Daniel Roethlisberger
cc6cb59485
Rewrite Mac OS X support to use proper XNU headers
...
Move from one set of headers per major OS X release to one set of
headers per XNU release. Fetch the header files from Apple's official
Open Source site instead of GitHub in the fetchdeps developer target.
As a side effect, 10.6.x is now supported as well (untested), and proper
headers are used for 10.10.
Issue: #39
2014-10-30 22:01:55 +00:00
Daniel Roethlisberger
001615c53b
Update khash.h to latest klib master
2014-10-28 23:59:17 +01:00
Daniel Roethlisberger
b1a7b11aea
Don't depend on the space when parsing HTTP headers
2014-10-28 23:31:07 +01:00
Daniel Roethlisberger
d85e5ddbe2
Disable SSLv2 support by default
2014-10-28 23:24:37 +01:00
Daniel Roethlisberger
d6f2fa067d
Update TODO and refer to github issues
2014-10-24 22:07:02 +02:00
Daniel Roethlisberger
0a225ae65c
Update documentation after merging pull req #35
2014-10-23 13:28:14 +02:00
Daniel Roethlisberger
42efb4a980
Slightly improve user experience for new option -m
2014-10-23 13:23:57 +02:00
Daniel Roethlisberger
ee9d434cac
Further improving OOM handling in early stages of main()
2014-10-23 13:14:06 +02:00
Daniel Roethlisberger
b1b8fe09b9
Merge pull request #35 from fix-macosx/specify-custom-gid
...
Add support for specifying an explicit group when dropping privileges.
2014-10-23 13:00:42 +02:00
Daniel Roethlisberger
bea022540f
Handle strdup() failure in early stages of main()
...
Issue: #38
Reported by: Markus Elfring
2014-10-23 12:49:12 +02:00
Daniel Roethlisberger
b105473629
Check return values of pthread_mutex_init and friends
...
Issue: #38
Reported by: Markus Elfring
2014-10-23 12:27:12 +02:00
Daniel Roethlisberger
f575adadea
Update documentation after merge of pull req #32
2014-10-21 15:55:56 +02:00
Daniel Roethlisberger
79c67ebed7
Merge pull request #32 from fix-macosx/macosx-yosemite
...
Support Mac OS X 10.10 by using 10.9 headers
2014-10-21 15:42:37 +02:00
Daniel Roethlisberger
ed99fc0260
Use NULL instead of '\0' to avoid type conversion
2014-10-21 15:16:09 +02:00
Daniel Roethlisberger
e64bf695dc
Update documentation after merge of #34
2014-10-21 14:55:25 +02:00
Daniel Roethlisberger
2e418f1447
Merge pull request #34 from swills/master
...
add DESTDIR, MANDIR to install target
2014-10-21 14:44:11 +02:00
Steve Wills
b8c8cb73ed
add DESTDIR, MANDIR to install target
...
DESTDIR to allow installing in chroot
MANDIR to allow specifying different dir for man pages
2014-10-18 17:32:22 +00:00
Landon Fuller
9d54677009
Add support for specifying an explicit group when dropping privileges.
...
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
2014-10-18 00:34:51 -06:00
Landon Fuller
8ef5011fcb
Enable Mac OS X 10.10 feature detection
...
This is pointed at the 10.9 pf headers for testing, as
the 10.10 kernel sources are unavailable.
2014-10-17 19:45:28 -06:00
Landon Fuller
ecbc84438a
Fix crash in strdup() when no default NAT engine is available.
2014-10-17 19:35:44 -06:00
Daniel Roethlisberger
85b177f6b0
Special device nodes may be needed for -j to work
2014-08-26 14:29:56 +02:00
Daniel Roethlisberger
47c409cbb5
Don't rely on OpenSSL to pull in string.h
...
Obtained from: OpenBSD port patches
2014-06-21 19:20:34 +02:00
Daniel Roethlisberger
3226d9bfcf
No longer chroot() by default when run as root
...
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.
Issue: #21
2014-01-30 23:34:37 +01:00
Daniel Roethlisberger
db0fa32b07
Load -t certificates before dropping privileges
...
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges. This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys. This bug was
introduced in 0675219
as a spurious part of fixing #5 .
