Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • d20fd6fc62 Merge remote-tracking branch 'upstream/master' Bastard Operator from Hell 2019-05-08 12:16:08 +0000
  • d1a3328c58 Differentiate PassSite option from Passthrough option: PassSite does not require Passthrough now Remove redundant if conditions v0.6.0 Soner Tari 2019-05-02 19:06:48 +0300
  • c146b8a0ec Make sure sni and ssl_names are not null, fixes signal 11 crash reported by @janusloo Soner Tari 2019-05-01 00:35:15 +0300
  • 22ad78c8f9 Fix passthrough conn logging Soner Tari 2019-04-22 23:01:57 +0300
  • 26a73d797d Fix passsite struct free Soner Tari 2019-04-21 01:46:40 +0300
  • c3abe74776 Add client filtering to PassSite option, per site filters can be defined using client IP addresses, users, and description keywords Soner Tari 2019-04-21 01:00:46 +0300
  • 07a6c32e93 Update documentation with PassSite option Soner Tari 2019-04-20 01:13:06 +0300
  • 7e17bd198e Require ssl_names if passsite is set Soner Tari 2019-04-19 23:20:59 +0300
  • 119fc8e69e Improve passsite log messages and comments Soner Tari 2019-04-19 16:22:37 +0300
  • 7e8fcbcafa Move strncpy() call from passsite matching to initial PassSite setup Soner Tari 2019-04-19 04:21:41 +0300
  • ddeb9831ed Add PassSite option, if the site matches SNI or common names in the SSL certificate, the connection is passed through the proxy, issue #12 Soner Tari 2019-04-19 01:16:05 +0300
  • 89150fe4d6 Enable more ssl info in conn logs, especially common names in crts Soner Tari 2019-04-18 16:01:44 +0300
  • 24972bda48 Rearrange debug log messages Soner Tari 2019-04-03 20:23:30 +0300
  • 8c2fd3cc31 Replace recursion with while loop in child max fd computation and debug logging Soner Tari 2019-03-31 17:19:16 +0300
  • 3c8d6e7e4e Fix the location of the assertion checking NULL thr conns list, nice catch by this assert() call, that it is misplaced, so add further assertions Soner Tari 2019-03-29 15:38:03 +0300
  • 0eaf475193 Update documentation with the new user info in SSLproxy line Soner Tari 2019-03-28 17:06:07 +0300
  • f9b850f63b Add user info to SSLproxy header line, so listening programs know network users Debug print conf file option Soner Tari 2019-03-28 14:16:59 +0300
  • a76ce0e2b4 Remove any SSLproxy line, parent or child In case parent receives SSLproxy line from local network Soner Tari 2019-03-27 21:23:48 +0300
  • 11d1b64c1c Update version to 0.6.0 Soner Tari 2019-03-27 15:22:50 +0300
  • 9275315541 Add OpenFilesLimit option, use 50-10000, so user does not need to modify system-wide value now Soner Tari 2019-03-27 14:23:18 +0300
  • 074e5d6400 Add LeafKeyRSABits option for user to change leaf key RSA keysize in bits, so it can be set to 1024|2048|3072|4096 now Soner Tari 2019-03-27 03:07:36 +0300
  • a51cc7de57 Update RSA key size comments Soner Tari 2019-03-26 18:31:51 +0300
  • ea532a9464 Update with sslsplit develop ssl ctx improvements Soner Tari 2019-03-26 15:54:42 +0300
  • bee1a82bfc Improve error log messages and comments Soner Tari 2019-03-25 18:13:46 +0300
  • 44b125f77e Avoid malloc/free for vars of known sizes Soner Tari 2019-03-25 03:39:15 +0300
  • d0ad45e74d Fix autossl userauth: srvdst should call userauth and redirect too Soner Tari 2019-03-24 22:28:43 +0300
  • 040d00b546 Fix passthrough mode broken by the new pending ssl conns list: It is necessary to NULL the sslctx to prevent passthrough mode trying to access it (signal 11 crash) Note that we cannot redirect failed ssl connections to login page while switching to passthrough mode Remove now redundant pxy_fd_readcb() function Soner Tari 2019-03-24 15:57:03 +0300
