Commit Graph

1010 Commits

Author SHA1 Message Date
Soner Tari
9c76563cee Fix mistake: return address -> divert address 2020-12-23 11:01:31 +03:00
Soner Tari
177f6a3b52 Improve overview 2020-12-22 00:56:34 +03:00
Soner Tari
def65e195c Update man page with README
Improve README
2020-12-20 18:04:43 +03:00
Soner Tari
f1e9de7386 Improve documentation 2020-12-20 15:40:28 +03:00
Soner Tari
f254ac1586 Add info on DivertUsers and PassUsers options 2020-12-18 00:04:23 +03:00
Soner Tari
aded848043 Release v0.8.2 2020-12-15 17:12:50 +03:00
Soner Tari
e2bf278933 Allow mirroring without explicit target
Allow omitting the -T option, indicating the target is irrelevant.

The use case is an IDS sensor listening on a dummy interface for the
packets sslsplit produces. The IDS will listen in promisc mode, so the
target is irrelevant.

Copied from sslsplit.
2020-12-14 17:45:22 +03:00
Soner Tari
463aa1a71e Fix doc typo 2020-12-14 16:23:06 +03:00
Soner Tari
151b305c2f Do not pass null arg to log_*_printf()
vfprintf %s NULL in "Error from bufferevent: %i:%s %lu:%i:%s:%i:%s:%i:%s
"
Error from bufferevent: 32:Broken pipe 50327584:32:Broken pipe:2:system
library:4095:(null)
2020-12-14 16:22:42 +03:00
Soner Tari
4c94853fc5 Disable UserAuth in main.mk if we are not on OpenBSD or Linux
Fixes osx build after updates to userauth
2020-11-14 13:08:29 +03:00
Soner Tari
80d10a94c3 Move classify_user into identify_user
Otherwise, we cannot classify user if we need to issue identify_user
events, in case database is busy or locked. We should call classify_user
callback right after the user is identified.
So we introduce classify_user callback to achieve that, which fixes the
classify_user behavior for autssl proto too.

Return void in pxy_userauth
Fix typo in clasify
2020-11-13 19:01:45 +03:00
Soner Tari
4f3ce763ac Add DivertUsers and PassUsers options
Update documentation
2020-11-13 13:03:29 +03:00
Soner Tari
6c0b981831 Update version to 0.8.1
Update TLS 1.3 documentation.
2020-09-08 14:33:25 +03:00
Soner Tari
4ee7bbcf15 Fix whitespace 2020-08-27 12:00:34 +03:00
Soner Tari
e209a04268 Fix line_num reported if conf file contains structured proxyspecs 2020-08-26 00:12:13 +03:00
Soner Tari
6f5a7ceeb1 Add WITHOUT_USERAUTH switch 2020-08-25 23:32:32 +03:00
Soner Tari
ca79405769 Fix doc for MaxSSLProto default as tls13 2020-07-25 11:35:52 +03:00
Soner Tari
e51afcfe4a Fix default CipherSuites 2020-07-23 12:39:05 +03:00
Soner Tari
176570c4a4 Silence warning about <sys/sysctl.h> deprecated on Linux
/usr/include/x86_64-linux-gnu/sys/sysctl.h:21:2: warning: #warning "The
<sys/sysctl.h> header is deprecated and will be removed." [-Wcpp]
2020-07-22 15:47:48 +03:00
Soner Tari
b679439c9f Silence warning about output truncated before terminating nul by gcc 9.3.0
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning:
‘__builtin_strncpy’ output truncated before terminating nul copying as
many bytes from a string as its length [-Wstringop-truncation]
2020-07-22 14:56:15 +03:00
Soner Tari
25ec9d58bc Silence alignment warning by gcc 9.3.0
logpkt.c:351:3: warning: converting a packed ‘ip4_hdr_t’ {aka ‘struct
<anonymous>’} pointer (alignment 1) to a ‘uint16_t’ {aka ‘short unsigned
int’} pointer (alignment 2) may result in an unaligned pointer value
[-Waddress-of-packed-member]
2020-07-22 14:45:10 +03:00
Soner Tari
ad21615dbe Add -U to getopt() shortopts 2020-07-06 23:24:46 +03:00
Soner Tari
af27340889 Add -U CipherSuites option 2020-06-27 23:54:56 +03:00
Soner Tari
3f2d0d56d6 Fix debug dump for no_tls12/no_tls13 2020-06-25 21:28:46 +03:00
Soner Tari
fade72ec0d Move main.mk under Mk folder and improve make files 2020-06-23 13:00:05 +03:00
Soner Tari
1a3a2fb9f6 Add missing HAVE_TLSV13 code 2020-06-23 12:59:05 +03:00
Soner Tari
2f89a27551 Use Testproxy v0.0.3 2020-06-21 13:10:27 +03:00
Soner Tari
8989873332 Add sni assertions to testproxy e2e tests for tls12 and tls13 2020-06-21 12:02:21 +03:00
Soner Tari
1403c4eda1 Fix travis for ssl libs without tls13, add no_tls13 e2e tests 2020-06-20 23:31:32 +03:00
Soner Tari
f9c8ecbc69 Fix build with LibreSSL 3.1.2, which does not have tls13 2020-06-20 22:14:33 +03:00
Soner Tari
ee41c72666 Add tls13 support
Add e2e tests for tls13 too
2020-06-20 21:24:53 +03:00
Soner Tari
9da7437919 Release v0.8.0 2020-05-24 00:22:23 +03:00
Soner Tari
826b612c1e Fix build version
Improve documentation
2020-05-21 16:22:32 +03:00
Soner Tari
3fe0e5f1eb Move tmp global opts vars to new tmp struct
The global opts strings in this new tmp struct are used while cloning
global opts into proxyspec opts. A var of this type is passed around as
a flag to indicate if these opts are global (if non-NULL), so should be
stored in that struct and used as such, or proxyspec specific (if NULL),
so should not be used as global. This var is temporary, hence freed
immediately after configuration is complete.
Also improve and clean up.
2020-05-15 19:18:13 +03:00
Soner Tari
6abfa01252 Free all structs created for testing 2020-05-14 12:07:14 +03:00
Soner Tari
59ce88b1ac Move tmp proxyspec vars to new tmp struct
These vars are used while configuring proxyspecs, and freed right after
they are used. So they should not be in proxyspec struct.
Refactor accordingly.
2020-05-14 00:14:40 +03:00
Soner Tari
4a1980d4a5 Add check unit tests for protocol validation and util_get_first_word_len()
Also improve and clean up
2020-05-13 21:24:08 +03:00
Soner Tari
e3b0ba94d8 Accept space, tab, cr, and nl chars after POP3 and SMTP commands
POP3 clients may and do append CRLF to commands.
So use the new util_get_first_word_len() function.
2020-05-12 15:48:05 +03:00
Soner Tari
01577657fd Clean up DOCKER directives 2020-05-12 12:02:53 +03:00
Soner Tari
ef2edff60a Improve string comparisons
We need case-insensitive comparison validating POP3 and SMTP commands.
Define macro function to check string equality.
2020-05-12 01:28:41 +03:00
Soner Tari
ac4285cef1 Fix POP3 and SMTP protocol validation, thanks to the new testproxy e2e tests
Add testproxy e2e tests for POP3 and SMTP protocol validation.

