Percent is used to specify the interface for link-local addresses.
Even though this is not strictly necessary for NTFS, it makes sense to
replace percent with underscore as well to have cleaner filenames.
Also add some unit tests for sys_ip46str_sanitize() that actually test
the intended behaviour.
Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner. This includes the following user-visible changes:
- Generated filenames that contain host and port, such as by -S and
-F %d and %s, now use a host,port format instead of [host]:port.
- Connect log now uses separate fields for host and port.
Issue: #69#74
Reported by: Adam Jacob Muller
SSLsplit was directly accessing `extra_certs` within `SSL_CTX` to get to
the extra certificates chain. When building on OpenSSL 1.0.2 or newer,
use the new API instead of directly accessing `extra_certs`.
Issue: #79
The state machine makes sure that both af and addr are written to before
they are being read. However, to silence compiler warnings, it does not
hurt to explicitly initialize af and addr anyway. This gets rid of the
following spurious compiler warnings:
opts.c: In function 'proxyspec_parse':
opts.c:380:8: warning: 'af' may be used uninitialized in this function [-Wmaybe-uninitialized]
af = sys_sockaddr_parse(&spec->connect_addr,
^
opts.c:316:8: warning: 'addr' may be used uninitialized in this function [-Wmaybe-uninitialized]
af = sys_sockaddr_parse(&spec->listen_addr,
^
Reported by: Thomas Klausner
Issue: #78
If the proper headers matching either the reported XNU version or OS X
version exactly cannot be found, use the latest headers that SSLsplit
knows about. This fixes build on new releases of OS X that have no
source code published by Apple yet.
- Update copyright to 2015
- Remove the non-standard "unmodified" from the 2-clause BSD license
- Remove scalable from the tagline to avoid misinterpretations
This fixes the following make error on Mac OS X versions that we don't
explicitly support yet due to missing sources:
GNUmakefile:55: *** unterminated call to function `shell': missing `)'.
Stop.
Reported by: Justin Garrick
Make -w and -W work in conjunction with dropping privileges and
chrooting by moving the cert writer code to a separate logger thread and
using the privsep framework to open the files if they do not exist
already.
Issue: #70