Support pf rdr on Mac OS X 10.7, 10.8 and 10.9 by including the missing
Apple headers in the source tree and enable private Apple code. Since
we are using an interface marked private by Apple, this code is very
experimental.
Issue: #15
Reported by: Amit Chowdhary
This removes the spurious "Unknown bufferevent 0x80" debug message but
does not have any change in functionality, since return would have been
called anyway after falling down the debug message.
While here, remove the useless "ignoring event" debug message unless
DEBUG_PROXY is defined, and also print the timeout flag in debug mode.
Always explicitly name which arguments are non-null, even if all
arguments are non-null. This is to avoid bugs where newly added
arguments are automatically non-null by accident, possibly leading to
optimisation errors.
This also fixes a few potential errors related to non-null arguments;
specifically it prevents the compiler optimising away a test for sni
being NULL in cachedsess_mkkey().
Issue: #14
Reported by: kythyria
OpenBSD 4.7+ and FreeBSD 9.0+ also include ipfw-style divert-to in pf,
so build ipfw NAT engine as well if pf is detected.
Reported by: Stuart Henderson
Add configuration examples for both old and new OpenBSD pf syntax and
give an example of using OpenBSD pf divert sockets for redirection.
Based on the OpenBSD port patchset.
Reported by: Stuart Henderson
This should fix the segmentation fault in issue #10 but not the
underlying reason why the thread manager fails to start in the first
place.
Issue: #10
Reported by: linuxton
Properly reset connection state when reconnecting the dst part of the
connection. This fixes the fallback to passthrough when no certficates
are present which can be used to split the SSL.
Issue: #9
Reported by: ceear
This fixes a regression which caused bind() to ports < 1024 to fail with
the default settings of dropping privileges to nobody.
Issue: #8
Reported by: Ian Grispan
Extend and improve the workaround introduced in commit 20b3f66120.
Automatically replace SSL_get_certificate() with a drop-in replacement
if a version of OpenSSL known to be broken is used. This now covers the
use of SSL_get_certificate() within the connection manager as well and
resolves one more case where OpenSSL could crash.
A bug in OpenSSL 1.0.0k and 1.0.1e caused sslsplit to crash when loading
certificates using SSL_get_certificate(). Work around the bug by
directly accessing the respective members of SSL* when using any of the
broken versions of OpenSSL.
Yield the CPU in the main thread until the proxy thread manager is fully
started. Otherwise, the main thread could free the proxy thread manager
while the threads are still starting up, leading to a deadlock.
