Daniel Roethlisberger
d0665377ee
Remove WGET_FLAGS from developer targets
10 years ago
Daniel Roethlisberger
a299d7e3f3
Add unit tests for ssl_x509_subject() and ssl_x509_subject_cn()
10 years ago
Daniel Roethlisberger
eca1ac9a5e
Rewrite ssl_x509_subject_cn() error handling
10 years ago
Daniel Roethlisberger
c210641783
Don't add XNU includes to cppcheck invocation
10 years ago
Daniel Roethlisberger
76aab3b816
Fix X509_NAME_get_text_by_NID() error handling
10 years ago
Daniel Roethlisberger
5219d494f3
Protect session cache calls from sess == NULL
10 years ago
Daniel Roethlisberger
78a573121d
Add some CPPFLAGS to cppcheck arguments
10 years ago
Daniel Roethlisberger
b9ab5a03e6
SSLsplit 0.4.9 release
10 years ago
Daniel Roethlisberger
fcb64e85e7
Make SSLv2 support opt-in instead of opt-out
...
Migrate knobs from DISABLE_SSLV2_CLIENT and DISABLE_SSLV2_SERVER to
WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER and remove the
DISABLE_SSLV2_SESSION_CACHE knob entirely, automatically including the
respective code if SSLv2 support is compiled into SSLsplit.
10 years ago
Daniel Roethlisberger
edf1dac8fa
Improve manual page re protocols and scalability
...
Issue: #42
10 years ago
Daniel Roethlisberger
769fbd042d
Filter HSTS response headers to allow cert override
...
Also remove HTTP Strict Transport Security (HSTS, RFC 6797) headers from
HTTP responses. With HSTS active, the user is not allowed to accept
untrusted certificates.
10 years ago
Daniel Roethlisberger
cc6cb59485
Rewrite Mac OS X support to use proper XNU headers
...
Move from one set of headers per major OS X release to one set of
headers per XNU release. Fetch the header files from Apple's official
Open Source site instead of GitHub in the fetchdeps developer target.
As a side effect, 10.6.x is now supported as well (untested), and proper
headers are used for 10.10.
Issue: #39
10 years ago
Daniel Roethlisberger
001615c53b
Update khash.h to latest klib master
10 years ago
Daniel Roethlisberger
b1a7b11aea
Don't depend on the space when parsing HTTP headers
10 years ago
Daniel Roethlisberger
d85e5ddbe2
Disable SSLv2 support by default
10 years ago
Daniel Roethlisberger
d6f2fa067d
Update TODO and refer to github issues
10 years ago
Daniel Roethlisberger
0a225ae65c
Update documentation after merging pull req #35
10 years ago
Daniel Roethlisberger
42efb4a980
Slightly improve user experience for new option -m
10 years ago
Daniel Roethlisberger
ee9d434cac
Further improving OOM handling in early stages of main()
10 years ago
Daniel Roethlisberger
b1b8fe09b9
Merge pull request #35 from fix-macosx/specify-custom-gid
...
Add support for specifying an explicit group when dropping privileges.
10 years ago
Daniel Roethlisberger
bea022540f
Handle strdup() failure in early stages of main()
...
Issue: #38
Reported by: Markus Elfring
10 years ago
Daniel Roethlisberger
b105473629
Check return values of pthread_mutex_init and friends
...
Issue: #38
Reported by: Markus Elfring
10 years ago
Daniel Roethlisberger
f575adadea
Update documentation after merge of pull req #32
10 years ago
Daniel Roethlisberger
79c67ebed7
Merge pull request #32 from fix-macosx/macosx-yosemite
...
Support Mac OS X 10.10 by using 10.9 headers
10 years ago
Daniel Roethlisberger
ed99fc0260
Use NULL instead of '\0' to avoid type conversion
10 years ago
Daniel Roethlisberger
e64bf695dc
Update documentation after merge of #34
10 years ago
Daniel Roethlisberger
2e418f1447
Merge pull request #34 from swills/master
...
add DESTDIR, MANDIR to install target
10 years ago
Steve Wills
b8c8cb73ed
add DESTDIR, MANDIR to install target
...
DESTDIR to allow installing in chroot
MANDIR to allow specifying different dir for man pages
10 years ago
Landon Fuller
9d54677009
Add support for specifying an explicit group when dropping privileges.
...
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
10 years ago
Landon Fuller
8ef5011fcb
Enable Mac OS X 10.10 feature detection
...
This is pointed at the 10.9 pf headers for testing, as
the 10.10 kernel sources are unavailable.
10 years ago
Landon Fuller
ecbc84438a
Fix crash in strdup() when no default NAT engine is available.
10 years ago
Daniel Roethlisberger
85b177f6b0
Special device nodes may be needed for -j to work
10 years ago
Daniel Roethlisberger
47c409cbb5
Don't rely on OpenSSL to pull in string.h
...
Obtained from: OpenBSD port patches
10 years ago
Daniel Roethlisberger
3226d9bfcf
No longer chroot() by default when run as root
...
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.
Issue: #21
11 years ago
Daniel Roethlisberger
db0fa32b07
Load -t certificates before dropping privileges
...
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges. This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys. This bug was
introduced in 0675219
as a spurious part of fixing #5 .
Issue: #20 , #19
Reported by: Miroslav Stampar
11 years ago
Daniel Roethlisberger
ac98c2d9cc
Fix segmentation fault when using -t without a CA
...
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
11 years ago
Daniel Roethlisberger
4bd9dd1fa7
Fix glob to be compatible with /bin/dash
11 years ago
Daniel Roethlisberger
53a948cd18
Improve dependency tracking for targets/ certs
11 years ago
Daniel Roethlisberger
349cd1f6ec
Add targets to .PHONY
11 years ago
Daniel Roethlisberger
f669fbbca7
Add unit test for sys_dir_eachfile()
...
Issue: #19
Reported by: Miroslav Stampar
11 years ago
Daniel Roethlisberger
658bbfa6fe
SSLsplit master
11 years ago
Daniel Roethlisberger
c4ac9c60bc
SSLsplit 0.4.8 release
11 years ago
Daniel Roethlisberger
9d5641c0e0
Update NEWS
11 years ago
Daniel Roethlisberger
f348c1a372
Add libevent2 test for the weirdness that is issue #17
11 years ago
Daniel Roethlisberger
9338200705
Detect when libevent cannot parse resolv.conf
...
Issue: #17
Reported by: Florian Schaefer
11 years ago
Daniel Roethlisberger
a80cbf73f4
Add some error-case debug messages to pxy_thrmgr_run()
11 years ago
Daniel Roethlisberger
fe558af0a3
Remove duplicates from FEATURES
11 years ago
Daniel Roethlisberger
e1d8a2a965
Lint fix: define some variables in smaller scope
11 years ago
Daniel Roethlisberger
cd358e245a
Make session.pem generation more portable
11 years ago
Daniel Roethlisberger
716139b169
Suppress SPDY/QUIC by removing Alternate-Protocol headers
11 years ago