SSLproxy

Commit Graph

Author	SHA1	Message	Date
Landon Fuller	9d54677009	Add support for specifying an explicit group when dropping privileges. This simplifies my use of pf(4) when using group-based rules to exclude splitssl from redirection.	10 years ago
Landon Fuller	7a5147cddf	Add libproc to the build configuration.	10 years ago
Landon Fuller	8ef5011fcb	Enable Mac OS X 10.10 feature detection This is pointed at the 10.9 pf headers for testing, as the 10.10 kernel sources are unavailable.	10 years ago
Landon Fuller	ecbc84438a	Fix crash in strdup() when no default NAT engine is available.	10 years ago
Daniel Roethlisberger	85b177f6b0	Special device nodes may be needed for -j to work	10 years ago
Daniel Roethlisberger	47c409cbb5	Don't rely on OpenSSL to pull in string.h Obtained from: OpenBSD port patches	10 years ago
Daniel Roethlisberger	3226d9bfcf	No longer chroot() by default when run as root No longer implicitly use -j /var/empty by default and document clearly the implications of using -j with -S and/or sni proxyspecs. Issue: #21	11 years ago
Daniel Roethlisberger	db0fa32b07	Load -t certificates before dropping privileges Load the certificates from the directory given by -t into the certificate cache after preinit, but before dropping privileges. This fixes a number of issues, such as -t directory not being found after chroot()ing to a different root, -t directory inaccessible due to changing user with -u, and when using encrypted keys. This bug was introduced in `0675219` as a spurious part of fixing #5. Issue: #20, #19 Reported by: Miroslav Stampar	11 years ago
Daniel Roethlisberger	ac98c2d9cc	Fix segmentation fault when using -t without a CA The key type checks which are used to optimize the loading of DH and ECDH parameters should check the type of the supplied server key, not the global options key.	11 years ago
Daniel Roethlisberger	4bd9dd1fa7	Fix glob to be compatible with /bin/dash	11 years ago
Daniel Roethlisberger	53a948cd18	Improve dependency tracking for targets/ certs	11 years ago
Daniel Roethlisberger	349cd1f6ec	Add targets to .PHONY	11 years ago
Daniel Roethlisberger	f669fbbca7	Add unit test for sys_dir_eachfile() Issue: #19 Reported by: Miroslav Stampar	11 years ago
Daniel Roethlisberger	658bbfa6fe	SSLsplit master	11 years ago
Daniel Roethlisberger	c4ac9c60bc	SSLsplit 0.4.8 release	11 years ago
Daniel Roethlisberger	9d5641c0e0	Update NEWS	11 years ago
Daniel Roethlisberger	f348c1a372	Add libevent2 test for the weirdness that is issue #17	11 years ago
Daniel Roethlisberger	9338200705	Detect when libevent cannot parse resolv.conf Issue: #17 Reported by: Florian Schaefer	11 years ago
Daniel Roethlisberger	a80cbf73f4	Add some error-case debug messages to pxy_thrmgr_run()	11 years ago
Daniel Roethlisberger	fe558af0a3	Remove duplicates from FEATURES	11 years ago
Daniel Roethlisberger	e1d8a2a965	Lint fix: define some variables in smaller scope	11 years ago
Daniel Roethlisberger	cd358e245a	Make session.pem generation more portable	11 years ago
Daniel Roethlisberger	716139b169	Suppress SPDY/QUIC by removing Alternate-Protocol headers	11 years ago
Daniel Roethlisberger	6b99bde4fb	Only use -pthread on non-Darwin systems	11 years ago
Daniel Roethlisberger	ba991dcdf8	Minor overhaul of the Mac OS X hacks	11 years ago
Daniel Roethlisberger	24e57d2a12	Add .gitattributes and cleanup .gitignore Exclude development-only files from the distribution tarball.	11 years ago
Daniel Roethlisberger	23d7b7fe8d	Update README for the APSL components	11 years ago
Daniel Roethlisberger	d4d249fb87	Update NEWS	11 years ago
Daniel Roethlisberger	a5660fa3c9	Update NEWS	11 years ago
Daniel Roethlisberger	2235e1aad9	Fix memory leak in fake cert generation code The code in pxy_ossl_servername_cb() which generated the forged certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX struct after associating it with the SSL struct, which increments the reference count internally. Also add some comments explaining OpenSSL reference counting behaviour to be more explicit on what happens to the instances that OpenSSL keeps track of.	11 years ago
