Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
574 Commits
2 Branches
25 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'v0.5.6'
${ noResults }
Commit Graph

574 Commits (v0.5.6)
 

Author SHA1 Message Date
Daniel Roethlisberger 769da7565e Style fix 9 years ago
Daniel Roethlisberger a08a7233ab Move free() to the else branch where it belongs 
This prevents free(NULL) in case of failures in ssl_x509_fingerprint().

Issue:		#103
Reported by:	@david-stratusee
 9 years ago
Daniel Roethlisberger f12dd5bb92 Fix debug mode memory leak of cert fingerprint 
Issue:		#103
Reported by:	Scot Loach
 9 years ago
Daniel Roethlisberger 3f39f589f2 Warn on OpenSSL version mismatch in debug mode 
Issue:		#88
 9 years ago
Daniel Roethlisberger 74f62c3e5e Refactor and unify ClientHello parsers 
Refactor and unify ssl_tls_clienthello_identify() and the earlier
ssl_tls_clienthello_parse_sni() into a single
ssl_tls_clienthello_parse() function that handles parsing ClientHello
messages for different purposes.  As a result, rename the debug knob
DEBUG_SNI_PARSER into DEBUG_CLIENTHELLO_PARSER.
 9 years ago
Daniel Roethlisberger 558ffb8d33 List the dependencies in the install notes 9 years ago
Daniel Roethlisberger 29f7ae7bb4 Add a note that pkg-config is used when available 9 years ago
Daniel Roethlisberger 64cc8ffcde Fix lib search w/o pkg-config w/multiple instances 
Fix automatic search for dependencies when multiple instances of the
same library are installed in different prefixes that we search, by
using the first one found.  Automatic search is only used when
pkg-config was not found.  This fixes compiler errors caused by spurious
path names within compiler or linker flags, such as

    ld: can't map file, errno=22 file '/usr/lib' for architecture x86_64
    clang: error: linker command failed with exit code 1 (use -v to see
    invocation)

While here, also make XNU header version fallback more robust and add
(diabled) version mappings for 10.10.2 and 10.10.3 which are not
published by Apple yet.

Issue:		#96
Reported by:	Jan Vilhuber
 9 years ago
Daniel Roethlisberger ad5de848c7 Refrain from naming a specific OpenSSL release 9 years ago
Daniel Roethlisberger bbbeb7c3a4 Further improve wording for clarity 9 years ago
Daniel Roethlisberger a0a27742dc Rewrite description for clarity 
Issue:		#60, #93
 9 years ago
Daniel Roethlisberger b765cb7e0f Update NEWS.md for #92 9 years ago
Daniel Roethlisberger 95d4a9bc35 Explicitly initialize OpenSSL with SSL proxy specs 
Make sure we always initialize OpenSSL explicitly, even if there are no
certificates or keys loaded or generated.  Previously, OpenSSL would
only have been initialized if the configuration actually uses
certificates or keys, which is not always the case, e.g. with -t
pointing to an empty directory.

Issue:		#92
Reported by:	xelalexv
 9 years ago
Daniel Roethlisberger dd0d3238ca Add sha1(NEWS.md) to BUILD_INFO when VERSION from dir 
Issue:		#85
 9 years ago
Daniel Roethlisberger 6671a82aed Rename genericstarttls to autossl and improve docs 
Issue:		#87
 9 years ago
Daniel Roethlisberger d7cccacc05 Move ssl_tls_clienthello_identify out of !OPENSSL_NO_TLSEXT 
Issue:		#87
 9 years ago
Daniel Roethlisberger 96b038ef9b Merge branch 'feature/starttls' of https://github.com/RichardPoole42/sslsplit into feature/autossl 9 years ago
Daniel Roethlisberger c28ca34fe1 Revert "bugfix: actually parse resolv.conf at startup" 
This reverts commit aaa4e94f84.

The initialize_nameservers argument to evdns_base_new was deliberately
not set to 1 because we call evdns_resolv_conf_parse manually later, as
we want more differentiated error reporting.

Issue:		#86
 9 years ago
Daniel Roethlisberger a9863c012b Add Richard Poole to contributor lists 9 years ago
Daniel Roethlisberger c7ba155ce9 Merge branch 'issue/86' into develop 
Issue:		#86
Reported by:	Richard Poole
 9 years ago
Richard Poole 5c8b5e30d5 connection upgrade feature: upgrade tcp to ssl on client hello 
This code looks at the beginning of each read from the src for something
that looks like an ssl client hello message; if it finds one it tries to
upgrade the connection to proxied ssl. So it works only in the simple
case where the connection has no binary data before the upgrade attempt
(so there are no false positives), and where the client hello comes at
the beginning of a packet from the source.
 9 years ago
Richard Poole aaa4e94f84 bugfix: actually parse resolv.conf at startup 9 years ago
Richard Poole 0f2714ed8a spelling fix 9 years ago
Richard Poole 1f1f7b5559 bugfix: correct calls to log_dbg_printf 9 years ago
Daniel Roethlisberger 330ea4a74c Clarify explanation of -t 
Issue:		#84
 9 years ago
Daniel Roethlisberger 62b4848998 Add debug mode output to list of things to provide 9 years ago
Daniel Roethlisberger 7badc2fc13 Move all test RSA keys from 1024 bit to 2048 bit 
Issue:		#83
 9 years ago
Daniel Roethlisberger 77109df8d2 Improve docs on autogenerated 1024 bit RSA leaf key 
Issue:		#83
 9 years ago
Daniel Roethlisberger 6e53e93d0f Move from sha1 to sha256 in examples and tests 
Note that OpenSSL may not support -sha256 on all platforms so we
actually check for support before using it in `make test`.  For the
examples, a modern version of OpenSSL that supports -sha256 is assumed.

