Daniel Roethlisberger
7ad1deb680
Document intended use of SSLsplit
2012-05-11 18:12:22 +02:00
Daniel Roethlisberger
a3b6d58df4
State why ECDH is disabled with OpenSSL < 1.0.0e
2012-05-11 18:03:07 +02:00
Daniel Roethlisberger
38d22415af
Generic EC loading, new default curve 'secp160r2'
2012-05-11 17:39:12 +02:00
Daniel Roethlisberger
6d58824de2
Fix typo in manual page
2012-05-03 01:01:57 +02:00
Daniel Roethlisberger
759ce87ff9
Add some basic unit tests for dynbuf
2012-05-03 00:54:10 +02:00
Daniel Roethlisberger
707480a1dd
Add file comments
2012-05-02 16:24:33 +02:00
Daniel Roethlisberger
a592f7149c
Improve error handling for no origcrt situations
2012-05-02 15:37:47 +02:00
Daniel Roethlisberger
605c1ab6e6
Improve error recovery under low memory conditions
2012-05-02 15:02:59 +02:00
Daniel Roethlisberger
2d1ad219b9
Change default cipher suite to "ALL:-aNULL"
2012-05-02 14:59:47 +02:00
Daniel Roethlisberger
1bd2872b20
DH group parameters are also loaded from -c
2012-05-02 13:46:18 +02:00
Daniel Roethlisberger
0e19243307
Reorder wildcard rules and improve error messages
2012-05-02 13:35:36 +02:00
Daniel Roethlisberger
43df203914
Handle empty strings correctly in URL routines
2012-05-01 02:01:31 +02:00
Daniel Roethlisberger
b6a0ff0c76
Free proxyspecs if they (unexpectedly) parse okay
2012-05-01 01:47:01 +02:00
Daniel Roethlisberger
ddbb945406
Rename unit test sources to fix language detection
2012-05-01 01:42:59 +02:00
Daniel Roethlisberger
90351cda7f
Handle SSL_ERROR_SSL quietly when shutting down
2012-04-30 23:27:51 +02:00
Daniel Roethlisberger
5861d786f5
Update TODO
2012-04-30 23:27:41 +02:00
Daniel Roethlisberger
982ad89f2f
Add generation of a password protected RSA key
2012-04-30 22:48:19 +02:00
Daniel Roethlisberger
e6c7b2e3ca
Mention PKG_CONFIG_PATH
2012-04-23 01:03:38 +02:00
Daniel Roethlisberger
fa425e08d4
Fix PURIFY and warn when not seeding the RNG
2012-04-23 00:51:02 +02:00
Daniel Roethlisberger
439e8a8267
Use WUNRES and MALLOC attribs and fix sloppy code
2012-04-23 00:35:17 +02:00
Daniel Roethlisberger
64cf874925
Header self-sufficience cleanup round
2012-04-23 00:33:33 +02:00
Daniel Roethlisberger
7aca81a7b7
Improve CA cert/key config code and docs
...
Make -c and -k functional twins by also loading DH params in -c and by
fixing certificate loading in -k. Improve the documentation for both
switches and simplify the SYNOPSIS in sslsplit(1).
2012-04-22 22:59:00 +02:00
Daniel Roethlisberger
c5335afc3b
Handle empty strings correctly in Base64 routines
2012-04-22 22:30:32 +02:00
Daniel Roethlisberger
3fd9084fe1
Quickly decide on GET URIs obviously not OCSP
2012-04-22 21:55:19 +02:00
Daniel Roethlisberger
ee98c04b29
Add generic OCSP denial
2012-04-22 19:12:38 +02:00
Daniel Roethlisberger
bd86854be6
Add URL decoder
2012-04-22 18:39:15 +02:00
Daniel Roethlisberger
a224d1e7e8
Add facility to recognize OCSP requests
2012-04-22 18:02:58 +02:00
Daniel Roethlisberger
f354aecfd9
Add base64 encoder and decoder implementations
2012-04-22 17:59:49 +02:00
Daniel Roethlisberger
480dbca2bb
Remove bogus test case numbers
2012-04-22 16:47:29 +02:00
Daniel Roethlisberger
9f40fbc473
Replace empty strings with dash when logging
2012-04-22 13:36:44 +02:00
Daniel Roethlisberger
07d591fccf
Skip whitespace when parsing HTTP headers
2012-04-22 13:35:08 +02:00
Daniel Roethlisberger
f57062ccda
Add __attribute__((pure))
2012-04-22 13:25:57 +02:00
Daniel Roethlisberger
083b02d78d
Minor reformatting
2012-04-22 12:43:23 +02:00
Daniel Roethlisberger
94b5e8ba7b
Revert CDP syntax to be OpenSSL 0.9.x compatible
2012-04-18 00:05:15 +02:00
Daniel Roethlisberger
8474346ed9
Rebuild certs after config changes
2012-04-18 00:05:15 +02:00
Daniel Roethlisberger
8b520cf4de
Redirect BSD make to GNU make
2012-04-18 00:02:14 +02:00
Daniel Roethlisberger
d4be8c3e38
Refactor ssl_x509_names_to_str() for maintainability
2012-04-17 23:35:43 +02:00
Daniel Roethlisberger
04c9112621
Add OCSP URL parsing
2012-04-17 23:03:59 +02:00
Daniel Roethlisberger
c75e0569b3
Fix ssl_x509_names() DNSName segfault
2012-04-17 22:59:15 +02:00
Daniel Roethlisberger
6a93c73164
Add test server cert with OCSP and CDP extensions
2012-04-17 22:44:06 +02:00
Daniel Roethlisberger
ae306f3b0b
Fix ssl_x509_names() to NULL-terminate buffer
2012-04-17 21:55:47 +02:00
Daniel Roethlisberger
557537957f
Use FORCE target to force rebuild of version.o
2012-04-13 22:55:48 +02:00
Daniel Roethlisberger
423c1b0a32
Move volatile build-time information into separate compilation unit
2012-04-13 22:40:36 +02:00
Daniel Roethlisberger
cf0f3e66aa
Avoid using the non-portable echo -e
2012-04-13 22:22:57 +02:00
Daniel Roethlisberger
f76077c00f
Undefine IPv6 compat defs to fix nat_version()
...
For Linux netfilter, IPV6_ORIGINAL_DST and SOL_IPV6 are defined to
SO_ORIGINAL_DST and SOL_IP respectively if they are not defined by the
system headers (they aren't defined on vanilla kernels). Undefine these
compatibility definitions after use, in order not to mess up the
diagnostic output of nat_version().
2012-04-13 21:14:33 +02:00
Daniel Roethlisberger
419cb7d31f
Add targets for manual page conversion
2012-04-13 15:25:07 +02:00
Daniel Roethlisberger
4cfdef405a
Initial import of sslsplit-0.4.2
2012-04-13 14:47:30 +02:00