Commit Graph

777 Commits

Author SHA1 Message Date
Soner Tari
58eb907d69 Separate global and proxyspec opts 2019-07-12 14:40:04 +03:00
Soner Tari
d6f0f4cdc7 Create proxyspec options 2019-07-08 21:49:06 +03:00
Soner Tari
57ae6f07a5 Update OCSP denied comments 2019-07-08 21:45:30 +03:00
Soner Tari
70fa08a36a Fix OCSP denied response 2019-07-03 02:10:51 +03:00
Soner Tari
3b25ea2e34 Fix http method validation: Compare 1 byte longer than method len, so that GET1 is not validated as GET 2019-07-02 22:30:40 +03:00
Soner Tari
a7d671169c Fix handling of HTTP Accept-Encoding 2019-06-18 10:23:50 +03:00
Soner Tari
d50bb0bfa6 Fix proto http child setup 2019-06-16 17:58:31 +03:00
Soner Tari
f6a8522d1e Enable -O2 optimization, remove -g
Clean up gitignore
Fix typos
2019-05-27 11:12:12 +03:00
Soner Tari
1c8a837df1 Fix FreeBSD support: Call available_fds() on FreeBSD too 2019-05-08 23:45:10 +03:00
Soner Tari
adee22db09
Fix FreeBSD support, pr #13 by @5u623l20
FreeBSD does not have getdtablecount() and needs netinet/in.h
2019-05-08 21:47:16 +03:00
Soner Tari
d1a3328c58 Differentiate PassSite option from Passthrough option: PassSite does not require Passthrough now
Remove redundant if conditions
2019-05-02 19:06:48 +03:00
Soner Tari
c146b8a0ec Make sure sni and ssl_names are not null, fixes signal 11 crash reported by @janusloo 2019-05-01 00:35:15 +03:00
Soner Tari
22ad78c8f9 Fix passthrough conn logging 2019-04-22 23:01:57 +03:00
Soner Tari
26a73d797d Fix passsite struct free 2019-04-21 01:46:40 +03:00
Soner Tari
c3abe74776 Add client filtering to PassSite option, per site filters can be defined using client IP addresses, users, and description keywords 2019-04-21 01:00:46 +03:00
Soner Tari
07a6c32e93 Update documentation with PassSite option 2019-04-20 01:13:06 +03:00
Soner Tari
7e17bd198e Require ssl_names if passsite is set 2019-04-19 23:21:58 +03:00
Soner Tari
119fc8e69e Improve passsite log messages and comments 2019-04-19 20:59:28 +03:00
Soner Tari
7e8fcbcafa Move strncpy() call from passsite matching to initial PassSite setup 2019-04-19 04:21:41 +03:00
Soner Tari
ddeb9831ed Add PassSite option, if the site matches SNI or common names in the SSL certificate, the connection is passed through the proxy, issue #12 2019-04-19 01:17:41 +03:00
Soner Tari
89150fe4d6 Enable more ssl info in conn logs, especially common names in crts 2019-04-18 16:01:44 +03:00
Soner Tari
24972bda48 Rearrange debug log messages 2019-04-03 20:23:30 +03:00
Soner Tari
8c2fd3cc31 Replace recursion with while loop in child max fd computation and debug logging 2019-03-31 18:22:19 +03:00
Soner Tari
3c8d6e7e4e Fix the location of the assertion checking NULL thr conns list, nice catch by this assert() call, that it is misplaced, so add further assertions 2019-03-29 15:38:03 +03:00
Soner Tari
0eaf475193 Update documentation with the new user info in SSLproxy line 2019-03-28 17:06:07 +03:00
Soner Tari
f9b850f63b Add user info to SSLproxy header line, so listening programs know network users
Debug print conf file option
2019-03-28 14:16:59 +03:00
Soner Tari
a76ce0e2b4 Remove any SSLproxy line, parent or child
In case parent receives SSLproxy line from local network
2019-03-27 21:23:48 +03:00
Soner Tari
11d1b64c1c Update version to 0.6.0 2019-03-27 15:22:50 +03:00
Soner Tari
9275315541 Add OpenFilesLimit option, use 50-10000, so user does not need to modify system-wide value now 2019-03-27 14:23:18 +03:00
Soner Tari
