Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
985 Commits
2 Branches
25 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ec816e7db6'
${ noResults }
Commit Graph

985 Commits (ec816e7db61e61b79479618991a8f466cc117ef3)
 

Author SHA1 Message Date
Daniel Roethlisberger b82ca9b414 Print status of free'd SSL structs in debug mode 11 years ago
Daniel Roethlisberger de27f40b04 Fix two typos in comments 11 years ago
Daniel Roethlisberger bccbdbf1cc Free SSL_CTX directly after calling SSL_new() 
Since SSL_new() increments the refcount of the passed SSL_CTX, free it
directly after handing it to SSL_new() instead of later after SSL_free().
 11 years ago
Daniel Roethlisberger a42db4d3fe Also undefine rdport in Mac pf support hack 11 years ago
Daniel Roethlisberger 6643d832d9 Add experimental support for pf on Mac OS X 
Support pf rdr on Mac OS X 10.7, 10.8 and 10.9 by including the missing
Apple headers in the source tree and enable private Apple code.  Since
we are using an interface marked private by Apple, this code is very
experimental.

Issue:		#15
Reported by:	Amit Chowdhary
 11 years ago
Daniel Roethlisberger 032605e9d3 Update khash to 0.2.8 11 years ago
Daniel Roethlisberger cfa5b15223 Fix dst bufferevent BEV_EVENT_CONNECTED handler 
This removes the spurious "Unknown bufferevent 0x80" debug message but
does not have any change in functionality, since return would have been
called anyway after falling down the debug message.

While here, remove the useless "ignoring event" debug message unless
DEBUG_PROXY is defined, and also print the timeout flag in debug mode.
 11 years ago
Daniel Roethlisberger a0bf21b1a4 Add basic pthread sanity check test case 
Issue:		#13
Reported by:	vinies
 11 years ago
Daniel Roethlisberger 90fd8ec28e Update NEWS 11 years ago
Daniel Roethlisberger 13ed7f8425 Slightly improve error logging on log init failure 
Issue:		#13
Reported by:	vinies
 11 years ago
Daniel Roethlisberger 06a02f946a Always explicitly name the non-null arguments 
Always explicitly name which arguments are non-null, even if all
arguments are non-null.  This is to avoid bugs where newly added
arguments are automatically non-null by accident, possibly leading to
optimisation errors.

This also fixes a few potential errors related to non-null arguments;
specifically it prevents the compiler optimising away a test for sni
being NULL in cachedsess_mkkey().

Issue:		#14
Reported by:	kythyria
 11 years ago
Daniel Roethlisberger ca923ee7f1 Update copyright notices to 2014 11 years ago
Daniel Roethlisberger 7839de3b0d Update NEWS 11 years ago
Daniel Roethlisberger 13c85ce5c1 Also build ipfw if pf is detected 
OpenBSD 4.7+ and FreeBSD 9.0+ also include ipfw-style divert-to in pf,
so build ipfw NAT engine as well if pf is detected.

Reported by:	Stuart Henderson
 11 years ago
Daniel Roethlisberger 8cc81c7f1c FreeBSD pf also has divert-to since 9.0-RELEASE 11 years ago
Daniel Roethlisberger 0987300e28 Improve IPFW and pf wording in the documentation 11 years ago
Daniel Roethlisberger 68a60b9734 Update manual page for OpenBSD 
Add configuration examples for both old and new OpenBSD pf syntax and
give an example of using OpenBSD pf divert sockets for redirection.
Based on the OpenBSD port patchset.

Reported by:	Stuart Henderson
 11 years ago
Daniel Roethlisberger fc29806663 Fix off by one error in thrmgr error cleanup code 
This should remove another potential source of segmentation faults when
the thread manager fails to start.

Issue:          #10
Reported by:    linuxton
 11 years ago
Daniel Roethlisberger 29f912096b More verbose debugging in pxy_thrmgr_run() 11 years ago
Daniel Roethlisberger 080604e3c2 Fix segfault after thread manager start failure 
This should fix the segmentation fault in issue #10 but not the
underlying reason why the thread manager fails to start in the first
place.

