Commit Graph

682 Commits

Author SHA1 Message Date
Daniel Roethlisberger
da47cd3fe1 Improve documentation of build process 2015-03-15 22:38:29 +01:00
Daniel Roethlisberger
e384d89b35 Replace percent in IPv6 addrs in filenames
Percent is used to specify the interface for link-local addresses.
Even though this is not strictly necessary for NTFS, it makes sense to
replace percent with underscore as well to have cleaner filenames.

Also add some unit tests for sys_ip46str_sanitize() that actually test
the intended behaviour.
2015-03-15 20:08:11 +01:00
Daniel Roethlisberger
0a67f845e6 Merge branch 'issue/74' into develop
Issue:		#74
Submitted by:	Adam Jacob Muller
2015-03-15 18:43:13 +01:00
Daniel Roethlisberger
568b5a681c Update documentation for new -F formats 2015-03-15 18:41:49 +01:00
Daniel Roethlisberger
ce002378b8 Use more intuitive letters for new format specs
%D for Destination host, %p for the (more interesting) destination port,
%S for Source host, %q for the (less interesting) source port.
2015-03-15 18:39:36 +01:00
Daniel Roethlisberger
e17108f9b7 Merge branch 'master' of https://github.com/AdamJacobMuller/sslsplit into issue/74 2015-03-15 18:28:10 +01:00
Daniel Roethlisberger
01d10b192a IPv6 addrs in filenames use underscore not colon
Use underscore instead of colon for all IPv6 addresses in generated
filenames in order to generate NTFS clean filenames.

Issue:		#69
2015-03-15 17:52:04 +01:00
Daniel Roethlisberger
914360eb5e Separate host and port into separate strings
Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner.  This includes the following user-visible changes:

-   Generated filenames that contain host and port, such as by -S and
    -F %d and %s, now use a host,port format instead of [host]:port.

-   Connect log now uses separate fields for host and port.

Issue:		#69 #74
Reported by:	Adam Jacob Muller
2015-03-15 17:23:46 +01:00
Daniel Roethlisberger
a027fb68cd Fix loading of certificate chains with OpenSSL 1.0.2
SSLsplit was directly accessing `extra_certs` within `SSL_CTX` to get to
the extra certificates chain.  When building on OpenSSL 1.0.2 or newer,
use the new API instead of directly accessing `extra_certs`.

Issue:		#79
2015-03-15 00:09:36 +01:00
Daniel Roethlisberger
3231c9c031 Record the actual XNU version detected 2015-03-02 23:13:48 +01:00
Daniel Roethlisberger
22abde706b Initialize af and addr even though not strictly necessary
The state machine makes sure that both af and addr are written to before
they are being read.  However, to silence compiler warnings, it does not
hurt to explicitly initialize af and addr anyway.  This gets rid of the
following spurious compiler warnings:

    opts.c: In function 'proxyspec_parse':
    opts.c:380:8: warning: 'af' may be used uninitialized in this function [-Wmaybe-uninitialized]
         af = sys_sockaddr_parse(&spec->connect_addr,
            ^
    opts.c:316:8: warning: 'addr' may be used uninitialized in this function [-Wmaybe-uninitialized]
         af = sys_sockaddr_parse(&spec->listen_addr,
            ^

Reported by:	Thomas Klausner
Issue:		#78
2015-03-02 10:23:48 +01:00
Daniel Roethlisberger
0ebfcc9491 Merge branch 'issue/76' into develop 2015-02-24 20:57:14 +01:00
Daniel Roethlisberger
62cd0b8af6 Update list of contributors 2015-02-24 20:56:27 +01:00
Daniel Roethlisberger
6a78aeed2d Minor rewording 2015-02-24 20:52:12 +01:00
Daniel Roethlisberger
692dccfeae Merge branch 'clarify-linux-REDIRECT' of https://github.com/fd0/sslsplit into issue/76 2015-02-24 20:43:02 +01:00
Daniel Roethlisberger
20ea783cf7 Add XNU header selection fallback
If the proper headers matching either the reported XNU version or OS X
version exactly cannot be found, use the latest headers that SSLsplit
knows about.  This fixes build on new releases of OS X that have no
source code published by Apple yet.
2015-02-24 19:24:12 +01:00
Daniel Roethlisberger
91da4674e5 Update copyright, license and tagline
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
2015-02-24 19:19:20 +01:00
Alexander Neumann
925209ef4f Add hints for using Linux iptables REDIRECT target 2015-02-22 17:47:41 +01:00
Adam Jacob Muller
9267cf9bb4 add support for:
%f - dest address
%h - dest port
%t - source address
%v - source port

format specifiers to pathspec
2015-02-08 20:20:02 -05:00
Daniel Roethlisberger
bb071336e0 Escape # in shell invocation
This fixes the following make error on Mac OS X versions that we don't
explicitly support yet due to missing sources:

    GNUmakefile:55: *** unterminated call to function `shell': missing `)'.
    Stop.