Issue:		#83
 9 years ago
Daniel Roethlisberger 35dae31624 Rename badly named local var to avoid grep FPs 
Issue:		#83
 9 years ago
Daniel Roethlisberger 9b5006d6f7 Add PCFLAGS for additional pkg-config flags 
Allow for additional flags to pkg-config by means of a PCFLAGS variable.
This e.g. allows to set PCFLAGS='--static' for static builds in
combination with CFLAGS='-static' and LDFLAGS='-static'.

Issue:		#82
Reported by:	@kickwindbg
 9 years ago
Daniel Roethlisberger a14354d18b Allow uid, gid and mode of installed files to be tuned 
Introducing the overridable variables INSTALLUID, INSTALLGID, BINUID,
BINGID, BINMODE, MANUID, MANGID, MANMODE that allow overriding of uid,
gid and mode of installed files.  Note that this solution still has the
limitation that uid, gid and mode of created directories cannot be set.

Issue:		#81
Reported by:	Shiloh Heurich
 9 years ago
Daniel Roethlisberger 7ae02fa6d0 Merge branch 'master' into develop after 0.4.11 9 years ago
Daniel Roethlisberger 22b4d3c108 SSLsplit 0.4.11 maintenance release 9 years ago
Daniel Roethlisberger 317cd8190f Reorder major bug fixes 9 years ago
Daniel Roethlisberger c8e9f231bd Fix loading of certificate chains with OpenSSL 1.0.2 
SSLsplit was directly accessing `extra_certs` within `SSL_CTX` to get to
the extra certificates chain.  When building on OpenSSL 1.0.2 or newer,
use the new API instead of directly accessing `extra_certs`.

Issue:		#79
 9 years ago
Daniel Roethlisberger 580d2286b9 Record the actual XNU version detected 9 years ago
Daniel Roethlisberger 89860add8a Add XNU header selection fallback 
If the proper headers matching either the reported XNU version or OS X
version exactly cannot be found, use the latest headers that SSLsplit
knows about.  This fixes build on new releases of OS X that have no
source code published by Apple yet.
 9 years ago
Daniel Roethlisberger 992c90db3b Escape # in shell invocation 
This fixes the following make error on Mac OS X versions that we don't
explicitly support yet due to missing sources:

    GNUmakefile:55: *** unterminated call to function `shell': missing `)'.
    Stop.

Reported by:	Justin Garrick
 9 years ago
Daniel Roethlisberger 00253f34db Quote dollar signs in shell invocation 
Reported by:	Justin Garrick
 9 years ago
Daniel Roethlisberger d5e9d989d6 Remove make config from travis script 9 years ago
Daniel Roethlisberger 80b727054b Refactor proxyspec printing into proxyspec_str() 9 years ago
Daniel Roethlisberger da47cd3fe1 Improve documentation of build process 9 years ago
Daniel Roethlisberger e384d89b35 Replace percent in IPv6 addrs in filenames 
Percent is used to specify the interface for link-local addresses.
Even though this is not strictly necessary for NTFS, it makes sense to
replace percent with underscore as well to have cleaner filenames.

Also add some unit tests for sys_ip46str_sanitize() that actually test
the intended behaviour.
 9 years ago
Daniel Roethlisberger 0a67f845e6 Merge branch 'issue/74' into develop 
Issue:		#74
Submitted by:	Adam Jacob Muller
 9 years ago
Daniel Roethlisberger 568b5a681c Update documentation for new -F formats 9 years ago
Daniel Roethlisberger ce002378b8 Use more intuitive letters for new format specs 
%D for Destination host, %p for the (more interesting) destination port,
%S for Source host, %q for the (less interesting) source port.
 9 years ago
Daniel Roethlisberger e17108f9b7 Merge branch 'master' of https://github.com/AdamJacobMuller/sslsplit into issue/74 9 years ago
Daniel Roethlisberger 01d10b192a IPv6 addrs in filenames use underscore not colon 
Use underscore instead of colon for all IPv6 addresses in generated
filenames in order to generate NTFS clean filenames.

Issue:		#69
 9 years ago
Daniel Roethlisberger 914360eb5e Separate host and port into separate strings 
Store host and port in separate strings internally and get rid of the
[host]:port representation where separate host and port would be
cleaner.  This includes the following user-visible changes:

-   Generated filenames that contain host and port, such as by -S and
    -F %d and %s, now use a host,port format instead of [host]:port.

-   Connect log now uses separate fields for host and port.

Issue:		#69 #74
Reported by:	Adam Jacob Muller
 9 years ago