Issue:          #10
Reported by:    linuxton
 11 years ago
Daniel Roethlisberger a94dbc8c3a Refactor event handler for clarity 11 years ago
Daniel Roethlisberger 054ae555b5 Enable unit tests on Travis CI 11 years ago
Daniel Roethlisberger 22d98f2c21 Add Travis-CI configuration 11 years ago
Daniel Roethlisberger 33692df51a SSLsplit 0.4.7 release 11 years ago
Daniel Roethlisberger a0fd9c1050 Start thrmgr threads after forking 11 years ago
Daniel Roethlisberger c73ce64c16 Update README and manual page for HPKP prevention 11 years ago
Daniel Roethlisberger 1e67db0b66 Update NEWS after merge of feature/resphdrfilter 11 years ago
Daniel Roethlisberger 38280818f8 Add HTTP content-length to connect log 11 years ago
Daniel Roethlisberger b746a6f6bb Add HTTP response header filtering 
Filter response headers in order to remove HPKP headers.  As an added
benefit, parse the HTTP status code and add it to the connection log.
 11 years ago
Daniel Roethlisberger 82bbae7fde `make test` requires Internet connectivity 11 years ago
Daniel Roethlisberger b662906f9b SSLsplit 0.4.6 release 11 years ago
Daniel Roethlisberger 8fceac4201 Update NEWS for issue #9 11 years ago
Daniel Roethlisberger 2a4a9c8b23 Fix fallback to passthrough when no cert present 
Properly reset connection state when reconnecting the dst part of the
connection.  This fixes the fallback to passthrough when no certficates
are present which can be used to split the SSL.

Issue:          #9
Reported by:    ceear
 11 years ago
Daniel Roethlisberger ac9a2613e0 Only generate RSA leaf key if CA key present 
Issue:          #9
Reported by:    ceear
 11 years ago
Daniel Roethlisberger 9f23fb31aa Log new bev connections to debug log 11 years ago
Daniel Roethlisberger b06a2474f5 Shortcut errlog thrqueue in debug mode 11 years ago
Daniel Roethlisberger c972501063 Update copyright notices 11 years ago
Daniel Roethlisberger 711448759c Bind to ports before dropping privileges 
This fixes a regression which caused bind() to ports < 1024 to fail with
the default settings of dropping privileges to nobody.

Issue:          #8
Reported by:    Ian Grispan
 11 years ago
Daniel Roethlisberger f99e5e34a7 Improve workaround for OpenSSL 1.0.0k/1.0.1e 
Extend and improve the workaround introduced in commit 20b3f66120.
Automatically replace SSL_get_certificate() with a drop-in replacement
if a version of OpenSSL known to be broken is used.  This now covers the
use of SSL_get_certificate() within the connection manager as well and
resolves one more case where OpenSSL could crash.
 11 years ago
Daniel Roethlisberger 20b3f66120 Work around segfault with OpenSSL 1.0.0k/1.0.1e 
A bug in OpenSSL 1.0.0k and 1.0.1e caused sslsplit to crash when loading
certificates using SSL_get_certificate().  Work around the bug by
directly accessing the respective members of SSL* when using any of the
broken versions of OpenSSL.
 11 years ago
Daniel Roethlisberger f27dc964a5 Add warning for OpenSSL 1.0.1e bug causing crash 11 years ago
Daniel Roethlisberger 146188b750 Improve SNI peek debugging 11 years ago
Daniel Roethlisberger 469a6e470d Update TODO 11 years ago
Daniel Roethlisberger bd639bf847 Fix typo in comment 11 years ago
Daniel Roethlisberger d3a84b38f6 Add TODO item 12 years ago
Daniel Roethlisberger 92db084d25 Fix documentation of sys_sockaddr_parse() 12 years ago
Daniel Roethlisberger 37758dda59 SSLsplit 0.4.5 release 12 years ago
Daniel Roethlisberger 005ebd1b95 Fix syslog for more error cases 
Also fix issue #6 for target certificate loading error cases.
 12 years ago
Daniel Roethlisberger 6e6868c051 Update NEWS 12 years ago
Daniel Roethlisberger d3abdfd5dc Fix race condition on proxy startup failure 
Yield the CPU in the main thread until the proxy thread manager is fully
started.  Otherwise, the main thread could free the proxy thread manager
while the threads are still starting up, leading to a deadlock.
 12 years ago