074e5d6400 Add LeafKeyRSABits option for user to change leaf key RSA keysize in bits, so it can be set to 1024|2048|3072|4096 now 2019-03-27 03:07:36 +03:00
Soner Tari
a51cc7de57 Update RSA key size comments 2019-03-26 18:31:51 +03:00
Soner Tari
ea532a9464 Update with sslsplit develop ssl ctx improvements 2019-03-26 15:54:42 +03:00
Soner Tari
bee1a82bfc Improve error log messages and comments 2019-03-25 18:13:46 +03:00
Soner Tari
44b125f77e Avoid malloc/free for vars of known sizes 2019-03-25 03:39:15 +03:00
Soner Tari
d0ad45e74d Fix autossl userauth: srvdst should call userauth and redirect too 2019-03-24 22:28:43 +03:00
Soner Tari
040d00b546 Fix passthrough mode broken by the new pending ssl conns list: It is necessary to NULL the sslctx to prevent passthrough mode trying to access it (signal 11 crash)
Note that we cannot redirect failed ssl connections to login page while switching to passthrough mode
Remove now redundant pxy_fd_readcb() function
2019-03-24 15:57:03 +03:00
Soner Tari
98c1186cb8 Improve documentation, and simplify code 2019-03-24 01:31:19 +03:00
Soner Tari
ad38b68ad7 Fix a possible multithreading issue: Ignore event_add() failure and do not try to close the conn after adding it to pending ssl conns list
Debug print pending ssl conns list
Remove redundant asprintf() calls and vars
Rename fields and fix whitespace
2019-03-23 23:34:38 +03:00
Soner Tari
50740b9f77 Remove redundant ctx fields, rename vars, rearrange code, and improve documentation 2019-03-23 20:48:40 +03:00
Soner Tari
42eb887ebb Do not modify conn thread fields without locking on thrmgr thread, so we only modify thr load and thr conn list, no tread stats, on thrmgr now 2019-03-23 00:09:18 +03:00
Soner Tari
072dbe2611 Fix privsep PRIVSEP_REQ_UPDATE_ATIME command: Do not request an fd from sys_recvmsgfd() and sys_sendmsgfd(), otherwise opens an stdin (fd 0), causing fd leak
Remove redundant logging call
2019-03-22 19:19:39 +03:00
Soner Tari
bf67b617c2 Keep track of ssl conns waiting for the first packet, and remove them if they time out
Otherwise if no packet arrives, hence readcb does not fire, that ssl conn is lost causing memory and fd leak
Accepting a connection does not mean that a packet will be received
Use better names
2019-03-22 15:21:39 +03:00
Soner Tari
dc788862a9 Reintroduce BEV_OPT_THREADSAFE flag, after a signal 10 crash involving buffer events
Rearrange and fix fd close locations and conn termination
2019-03-21 06:06:56 +03:00
Soner Tari
6f2cf92e51 Do not pass BEV_OPT_THREADSAFE flag to bufferevent new socket/filter functions anymore: Multithreading issues seems to be solved now 2019-03-19 17:17:57 +03:00
Soner Tari
e145ca6eed Refactor add/remove conn/child code
Fix whitespace
2019-03-19 02:54:48 +03:00
Soner Tari
cc0b94c17f Do not do anything with the conn ctx on the thrmgr thread after setting event callbacks and/or socket connect
Always lock conn thr while reading ctx fields, otherwise we may get wrong values
2019-03-18 03:59:40 +03:00
Soner Tari
17122fa6a8 Always keep thr load and conns list in sync 2019-03-17 18:57:33 +03:00
Soner Tari
c43e359a1b Do not modify thr stats without locking, otherwise max fd stats were sometimes wrong 2019-03-16 23:19:48 +03:00
Soner Tari
3147723774 Add attribs, enclose debug params between debug macros, and improve documentation 2019-03-16 00:44:12 +03:00
Soner Tari
dcaaa49f90 Improve documentation and use better names 2019-03-15 15:39:15 +03:00