Commit Graph

190 Commits

Author SHA1 Message Date
Daniel Roethlisberger
cc6cb59485 Rewrite Mac OS X support to use proper XNU headers
Move from one set of headers per major OS X release to one set of
headers per XNU release.  Fetch the header files from Apple's official
Open Source site instead of GitHub in the fetchdeps developer target.
As a side effect, 10.6.x is now supported as well (untested), and proper
headers are used for 10.10.

Issue:		#39
2014-10-30 22:01:55 +00:00
Daniel Roethlisberger
001615c53b Update khash.h to latest klib master 2014-10-28 23:59:17 +01:00
Daniel Roethlisberger
b1a7b11aea Don't depend on the space when parsing HTTP headers 2014-10-28 23:31:07 +01:00
Daniel Roethlisberger
d85e5ddbe2 Disable SSLv2 support by default 2014-10-28 23:24:37 +01:00
Daniel Roethlisberger
d6f2fa067d Update TODO and refer to github issues 2014-10-24 22:07:02 +02:00
Daniel Roethlisberger
0a225ae65c Update documentation after merging pull req #35 2014-10-23 13:28:14 +02:00
Daniel Roethlisberger
42efb4a980 Slightly improve user experience for new option -m 2014-10-23 13:23:57 +02:00
Daniel Roethlisberger
ee9d434cac Further improving OOM handling in early stages of main() 2014-10-23 13:14:06 +02:00
Daniel Roethlisberger
b1b8fe09b9 Merge pull request #35 from fix-macosx/specify-custom-gid
Add support for specifying an explicit group when dropping privileges.
2014-10-23 13:00:42 +02:00
Daniel Roethlisberger
bea022540f Handle strdup() failure in early stages of main()
Issue:		#38
Reported by:	Markus Elfring
2014-10-23 12:49:12 +02:00
Daniel Roethlisberger
b105473629 Check return values of pthread_mutex_init and friends
Issue:		#38
Reported by:	Markus Elfring
2014-10-23 12:27:12 +02:00
Daniel Roethlisberger
f575adadea Update documentation after merge of pull req #32 2014-10-21 15:55:56 +02:00
Daniel Roethlisberger
79c67ebed7 Merge pull request #32 from fix-macosx/macosx-yosemite
Support Mac OS X 10.10 by using 10.9 headers
2014-10-21 15:42:37 +02:00
Daniel Roethlisberger
ed99fc0260 Use NULL instead of '\0' to avoid type conversion 2014-10-21 15:16:09 +02:00
Daniel Roethlisberger
e64bf695dc Update documentation after merge of #34 2014-10-21 14:55:25 +02:00
Daniel Roethlisberger
2e418f1447 Merge pull request #34 from swills/master
add DESTDIR, MANDIR to install target
2014-10-21 14:44:11 +02:00
Steve Wills
b8c8cb73ed add DESTDIR, MANDIR to install target
DESTDIR to allow installing in chroot
MANDIR to allow specifying different dir for man pages
2014-10-18 17:32:22 +00:00
Landon Fuller
9d54677009 Add support for specifying an explicit group when dropping privileges.
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
2014-10-18 00:34:51 -06:00
Landon Fuller
8ef5011fcb Enable Mac OS X 10.10 feature detection
This is pointed at the 10.9 pf headers for testing, as
the 10.10 kernel sources are unavailable.
2014-10-17 19:45:28 -06:00
Landon Fuller
ecbc84438a Fix crash in strdup() when no default NAT engine is available. 2014-10-17 19:35:44 -06:00
Daniel Roethlisberger
85b177f6b0 Special device nodes may be needed for -j to work 2014-08-26 14:29:56 +02:00
Daniel Roethlisberger
47c409cbb5 Don't rely on OpenSSL to pull in string.h
Obtained from:	OpenBSD port patches
2014-06-21 19:20:34 +02:00
Daniel Roethlisberger
3226d9bfcf No longer chroot() by default when run as root
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.

Issue:		#21
2014-01-30 23:34:37 +01:00
Daniel Roethlisberger
db0fa32b07 Load -t certificates before dropping privileges
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges.  This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys.  This bug was
introduced in 0675219 as a spurious part of fixing #5.

