Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-11-02 15:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
726 Commits 2 Branches 27 Tags 3.1 MiB
d6f0f4cdc7
Commit Graph

114 Commits

Author SHA1 Message Date
Soner Tari
d6f0f4cdc7 Create proxyspec options 2019-07-08 21:49:06 +03:00
Soner Tari
f9b850f63b Add user info to SSLproxy header line, so listening programs know network users 
Debug print conf file option
 2019-03-28 14:16:59 +03:00
Soner Tari
074e5d6400 Add LeafKeyRSABits option for user to change leaf key RSA keysize in bits, so it can be set to 1024|2048|3072|4096 now 2019-03-27 03:07:36 +03:00
Soner Tari
dcaaa49f90 Improve documentation and use better names 2019-03-15 15:39:15 +03:00
Soner Tari
7b11eb15fa Update copyright year to 2019 2019-03-13 14:42:40 +03:00
Soner Tari
76a599d464 Put the getdtablecount() solution back in, otherwise sometimes, although rarely, we get "Error 24 on listener: Too many open files" nonstop, it's better to be safe(r) 2019-03-11 02:41:16 +03:00
Soner Tari
1f451aa04d Change user db table name to users, change mac column name to ether 
Clean up
 2019-03-02 03:44:14 +03:00
Soner Tari
c37bcc6de1 Add UserDBPath and UserTimeout options 2019-03-02 02:52:48 +03:00
Soner Tari
cde3fbca3f Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD 
Get ethernet address and compare with the one in userdb, on each conn setup
Create user_auth options
Rename and clean-up
 2019-03-01 02:08:24 +03:00
Soner Tari
70a22f4515 Do not break the event loop if out of fds, instead properly check all retvals of libevent functions 
So remove getdtable*() solution
 2018-11-30 02:49:37 +03:00
Soner Tari
52d37297b6 Update with sslsplit develop changes, especially content logging 
Change SIGHUP to behave like SIGUSR1
 2018-11-03 18:23:31 +03:00
Soner Tari
d2e9ab4487 Merge sslsplit-develop changes 2018-09-15 02:51:26 +03:00
Soner Tari
0c8348db75 Merge sslsplit develop changes 2018-08-03 23:36:51 +03:00
Soner Tari
e8054deed3 Set option defaults in opts_new() now 
Use bit instead of int for boolean options
 2018-08-03 17:14:21 +03:00
Soner Tari
5e2724c38b Update version to 0.5.6 
Improve man pages and help message
 2018-05-13 00:49:21 +03:00
Soner Tari
442425177c Fix proxyspec definition and examples in usage message 2018-05-09 22:05:03 +03:00
Soner Tari
27650fab69 Support all command line options in the conf file as well 
Update with the latest sslsplit-devel changes
 2018-05-09 20:05:29 +03:00
Soner Tari
027b6e3a95 Update with sslsplit develop changes 2018-03-26 18:14:54 +03:00
Soner Tari
42348cbe41 Add Ciphers option to conf file 2018-02-28 02:16:18 +03:00
Soner Tari
9d435e180c Update with SSLsplit 0.5.2 and develop branch changes as of 270218 2018-02-27 22:20:58 +03:00
Soner Tari
4c8831bd90 Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues 
Add VerifyPeer and AllowWrongHost options
 2018-01-18 03:18:53 +03:00
Soner Tari
392c6be48c Add SSLproxy copyright to -v output 2017-10-26 21:41:30 +03:00
Soner Tari
a1c5d05143 Add support for log priority to error logs, so syslogd prints the correct prio for error logs now 2017-10-15 01:39:30 +03:00
Soner Tari
179aa4fc8f Close the conn if we are out of file descriptors, or libevent will crash us 2017-09-04 13:05:51 +03:00
Soner Tari
4bf27d09e5 Add RemoveHTTPReferer option, Referer causes redirection errors with some sites 2017-09-03 23:11:20 +03:00
Soner Tari
d52ee62079 Add RemoveHTTPAcceptEncoding option 2017-08-24 13:30:23 +03:00
Soner Tari
0b5ef8b14d Mark critical errors as CRITICAL 2017-08-21 17:53:24 +03:00
Soner Tari
7748e3ec1b Add conf file support, with -f command line option, supports a subset of all possible options 2017-08-16 16:01:52 +03:00
Soner Tari
1a6eab50a5 Tidy and clean logs up 
Add DEBUG_PROXY directive around all log_dbg_level_printf() and related lines
Log stats to syslog, similar to error logs, so that it is simpler to rotate and parse
-O w/o -g is failing bufferevent_socket_connect for parent dst, so either enable -O w/ -g, or disable -O w/o -g (-O2 is failing too)
Refactoring
 2017-08-13 04:36:33 +03:00
Soner Tari
ea6dc07248 Rename to sslproxy 
Reduce http headers to just one SSLproxy line
 2017-08-11 15:01:51 +03:00
Soner Tari
1ae732f533 There are 3 dst bevs, writecbs of all of them may fire before connected event, so call eventcb first when that happens for each dst bevs. 
Check if srv_dst bev is NULL or not: Since both eventcb and writecb for srv_dst are enabled, either eventcb or writecb may get a NULL srv_dst bev, causing a crash with signal 10.
Remove unnecessary evutil_closesocket() calls, they could close the fds twice, causing conn stalls
 2017-08-01 14:57:49 +03:00
Soner Tari
67ddee1585 Import sslsplit-devel changes 
Add stats logs, initial
Add SSLproxy_SrcAddr header field
Clean-up
 2017-07-25 16:07:39 +03:00
Soner Tari
5047df8cba Fix some of the compiler warnings, rearrange, and clean-up 2017-07-01 23:17:45 +03:00
Soner Tari
9858928b73 Add debug levels, initial 2017-06-15 19:07:37 +03:00
Soner Tari
d033ea68dd Plain TCP version is running good enough, next will try to switch the SSL on 2017-05-29 12:22:23 +03:00
Daniel Roethlisberger
29f44c3d64 Add autossl spec parsing tests and improve docs 2016-03-27 14:38:06 +02:00
Daniel Roethlisberger
25b096450d Modernize DHE and ECDHE support 
Enable full strength DHE and ECDHE by default in order to allow modern
browsers to connect without weak crypto warnings.

