSA leaf key if CA key present 
Issue:          #9
Reported by:    ceear
 11 years ago
Daniel Roethlisberger 9f23fb31aa Log new bev connections to debug log 11 years ago
Daniel Roethlisberger b06a2474f5 Shortcut errlog thrqueue in debug mode 11 years ago
Daniel Roethlisberger c972501063 Update copyright notices 11 years ago
Daniel Roethlisberger 711448759c Bind to ports before dropping privileges 
This fixes a regression which caused bind() to ports < 1024 to fail with
the default settings of dropping privileges to nobody.

Issue:          #8
Reported by:    Ian Grispan
 11 years ago
Daniel Roethlisberger f99e5e34a7 Improve workaround for OpenSSL 1.0.0k/1.0.1e 
Extend and improve the workaround introduced in commit 20b3f66120.
Automatically replace SSL_get_certificate() with a drop-in replacement
if a version of OpenSSL known to be broken is used.  This now covers the
use of SSL_get_certificate() within the connection manager as well and
resolves one more case where OpenSSL could crash.
 11 years ago
Daniel Roethlisberger 20b3f66120 Work around segfault with OpenSSL 1.0.0k/1.0.1e 
A bug in OpenSSL 1.0.0k and 1.0.1e caused sslsplit to crash when loading
certificates using SSL_get_certificate().  Work around the bug by
directly accessing the respective members of SSL* when using any of the
broken versions of OpenSSL.
 11 years ago
Daniel Roethlisberger f27dc964a5 Add warning for OpenSSL 1.0.1e bug causing crash 11 years ago
Daniel Roethlisberger 146188b750 Improve SNI peek debugging 11 years ago
Daniel Roethlisberger 469a6e470d Update TODO 11 years ago
Daniel Roethlisberger bd639bf847 Fix typo in comment 11 years ago
Daniel Roethlisberger d3a84b38f6 Add TODO item 12 years ago
Daniel Roethlisberger 92db084d25 Fix documentation of sys_sockaddr_parse() 12 years ago
Daniel Roethlisberger 37758dda59 SSLsplit 0.4.5 release 12 years ago
Daniel Roethlisberger 005ebd1b95 Fix syslog for more error cases 
Also fix issue #6 for target certificate loading error cases.
 12 years ago
Daniel Roethlisberger 6e6868c051 Update NEWS 12 years ago
Daniel Roethlisberger d3abdfd5dc Fix race condition on proxy startup failure 
Yield the CPU in the main thread until the proxy thread manager is fully
started.  Otherwise, the main thread could free the proxy thread manager
while the threads are still starting up, leading to a deadlock.
 12 years ago
Daniel Roethlisberger bb15224d11 Flush error queue prior to exiting 
Reorganize the cleanup code after detaching from the TTY in order to be
able to flush the error queue before calling exit().  Addresses issue #6
 12 years ago
Daniel Roethlisberger 7713f82b62 Move more log writes after log initialization 12 years ago
Daniel Roethlisberger 71f06e501c Update NEWS 12 years ago
Daniel Roethlisberger 1995dc4b89 Reinitialize SSL mutexes after fork 
See issue #5.
 12 years ago
Daniel Roethlisberger 067521924a Cleanup tgcrt loading to protect mutexes from fork 
See issue #5.
 12 years ago
Daniel Roethlisberger 173b2435d2 Allocate thread queue in start() not new() 12 years ago
Daniel Roethlisberger 3d15f14239 Fix lost error message 12 years ago
Daniel Roethlisberger bb9c353ecb Initialize proxy after detaching from TTY 
Fixes issue #5.
 12 years ago
Daniel Roethlisberger 0073cbdc47 Make cache initialization fork()-safe 
POSIX threads require mutexes to be reinitialized after fork().  Not
doing so will break daemon mode, depending on pthread implementation.
See issue #5.
 12 years ago
Daniel Roethlisberger b27175f910 Reorder initialization in main() 12 years ago
Daniel Roethlisberger eb6162389f Remove commit ids from NEWS file 12 years ago
Daniel Roethlisberger 807b7c1d3b Fix typo in manpage 12 years ago
Daniel Roethlisberger 6b2bef3920 Add separate LICENSE file 12 years ago
Daniel Roethlisberger cdfaeedb80 Ignore all DH param files under extra/pki 12 years ago
Daniel Roethlisberger ff6fbef91f Add 4096-bit Diffie-Hellman to dh target 12 years ago
Daniel Roethlisberger 35c3967eef Remove obsolete dhall target from .PHONY 12 years ago
Daniel Roethlisberger bd77e6a228 Improve ssl_tmp_dh_callback() error messages 12 years ago
Daniel Roethlisberger 79c2c6e520 Add support for 2048 and 4096 bit Diffie-Hellman 
Add group parameters for 2048 and 4096 bit Diffie-Hellman in addition to
the previous 512 and 1024 bit parameters.  Also add a meaningful error
message when a group size is requested which is not provided.
 12 years ago
Daniel Roethlisberger e19a97b21f Update NEWS and TODO 12 years ago
Daniel Roethlisberger 6b4b121da2 Fix address family check in netfilter NAT lookup 
Use src_addr instead of the (yet to be set) dst_addr for determining the
address family.  Fixes issue #4.
 12 years ago
Daniel Roethlisberger 6106940e0c Omit nat_getsockname_lookup_cb() unless it is used 12 years ago
Daniel Roethlisberger 1b20544333 Add temporary RSA keys to TODO 12 years ago
Daniel Roethlisberger fda4f57aa7 Remove unused IPv6 code for netfilter NAT engine 12 years ago