Reported by:	Justin Garrick
2015-01-17 18:24:58 +01:00
Daniel Roethlisberger
c9aa840214 Quote dollar signs in shell invocation
Reported by:	Justin Garrick
2015-01-14 22:45:59 +01:00
Daniel Roethlisberger
b8d8af7b29 Document the limitations of passthrough mode (-P) 2015-01-04 14:21:49 +01:00
Daniel Roethlisberger
4f0a019d5a Mention TravisCI and be explicit about branching 2014-12-14 15:16:53 +01:00
Daniel Roethlisberger
f16783cee2 Move cert writer to logger thread using privsep
Make -w and -W work in conjunction with dropping privileges and
chrooting by moving the cert writer code to a separate logger thread and
using the privsep framework to open the files if they do not exist
already.

Issue:		#70
2014-12-13 23:52:17 +01:00
Daniel Roethlisberger
3662eeae50 Update documentation 2014-12-13 03:23:32 +01:00
Daniel Roethlisberger
27cf6c90e7 Merge branch 'feature/genstore' into develop 2014-12-13 03:20:38 +01:00
Daniel Roethlisberger
3da7407f14 Use same hash algo in RSA sigs as orig cert uses 2014-12-13 03:18:13 +01:00
Daniel Roethlisberger
6ec6c56ded Refactored -w/-W and improved docs 2014-12-13 02:36:45 +01:00
Daniel Roethlisberger
11f6742bff Add convenience functions for printing SHA1 values 2014-12-12 23:50:55 +01:00
Daniel Roethlisberger
7f378251e8 Update documentation 2014-12-12 23:22:11 +01:00
Daniel Roethlisberger
160fd991e0 Merge branch 'genstore' of https://github.com/psychomario/sslsplit into feature/genstore 2014-12-12 23:17:29 +01:00
PsychoMario
3aff928daf moved key output to main.c, caught some bugs 2014-12-12 17:28:06 +00:00
Daniel Roethlisberger
8422c6b478 Minor code cleanup of ssl_key_identifier_sha1() 2014-12-12 18:07:46 +01:00
PsychoMario
b34336ab4b moved to develop branch 2014-12-12 17:03:06 +00:00
Daniel Roethlisberger
8b0b1d0226 Add ssl_key_identifier_sha1() utility function
Issue:		#67
2014-12-12 17:38:34 +01:00
PsychoMario
a83cd68605 stored fpr as char* in ctx 2014-12-11 13:57:50 +00:00
PsychoMario
1736564b32 error handling 2014-12-09 23:26:00 +00:00
PsychoMario
5d7c52cde1 fix manpage 2014-12-09 21:43:49 +00:00
PsychoMario
4f310a877a implemented -W to write original certs 2014-12-09 21:43:05 +00:00
PsychoMario
a7e2d99b39 added logging of fingerprints, uppercased names 2014-12-09 21:13:04 +00:00
PsychoMario
13dce0aa35 moved write to pxy_srccert_create, -X to -w, opts_free use 2014-12-09 20:02:25 +00:00
PsychoMario
73042d4daa fix mutual exclusivity, sprintf->asprintf 2014-12-09 19:47:10 +00:00
PsychoMario
61d5186864 added exclusivity with -K, man page and -h 2014-12-09 19:40:07 +00:00
PsychoMario
cbb2a179f9 naive implementation with -X, no help, validation, logging 2014-12-09 19:08:11 +00:00
Daniel Roethlisberger
d6b11f61b7 Clarify needed permission to open /dev/pf et al for reading
Issue:		#66
Reported by:	Nikolay Khodov
2014-12-08 19:40:01 +01:00
Daniel Roethlisberger
39e9c898e5 Move default cipher suite spec to defaults.h 2014-11-30 22:29:40 +01:00
Daniel Roethlisberger
0a6ca2ac98 Update licensing information 2014-11-30 01:39:57 +01:00
Daniel Roethlisberger
521adb7275 Format file refs with backticks 2014-11-28 12:18:40 +01:00
Daniel Roethlisberger
e6dc9db6a4 Fix markdown links 2014-11-28 12:15:45 +01:00
Daniel Roethlisberger
f2ff2ec9f5 Link to Github author pages 2014-11-28 12:12:48 +01:00