Issue:		#20, #19
Reported by:	Miroslav Stampar
2014-01-30 22:39:39 +01:00
Daniel Roethlisberger
ac98c2d9cc Fix segmentation fault when using -t without a CA
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
2014-01-30 22:21:08 +01:00
Daniel Roethlisberger
4bd9dd1fa7 Fix glob to be compatible with /bin/dash 2014-01-29 21:25:19 +01:00
Daniel Roethlisberger
53a948cd18 Improve dependency tracking for targets/ certs 2014-01-29 21:20:16 +01:00
Daniel Roethlisberger
349cd1f6ec Add targets to .PHONY 2014-01-29 21:14:39 +01:00
Daniel Roethlisberger
f669fbbca7 Add unit test for sys_dir_eachfile()
Issue:		#19
Reported by:	Miroslav Stampar
2014-01-29 20:18:54 +01:00
Daniel Roethlisberger
658bbfa6fe SSLsplit master 2014-01-29 20:16:34 +01:00
Daniel Roethlisberger
c4ac9c60bc SSLsplit 0.4.8 release 2014-01-15 19:07:07 +01:00
Daniel Roethlisberger
9d5641c0e0 Update NEWS 2014-01-15 19:01:33 +01:00
Daniel Roethlisberger
f348c1a372 Add libevent2 test for the weirdness that is issue #17 2014-01-15 18:56:58 +01:00
Daniel Roethlisberger
9338200705 Detect when libevent cannot parse resolv.conf
Issue:		#17
Reported by:	Florian Schaefer
2014-01-15 10:33:43 +01:00
Daniel Roethlisberger
a80cbf73f4 Add some error-case debug messages to pxy_thrmgr_run() 2014-01-15 01:04:02 +01:00
Daniel Roethlisberger
fe558af0a3 Remove duplicates from FEATURES 2014-01-14 23:44:23 +01:00
Daniel Roethlisberger
e1d8a2a965 Lint fix: define some variables in smaller scope 2014-01-14 17:37:57 +01:00
Daniel Roethlisberger
cd358e245a Make session.pem generation more portable 2014-01-14 17:37:17 +01:00
Daniel Roethlisberger
716139b169 Suppress SPDY/QUIC by removing Alternate-Protocol headers 2014-01-14 17:35:56 +01:00
Daniel Roethlisberger
6b99bde4fb Only use -pthread on non-Darwin systems 2014-01-14 17:29:32 +01:00
Daniel Roethlisberger
ba991dcdf8 Minor overhaul of the Mac OS X hacks 2014-01-14 17:28:59 +01:00
Daniel Roethlisberger
24e57d2a12 Add .gitattributes and cleanup .gitignore
Exclude development-only files from the distribution tarball.
2014-01-14 17:14:23 +01:00
Daniel Roethlisberger
23d7b7fe8d Update README for the APSL components 2014-01-14 01:23:09 +01:00
Daniel Roethlisberger
d4d249fb87 Update NEWS 2014-01-14 00:46:52 +01:00
Daniel Roethlisberger
a5660fa3c9 Update NEWS 2014-01-14 00:29:45 +01:00
Daniel Roethlisberger
2235e1aad9 Fix memory leak in fake cert generation code
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally.  Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
2014-01-13 23:56:59 +01:00
Daniel Roethlisberger
05410fe9b3 Enable SSL_MODE_RELEASE_BUFFERS by default 2014-01-13 23:33:31 +01:00
Daniel Roethlisberger
202b1270e3 Create session.pem without Internet connectivity
Use openssl s_server in order to create a temporary SSL server for
creating an SSL session dump for the unit tests to work with.  This
removes the requirement of having Internet connectivity for running the
test suite, which prevented package builds from running the unit tests.
2014-01-11 21:49:05 +01:00
Daniel Roethlisberger
54685bab6d Update NEWS 2014-01-11 19:14:11 +01:00
Daniel Roethlisberger
56842b2f63 Fix file descriptor leak in passthrough mode (-P)
When using passthrough mode, if a connection to a server fails with an
SSL error, sslsplit falls back to plain TCP passthrough.  When
reconnecting with plain TCP, the SSL context was freed, but the file
descriptor was never closed.  The fix remedies that by calling the
proper cleanup function for the dst bev before reconnecting.

Reported by:	Peter Haag
2014-01-11 19:12:00 +01:00