Soner Tari
|
3cbcffcebc
|
Reuse parent srvdst as dst of first child to avoid connecting to server twice, first conn was to get server cert for forging, so we xfer srvdst to first child after parent does not need it anymore
|
5 years ago |
Soner Tari
|
78ba1e075c
|
Debug print SSLproxy line on lp
|
5 years ago |
Soner Tari
|
2cb6dd573e
|
Remove lp binary
|
5 years ago |
Soner Tari
|
e8f9f216a9
|
Add lp listening program and testproxy tests under extra
|
5 years ago |
Soner Tari
|
c54cb627a1
|
Fix passthrough mode engage upon srvdst ssl error
|
5 years ago |
Soner Tari
|
6b8b819daa
|
Add sample struct proxyspec
|
5 years ago |
Soner Tari
|
e1aac3a69d
|
Fix main_check_opts
|
5 years ago |
Soner Tari
|
8484c8b927
|
Fix handling of proxyspec struct closing brace
|
5 years ago |
Soner Tari
|
c9769b0d89
|
Fix global opts lprocinfo
|
5 years ago |
Soner Tari
|
f42e682f59
|
Fix unit tests
|
5 years ago |
Soner Tari
|
58eb907d69
|
Separate global and proxyspec opts
|
5 years ago |
Soner Tari
|
d6f0f4cdc7
|
Create proxyspec options
|
5 years ago |
Soner Tari
|
57ae6f07a5
|
Update OCSP denied comments
|
5 years ago |
Soner Tari
|
70fa08a36a
|
Fix OCSP denied response
|
5 years ago |
Soner Tari
|
3b25ea2e34
|
Fix http method validation: Compare 1 byte longer than method len, so that GET1 is not validated as GET
|
5 years ago |
Soner Tari
|
a7d671169c
|
Fix handling of HTTP Accept-Encoding
|
5 years ago |
Soner Tari
|
d50bb0bfa6
|
Fix proto http child setup
|
5 years ago |
Soner Tari
|
f6a8522d1e
|
Enable -O2 optimization, remove -g
Clean up gitignore
Fix typos
|
5 years ago |
Soner Tari
|
1c8a837df1
|
Fix FreeBSD support: Call available_fds() on FreeBSD too
|
5 years ago |
Soner Tari
|
adee22db09
|
Fix FreeBSD support, pr #13 by @5u623l20
FreeBSD does not have getdtablecount() and needs netinet/in.h
|
5 years ago |
Soner Tari
|
d1a3328c58
|
Differentiate PassSite option from Passthrough option: PassSite does not require Passthrough now
Remove redundant if conditions
|
6 years ago |
Soner Tari
|
c146b8a0ec
|
Make sure sni and ssl_names are not null, fixes signal 11 crash reported by @janusloo
|
6 years ago |
Soner Tari
|
22ad78c8f9
|
Fix passthrough conn logging
|
6 years ago |
Soner Tari
|
26a73d797d
|
Fix passsite struct free
|
6 years ago |
Soner Tari
|
c3abe74776
|
Add client filtering to PassSite option, per site filters can be defined using client IP addresses, users, and description keywords
|
6 years ago |
Soner Tari
|
07a6c32e93
|
Update documentation with PassSite option
|
6 years ago |
Soner Tari
|
7e17bd198e
|
Require ssl_names if passsite is set
|
6 years ago |
Soner Tari
|
119fc8e69e
|
Improve passsite log messages and comments
|
6 years ago |
Soner Tari
|
7e8fcbcafa
|
Move strncpy() call from passsite matching to initial PassSite setup
|
6 years ago |
Soner Tari
|
ddeb9831ed
|
Add PassSite option, if the site matches SNI or common names in the SSL certificate, the connection is passed through the proxy, issue #12
|
6 years ago |
Soner Tari
|
89150fe4d6
|
Enable more ssl info in conn logs, especially common names in crts
|
6 years ago |
Soner Tari
|
24972bda48
|
Rearrange debug log messages
|
6 years ago |
Soner Tari
|
8c2fd3cc31
|
Replace recursion with while loop in child max fd computation and debug logging
|
6 years ago |
Soner Tari
|
3c8d6e7e4e
|
Fix the location of the assertion checking NULL thr conns list, nice catch by this assert() call, that it is misplaced, so add further assertions
|
6 years ago |
Soner Tari
|
0eaf475193
|
Update documentation with the new user info in SSLproxy line
|
6 years ago |
Soner Tari
|
f9b850f63b
|
Add user info to SSLproxy header line, so listening programs know network users
Debug print conf file option
|
6 years ago |
Soner Tari
|
a76ce0e2b4
|
Remove any SSLproxy line, parent or child
In case parent receives SSLproxy line from local network
|
6 years ago |
Soner Tari
|
11d1b64c1c
|
Update version to 0.6.0
|
6 years ago |
Soner Tari
|
9275315541
|
Add OpenFilesLimit option, use 50-10000, so user does not need to modify system-wide value now
|
6 years ago |
Soner Tari
|
074e5d6400
|
Add LeafKeyRSABits option for user to change leaf key RSA keysize in bits, so it can be set to 1024|2048|3072|4096 now
|
6 years ago |
Soner Tari
|
a51cc7de57
|
Update RSA key size comments
|
6 years ago |
Soner Tari
|
ea532a9464
|
Update with sslsplit develop ssl ctx improvements
|
6 years ago |
Soner Tari
|
bee1a82bfc
|
Improve error log messages and comments
|
6 years ago |
Soner Tari
|
44b125f77e
|
Avoid malloc/free for vars of known sizes
|
6 years ago |
Soner Tari
|
d0ad45e74d
|
Fix autossl userauth: srvdst should call userauth and redirect too
|
6 years ago |
Soner Tari
|
040d00b546
|
Fix passthrough mode broken by the new pending ssl conns list: It is necessary to NULL the sslctx to prevent passthrough mode trying to access it (signal 11 crash)
Note that we cannot redirect failed ssl connections to login page while switching to passthrough mode
Remove now redundant pxy_fd_readcb() function
|
6 years ago |
Soner Tari
|
98c1186cb8
|
Improve documentation, and simplify code
|
6 years ago |
Soner Tari
|
ad38b68ad7
|
Fix a possible multithreading issue: Ignore event_add() failure and do not try to close the conn after adding it to pending ssl conns list
Debug print pending ssl conns list
Remove redundant asprintf() calls and vars
Rename fields and fix whitespace
|
6 years ago |
Soner Tari
|
50740b9f77
|
Remove redundant ctx fields, rename vars, rearrange code, and improve documentation
|
6 years ago |
Soner Tari
|
42eb887ebb
|
Do not modify conn thread fields without locking on thrmgr thread, so we only modify thr load and thr conn list, no tread stats, on thrmgr now
|
6 years ago |