Issue:		#119
Reported by:	@curioustwo
 2016-03-25 16:28:30 +01:00
Daniel Roethlisberger
e632490888 Add exception handler to logger, exit on errors 
Add exception handler mechanism to logger and use that to exit cleanly
when sslsplit fails to write to a log file or fails to open a log file.

Issue:		#113
Reported by:	Matthias Kadenbach
 2016-03-25 15:56:42 +01:00
Daniel Roethlisberger
0b858431a2 Add warning if version string is bogus 2016-03-25 12:34:52 +01:00
Daniel Roethlisberger
0506024587 Update copyright notices to 2016 2016-03-25 12:19:23 +01:00
Daniel Roethlisberger
43b697d875 Initialize proxy before daemonizing 
Issue:		#104
 2016-03-15 19:57:14 +01:00
Daniel Roethlisberger
95d4a9bc35 Explicitly initialize OpenSSL with SSL proxy specs 
Make sure we always initialize OpenSSL explicitly, even if there are no
certificates or keys loaded or generated.  Previously, OpenSSL would
only have been initialized if the configuration actually uses
certificates or keys, which is not always the case, e.g. with -t
pointing to an empty directory.

Issue:		#92
Reported by:	xelalexv
 2015-04-30 16:58:35 +02:00
Daniel Roethlisberger
77109df8d2 Improve docs on autogenerated 1024 bit RSA leaf key 
Issue:		#83
 2015-03-24 20:33:38 +01:00
Daniel Roethlisberger
80b727054b Refactor proxyspec printing into proxyspec_str() 2015-03-15 22:55:34 +01:00
Daniel Roethlisberger
ce002378b8 Use more intuitive letters for new format specs 
%D for Destination host, %p for the (more interesting) destination port,
%S for Source host, %q for the (less interesting) source port.
 2015-03-15 18:39:36 +01:00
Daniel Roethlisberger
e17108f9b7 Merge branch 'master' of https://github.com/AdamJacobMuller/sslsplit into issue/74 2015-03-15 18:28:10 +01:00
Daniel Roethlisberger
914360eb5e Separate host and port into separate strings 
Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner.  This includes the following user-visible changes:

-   Generated filenames that contain host and port, such as by -S and
    -F %d and %s, now use a host,port format instead of [host]:port.

-   Connect log now uses separate fields for host and port.

Issue:		#69 #74
Reported by:	Adam Jacob Muller
 2015-03-15 17:23:46 +01:00
Daniel Roethlisberger
91da4674e5 Update copyright, license and tagline 
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
 2015-02-24 19:19:20 +01:00
Adam Jacob Muller
9267cf9bb4 add support for: 
%f - dest address
%h - dest port
%t - source address
%v - source port

format specifiers to pathspec
 2015-02-08 20:20:02 -05:00
Daniel Roethlisberger
f16783cee2 Move cert writer to logger thread using privsep 
Make -w and -W work in conjunction with dropping privileges and
chrooting by moving the cert writer code to a separate logger thread and
using the privsep framework to open the files if they do not exist
already.

Issue:		#70
 2014-12-13 23:52:17 +01:00