Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
985 Commits
2 Branches
25 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ec816e7db6'
${ noResults }
Commit Graph

985 Commits (ec816e7db61e61b79479618991a8f466cc117ef3)
 

Author SHA1 Message Date
Landon Fuller 06c61c16ed Add support for specifying log paths as a specialized format string. 
Format string handling is fully implemented, with the exception of
support for automatically creating missing directories.
 10 years ago
Landon Fuller 8350b1deb0 Plumb user/group/path information through the logging API. 10 years ago
Landon Fuller 5ed49c4985 Implement user and group name lookup. 10 years ago
Landon Fuller 52d979e29d Add a standard API for fetching process name, uid, and gid. 10 years ago
Landon Fuller 9204418c80 Thread pid lookup support through the NAT API. 
This exposes the pid lookup code as a standard attribute
of NAT lookup -- if a matching process cannot be found,
or if pid lookup isn't supported by the NAT backend,
a pid of -1 is returned.

This also adds the local_pid to the pxyconn context; this
will be used to populate log strings.
 10 years ago
Steve Wills b8c8cb73ed add DESTDIR, MANDIR to install target 
DESTDIR to allow installing in chroot
MANDIR to allow specifying different dir for man pages
 10 years ago
Landon Fuller bcc74385ab Log the full process path, rather than the MAXCOMLEN-max process name. 10 years ago
Landon Fuller 55e8da7653 Wire up lookup of the local process/socket originating the proxied connection. 
This uses Mac OS X's libproc to find the first process that owns
a matching socket. Currently, the results are simply logged;
the next step will be exposing this generically via
the NAT engine lookup API.
 10 years ago
Landon Fuller cb6ffeaa9d Merge branch 'fix-macosx' into macosx-process-info 10 years ago
Landon Fuller c412425ce1 Merge branch 'specify-custom-gid' into fix-macosx 10 years ago
Landon Fuller a8687e0737 Merge branch 'macosx-yosemite' into fix-macosx 10 years ago
Landon Fuller 9d54677009 Add support for specifying an explicit group when dropping privileges. 
This simplifies my use of pf(4) when using group-based
rules to exclude splitssl from redirection.
 10 years ago
Landon Fuller 7a5147cddf Add libproc to the build configuration. 10 years ago
Landon Fuller 8ef5011fcb Enable Mac OS X 10.10 feature detection 
This is pointed at the 10.9 pf headers for testing, as
the 10.10 kernel sources are unavailable.
 10 years ago
Landon Fuller ecbc84438a Fix crash in strdup() when no default NAT engine is available. 10 years ago
Daniel Roethlisberger 85b177f6b0 Special device nodes may be needed for -j to work 10 years ago
Daniel Roethlisberger 47c409cbb5 Don't rely on OpenSSL to pull in string.h 
Obtained from:	OpenBSD port patches
 10 years ago
Daniel Roethlisberger 3226d9bfcf No longer chroot() by default when run as root 
No longer implicitly use -j /var/empty by default and document clearly
the implications of using -j with -S and/or sni proxyspecs.

Issue:		#21
 11 years ago
Daniel Roethlisberger db0fa32b07 Load -t certificates before dropping privileges 
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges.  This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys.  This bug was
introduced in 0675219 as a spurious part of fixing #5.

Issue:		#20, #19
Reported by:	Miroslav Stampar
 11 years ago
Daniel Roethlisberger ac98c2d9cc Fix segmentation fault when using -t without a CA 
The key type checks which are used to optimize the loading of DH and
ECDH parameters should check the type of the supplied server key, not
the global options key.
 11 years ago
Daniel Roethlisberger 4bd9dd1fa7 Fix glob to be compatible with /bin/dash 11 years ago
Daniel Roethlisberger 53a948cd18 Improve dependency tracking for targets/ certs 11 years ago
Daniel Roethlisberger 349cd1f6ec Add targets to .PHONY 11 years ago
Daniel Roethlisberger f669fbbca7 Add unit test for sys_dir_eachfile() 
Issue:		#19
Reported by:	Miroslav Stampar
 11 years ago
Daniel Roethlisberger 658bbfa6fe SSLsplit master 11 years ago
Daniel Roethlisberger c4ac9c60bc SSLsplit 0.4.8 release 11 years ago
Daniel Roethlisberger 9d5641c0e0 Update NEWS 11 years ago
Daniel Roethlisberger f348c1a372 Add libevent2 test for the weirdness that is issue #17 11 years ago
Daniel Roethlisberger 9338200705 Detect when libevent cannot parse resolv.conf 
Issue:		#17
Reported by:	Florian Schaefer
 11 years ago
Daniel Roethlisberger a80cbf73f4 Add some error-case debug messages to pxy_thrmgr_run() 11 years ago
Daniel Roethlisberger fe558af0a3 Remove duplicates from FEATURES 11 years ago
Daniel Roethlisberger e1d8a2a965 Lint fix: define some variables in smaller scope 11 years ago
Daniel Roethlisberger cd358e245a Make session.pem generation more portable 11 years ago
Daniel Roethlisberger 716139b169 Suppress SPDY/QUIC by removing Alternate-Protocol headers 11 years ago
Daniel Roethlisberger 6b99bde4fb Only use -pthread on non-Darwin systems 11 years ago
Daniel Roethlisberger ba991dcdf8 Minor overhaul of the Mac OS X hacks 11 years ago
Daniel Roethlisberger 24e57d2a12 Add .gitattributes and cleanup .gitignore 
Exclude development-only files from the distribution tarball.
 11 years ago
Daniel Roethlisberger 23d7b7fe8d Update README for the APSL components 11 years ago
Daniel Roethlisberger d4d249fb87 Update NEWS 11 years ago
Daniel Roethlisberger a5660fa3c9 Update NEWS 11 years ago
Daniel Roethlisberger 2235e1aad9 Fix memory leak in fake cert generation code 
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally.  Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
 11 years ago
Daniel Roethlisberger 05410fe9b3 Enable SSL_MODE_RELEASE_BUFFERS by default 11 years ago
Daniel Roethlisberger 202b1270e3 Create session.pem without Internet connectivity 
Use openssl s_server in order to create a temporary SSL server for
creating an SSL session dump for the unit tests to work with.  This
removes the requirement of having Internet connectivity for running the
test suite, which prevented package builds from running the unit tests.
 11 years ago
Daniel Roethlisberger 54685bab6d Update NEWS 11 years ago
Daniel Roethlisberger 56842b2f63 Fix file descriptor leak in passthrough mode (-P) 
When using passthrough mode, if a connection to a server fails with an
SSL error, sslsplit falls back to plain TCP passthrough.  When
reconnecting with plain TCP, the SSL context was freed, but the file
descriptor was never closed.  The fix remedies that by calling the
proper cleanup function for the dst bev before reconnecting.

Reported by:	Peter Haag
 11 years ago
Daniel Roethlisberger e129041c1c Add some OpenSSL refcounting comments 11 years ago
Daniel Roethlisberger c8723506e7 Update NEWS 11 years ago
Daniel Roethlisberger e7ba15f184 Remove unused variable 11 years ago
Daniel Roethlisberger 4849a9738b Set ssl fields to NULL after freeing 11 years ago
Daniel Roethlisberger 7b09128ead Fix double free of SSL_CTX 
Remove a superfluous call to SSL_CTX_free() which caused SSL_CTX
structures to be free'd twice under some circumstances.

Issue:		#16
Reported by:	Amit Chowdhary
 11 years ago