Issue: #20 , #19
Reported by: Miroslav Stampar
2014-01-30 22:39:39 +01:00
Daniel Roethlisberger
ac98c2d9cc
Fix segmentation fault when using -t without a CA
...
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
2014-01-30 22:21:08 +01:00
Daniel Roethlisberger
4bd9dd1fa7
Fix glob to be compatible with /bin/dash
2014-01-29 21:25:19 +01:00
Daniel Roethlisberger
53a948cd18
Improve dependency tracking for targets/ certs
2014-01-29 21:20:16 +01:00
Daniel Roethlisberger
349cd1f6ec
Add targets to .PHONY
2014-01-29 21:14:39 +01:00
Daniel Roethlisberger
f669fbbca7
Add unit test for sys_dir_eachfile()
...
Issue: #19
Reported by: Miroslav Stampar
2014-01-29 20:18:54 +01:00
Daniel Roethlisberger
658bbfa6fe
SSLsplit master
2014-01-29 20:16:34 +01:00
Daniel Roethlisberger
c4ac9c60bc
SSLsplit 0.4.8 release
2014-01-15 19:07:07 +01:00
Daniel Roethlisberger
9d5641c0e0
Update NEWS
2014-01-15 19:01:33 +01:00
Daniel Roethlisberger
f348c1a372
Add libevent2 test for the weirdness that is issue #17
2014-01-15 18:56:58 +01:00
Daniel Roethlisberger
9338200705
Detect when libevent cannot parse resolv.conf
...
Issue: #17
Reported by: Florian Schaefer
2014-01-15 10:33:43 +01:00
Daniel Roethlisberger
a80cbf73f4
Add some error-case debug messages to pxy_thrmgr_run()
2014-01-15 01:04:02 +01:00
Daniel Roethlisberger
fe558af0a3
Remove duplicates from FEATURES
2014-01-14 23:44:23 +01:00
Daniel Roethlisberger
e1d8a2a965
Lint fix: define some variables in smaller scope
2014-01-14 17:37:57 +01:00
Daniel Roethlisberger
cd358e245a
Make session.pem generation more portable
2014-01-14 17:37:17 +01:00
Daniel Roethlisberger
716139b169
Suppress SPDY/QUIC by removing Alternate-Protocol headers
2014-01-14 17:35:56 +01:00
Daniel Roethlisberger
6b99bde4fb
Only use -pthread on non-Darwin systems
2014-01-14 17:29:32 +01:00
Daniel Roethlisberger
ba991dcdf8
Minor overhaul of the Mac OS X hacks
2014-01-14 17:28:59 +01:00
Daniel Roethlisberger
24e57d2a12
Add .gitattributes and cleanup .gitignore
...
Exclude development-only files from the distribution tarball.
2014-01-14 17:14:23 +01:00
Daniel Roethlisberger
23d7b7fe8d
Update README for the APSL components
2014-01-14 01:23:09 +01:00
Daniel Roethlisberger
d4d249fb87
Update NEWS
2014-01-14 00:46:52 +01:00
Daniel Roethlisberger
a5660fa3c9
Update NEWS
2014-01-14 00:29:45 +01:00
Daniel Roethlisberger
2235e1aad9
Fix memory leak in fake cert generation code
...
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally. Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
2014-01-13 23:56:59 +01:00
Daniel Roethlisberger
05410fe9b3
Enable SSL_MODE_RELEASE_BUFFERS by default
2014-01-13 23:33:31 +01:00
Daniel Roethlisberger
202b1270e3
Create session.pem without Internet connectivity
...
Use openssl s_server in order to create a temporary SSL server for
creating an SSL session dump for the unit tests to work with. This
removes the requirement of having Internet connectivity for running the
test suite, which prevented package builds from running the unit tests.
2014-01-11 21:49:05 +01:00
Daniel Roethlisberger
54685bab6d
Update NEWS
2014-01-11 19:14:11 +01:00
Daniel Roethlisberger
56842b2f63
Fix file descriptor leak in passthrough mode (-P)
...
When using passthrough mode, if a connection to a server fails with an
SSL error, sslsplit falls back to plain TCP passthrough. When
reconnecting with plain TCP, the SSL context was freed, but the file
descriptor was never closed. The fix remedies that by calling the
proper cleanup function for the dst bev before reconnecting.
Reported by: Peter Haag
2014-01-11 19:12:00 +01:00