Daniel Roethlisberger	05410fe9b3	Enable SSL_MODE_RELEASE_BUFFERS by default	11 years ago
Daniel Roethlisberger	202b1270e3	Create session.pem without Internet connectivity Use openssl s_server in order to create a temporary SSL server for creating an SSL session dump for the unit tests to work with. This removes the requirement of having Internet connectivity for running the test suite, which prevented package builds from running the unit tests.	11 years ago
Daniel Roethlisberger	54685bab6d	Update NEWS	11 years ago
Daniel Roethlisberger	56842b2f63	Fix file descriptor leak in passthrough mode (-P) When using passthrough mode, if a connection to a server fails with an SSL error, sslsplit falls back to plain TCP passthrough. When reconnecting with plain TCP, the SSL context was freed, but the file descriptor was never closed. The fix remedies that by calling the proper cleanup function for the dst bev before reconnecting. Reported by: Peter Haag	11 years ago
Daniel Roethlisberger	e129041c1c	Add some OpenSSL refcounting comments	11 years ago
Daniel Roethlisberger	c8723506e7	Update NEWS	11 years ago
Daniel Roethlisberger	e7ba15f184	Remove unused variable	11 years ago
Daniel Roethlisberger	4849a9738b	Set ssl fields to NULL after freeing	11 years ago
Daniel Roethlisberger	7b09128ead	Fix double free of SSL_CTX Remove a superfluous call to SSL_CTX_free() which caused SSL_CTX structures to be free'd twice under some circumstances. Issue: #16 Reported by: Amit Chowdhary	11 years ago
Daniel Roethlisberger	b82ca9b414	Print status of free'd SSL structs in debug mode	11 years ago
Daniel Roethlisberger	de27f40b04	Fix two typos in comments	11 years ago
Daniel Roethlisberger	bccbdbf1cc	Free SSL_CTX directly after calling SSL_new() Since SSL_new() increments the refcount of the passed SSL_CTX, free it directly after handing it to SSL_new() instead of later after SSL_free().	11 years ago
Daniel Roethlisberger	a42db4d3fe	Also undefine rdport in Mac pf support hack	11 years ago
Daniel Roethlisberger	6643d832d9	Add experimental support for pf on Mac OS X Support pf rdr on Mac OS X 10.7, 10.8 and 10.9 by including the missing Apple headers in the source tree and enable private Apple code. Since we are using an interface marked private by Apple, this code is very experimental. Issue: #15 Reported by: Amit Chowdhary	11 years ago
Daniel Roethlisberger	032605e9d3	Update khash to 0.2.8	11 years ago
Daniel Roethlisberger	cfa5b15223	Fix dst bufferevent BEV_EVENT_CONNECTED handler This removes the spurious "Unknown bufferevent 0x80" debug message but does not have any change in functionality, since return would have been called anyway after falling down the debug message. While here, remove the useless "ignoring event" debug message unless DEBUG_PROXY is defined, and also print the timeout flag in debug mode.	11 years ago
Daniel Roethlisberger	a0bf21b1a4	Add basic pthread sanity check test case Issue: #13 Reported by: vinies	11 years ago
Daniel Roethlisberger	90fd8ec28e	Update NEWS	11 years ago
Daniel Roethlisberger	13ed7f8425	Slightly improve error logging on log init failure Issue: #13 Reported by: vinies	11 years ago
Daniel Roethlisberger	06a02f946a	Always explicitly name the non-null arguments Always explicitly name which arguments are non-null, even if all arguments are non-null. This is to avoid bugs where newly added arguments are automatically non-null by accident, possibly leading to optimisation errors. This also fixes a few potential errors related to non-null arguments; specifically it prevents the compiler optimising away a test for sni being NULL in cachedsess_mkkey(). Issue: #14 Reported by: kythyria	11 years ago

... 7 8 9 10 11 ...

574 Commits (v0.5.6) All Branches Search

574 Commits (v0.5.6)

All Branches