Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
377 Commits
2 Branches
26 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e17108f9b7'
${ noResults }
Commit Graph

79 Commits (e17108f9b7954148f2afa0f0041b16af46cc0f24)

Author SHA1 Message Date
Daniel Roethlisberger 914360eb5e Separate host and port into separate strings 
Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner.  This includes the following user-visible changes:

-   Generated filenames that contain host and port, such as by -S and
    -F %d and %s, now use a host,port format instead of [host]:port.

-   Connect log now uses separate fields for host and port.

Issue:		#69 #74
Reported by:	Adam Jacob Muller
 9 years ago
Daniel Roethlisberger 91da4674e5 Update copyright, license and tagline 
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
 10 years ago
Daniel Roethlisberger f16783cee2 Move cert writer to logger thread using privsep 
Make -w and -W work in conjunction with dropping privileges and
chrooting by moving the cert writer code to a separate logger thread and
using the privsep framework to open the files if they do not exist
already.

Issue:		#70
 10 years ago
Daniel Roethlisberger 6ec6c56ded Refactored -w/-W and improved docs 10 years ago
PsychoMario 3aff928daf moved key output to main.c, caught some bugs 10 years ago
PsychoMario a83cd68605 stored fpr as char* in ctx 10 years ago
PsychoMario 1736564b32 error handling 10 years ago
PsychoMario 4f310a877a implemented -W to write original certs 10 years ago
PsychoMario a7e2d99b39 added logging of fingerprints, uppercased names 10 years ago
PsychoMario 13dce0aa35 moved write to pxy_srccert_create, -X to -w, opts_free use 10 years ago
PsychoMario 73042d4daa fix mutual exclusivity, sprintf->asprintf 10 years ago
PsychoMario cbb2a179f9 naive implementation with -X, no help, validation, logging 10 years ago
Daniel Roethlisberger c4b22efa5a Fix segmentation fault for aborted connections 10 years ago
Daniel Roethlisberger 65f56f634d Improve error handling on logging calls 10 years ago
Daniel Roethlisberger b5e3856a97 Move open() and mkdir() to logger thread 10 years ago
Daniel Roethlisberger 007823b16e Fix connect logging for corner cases 10 years ago
Daniel Roethlisberger c5b8fd127f Add version and ciphersuite to connect and debug log 10 years ago
Daniel Roethlisberger fcd008df4b Unify asprintf error handling 10 years ago
Daniel Roethlisberger b1ec5d0e09 Improve log_content_open() error handling 10 years ago
Daniel Roethlisberger 328e3320f9 Fix build for !HAVE_LOCAL_PROCINFO 10 years ago
Daniel Roethlisberger e022b2af26 Add local process information to connect log 10 years ago
Daniel Roethlisberger 08ca5b2891 Also print pid if lookup (partially or fully) fails 10 years ago
Daniel Roethlisberger 150650c7e9 Make local procinfo run-time optional (-i) and use src host:port 10 years ago
Daniel Roethlisberger 42497693d1 Rename define for consistency 10 years ago
Daniel Roethlisberger 0237fe34dc Only build local process info code where supported 10 years ago
Daniel Roethlisberger 966fe80c0c Move process information code from sys to proc 10 years ago
Daniel Roethlisberger c3922d9852 Refactor process lookup out of NAT engine code 
Local process lookup is independent of the NAT engine used, it depends
only on the operating system's process enumeration API.  Moving the code
out of NAT lookup also makes it work for static and SNI proxyspecs.
 10 years ago
Daniel Roethlisberger dc7a3ee9e3 Break line to 80 cols 10 years ago
Landon Fuller a4c518c8a0
Merge remote-tracking branch 'origin/fix-macosx' into logspec_path_support 10 years ago
Landon Fuller efca8d73c9
Remove debugging statement. 10 years ago
Landon Fuller 81bf954c17
Merge commit '5ed49c498596995c79a5b7fda3d1ee1eb09ce8ec' into sys_proc_info 10 years ago
Landon Fuller fe5eb66b53
Merge commit '9204418c806fc85ba04c3650dc4002bd440083ca' into nat_local_pid 10 years ago
Daniel Roethlisberger 375bf2a13c Clarify comment about logging 10 years ago
Daniel Roethlisberger 6b0e47dc89 Allow more control over used SSL/TLS versions 
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
 10 years ago
Daniel Roethlisberger 5219d494f3 Protect session cache calls from sess == NULL 10 years ago
Daniel Roethlisberger fcb64e85e7 Make SSLv2 support opt-in instead of opt-out 
Migrate knobs from DISABLE_SSLV2_CLIENT and DISABLE_SSLV2_SERVER to
WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER and remove the
DISABLE_SSLV2_SESSION_CACHE knob entirely, automatically including the
respective code if SSLv2 support is compiled into SSLsplit.
 10 years ago
Daniel Roethlisberger 769fbd042d Filter HSTS response headers to allow cert override 
Also remove HTTP Strict Transport Security (HSTS, RFC 6797) headers from
HTTP responses.  With HSTS active, the user is not allowed to accept
untrusted certificates.
 10 years ago
Daniel Roethlisberger b1a7b11aea Don't depend on the space when parsing HTTP headers 10 years ago
Daniel Roethlisberger d85e5ddbe2 Disable SSLv2 support by default 10 years ago
Landon Fuller 8350b1deb0 Plumb user/group/path information through the logging API. 10 years ago
Landon Fuller 5ed49c4985 Implement user and group name lookup. 10 years ago
Landon Fuller 52d979e29d Add a standard API for fetching process name, uid, and gid. 10 years ago
Landon Fuller 9204418c80 Thread pid lookup support through the NAT API. 
This exposes the pid lookup code as a standard attribute
of NAT lookup -- if a matching process cannot be found,
or if pid lookup isn't supported by the NAT backend,
a pid of -1 is returned.

This also adds the local_pid to the pxyconn context; this
will be used to populate log strings.
 10 years ago
Daniel Roethlisberger ac98c2d9cc Fix segmentation fault when using -t without a CA 
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
 11 years ago
Daniel Roethlisberger e1d8a2a965 Lint fix: define some variables in smaller scope 11 years ago
Daniel Roethlisberger 716139b169 Suppress SPDY/QUIC by removing Alternate-Protocol headers 11 years ago
Daniel Roethlisberger 2235e1aad9 Fix memory leak in fake cert generation code 
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally.  Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
 11 years ago
Daniel Roethlisberger 05410fe9b3 Enable SSL_MODE_RELEASE_BUFFERS by default 11 years ago
Daniel Roethlisberger 56842b2f63 Fix file descriptor leak in passthrough mode (-P) 
When using passthrough mode, if a connection to a server fails with an
SSL error, sslsplit falls back to plain TCP passthrough.  When
reconnecting with plain TCP, the SSL context was freed, but the file
descriptor was never closed.  The fix remedies that by calling the
proper cleanup function for the dst bev before reconnecting.

Reported by:	Peter Haag
 11 years ago
Daniel Roethlisberger e129041c1c Add some OpenSSL refcounting comments 11 years ago