We have detected that POP3 and SMTP protocol validation was broken
thanks to these new testproxy e2e tests. This is yet another example why
e2e tests are important.
2020-05-11 17:01:38 +03:00
Soner Tari
f3ac5ee4f2 Move passsite flag to sslctx
The passsite flag is ssl specific.
2020-05-10 21:53:24 +03:00
Soner Tari
f8580d6ac7 Update news
This is the first SSLproxy specific changelog.
2020-05-09 22:16:44 +03:00
Soner Tari
313da5cfca Add -A DefaultLeafCert option
Rename LeafCerts to LeafKey, TargetCertDir to LeafCertDir, CRL to
LeafCRLURL
2020-05-09 22:14:50 +03:00
Soner Tari
aba07a53ee Disable conn ids unless debugging
We don't need parent or child ids unless debugging. IDLE and EXPIRED
conn logs do not need to report ids either. Ids are useful only in
detailed debug logs.
2020-05-08 01:11:50 +03:00
Soner Tari
5285b9e433 Fix valgrind REDIR warning about strncpy(), use memcpy() instead
REDIR: 0x562c100 (libc.so.6:__strncpy_ssse3) redirected to 0x4c32fb0
(strncpy)
The src strings are not NULL terminated at the correct positions.
2020-05-07 14:06:09 +03:00
Soner Tari
11f92e3ce8 Add unique child id, set to the children count of parent conn
This is necessary to uniquely identify child conns. The src fd of child
conns was possibly not unique. We use this id in debug logs only.
Also relocate the update code related with this id.
2020-05-07 13:45:13 +03:00
Soner Tari
519e82a624 Warn unused result of max() 2020-05-07 13:38:50 +03:00
Soner Tari
be80523036 Use the new inline max() function instead of MAX() macro function in sslproxy
Do not pass pxy_thr_print_children() or bufferevent_getfd() to MAX() or
util_max() macro functions as params, or else they are called twice.
Since MAX() macro call duplicates params, do not call it nested either,
or else we get very long macro expansions.
2020-05-07 00:10:42 +03:00
Soner Tari
e63d6dd3aa Remove BEV_OPT_THREADSAFE in lp too
thrmgr and conn handling threads in lp are cleanly decoupled now.
2020-05-06 23:54:50 +03:00