  • 98c1186cb8 Improve documentation, and simplify code Soner Tari 2019-03-24 01:31:19 +0300
  • ad38b68ad7 Fix a possible multithreading issue: Ignore event_add() failure and do not try to close the conn after adding it to pending ssl conns list Soner Tari 2019-03-23 23:32:44 +0300
  • 50740b9f77 Remove redundant ctx fields, rename vars, rearrange code, and improve documentation Soner Tari 2019-03-23 20:41:59 +0300
  • 42eb887ebb Do not modify conn thread fields without locking on thrmgr thread, so we only modify thr load and thr conn list, no tread stats, on thrmgr now Soner Tari 2019-03-23 00:09:18 +0300
  • 072dbe2611 Fix privsep PRIVSEP_REQ_UPDATE_ATIME command: Do not request an fd from sys_recvmsgfd() and sys_sendmsgfd(), otherwise opens an stdin (fd 0), causing fd leak Remove redundant logging call Soner Tari 2019-03-22 19:19:39 +0300
  • bf67b617c2 Keep track of ssl conns waiting for the first packet, and remove them if they time out Otherwise if no packet arrives, hence readcb does not fire, that ssl conn is lost causing memory and fd leak Accepting a connection does not mean that a packet will be received Use better names Soner Tari 2019-03-22 15:21:39 +0300
  • dc788862a9 Reintroduce BEV_OPT_THREADSAFE flag, after a signal 10 crash involving buffer events Rearrange and fix fd close locations and conn termination Soner Tari 2019-03-21 06:06:56 +0300
  • 6f2cf92e51 Do not pass BEV_OPT_THREADSAFE flag to bufferevent new socket/filter functions anymore: Multithreading issues seems to be solved now Soner Tari 2019-03-19 17:17:57 +0300
  • e145ca6eed Refactor add/remove conn/child code Soner Tari 2019-03-19 02:08:53 +0300
  • cc0b94c17f Do not do anything with the conn ctx on the thrmgr thread after setting event callbacks and/or socket connect Always lock conn thr while reading ctx fields, otherwise we may get wrong values Soner Tari 2019-03-18 03:59:40 +0300
  • 17122fa6a8 Always keep thr load and conns list in sync Soner Tari 2019-03-17 18:57:33 +0300
  • c43e359a1b Do not modify thr stats without locking, otherwise max fd stats were sometimes wrong Soner Tari 2019-03-16 23:19:48 +0300
  • 3147723774 Add attribs, enclose debug params between debug macros, and improve documentation Soner Tari 2019-03-16 00:44:12 +0300
  • dcaaa49f90 Improve documentation and use better names Soner Tari 2019-03-15 15:39:15 +0300
  • 362a87ac6d Update documentation Soner Tari 2019-03-15 02:38:08 +0300
  • 79ad5e86cc Fix expired conn handling, signal 6 crash: Do not lock conn thr mutex twice while freeing expired conns Fix passthrough mode: Do not SSL_free() srvdst ssl anymore and do not add conn to thr conns list twice Soner Tari 2019-03-15 00:20:53 +0300
  • bf513b1c37 Improvements Soner Tari 2019-03-14 21:18:10 +0300
  • 844e68116a Move userauth from thrmgr thread to conn handling threads, and do not enable r/w callbacks until userauth succeeds Lock conn thread instead of thrmgr thread while adding conns (giant thrmgr lock versus conn thread level locks), so add conn thread mutex and remove thrmgr mutex Offload thrmgr thread by moving many conn related setup to conn handling threads Fix signal 6 crash caused by calling pxy_thrmgr_timer_cb() while failed conn is being freed, so use conn thread mutexes and defer adding conn to thr conn list until conn setup succeeds Other fixes, improvements, and clean-up Soner Tari 2019-03-14 03:47:03 +0300
  • 2f3fda5367 Do not try to close conns on the thrmgr thread after setting event callbacks and/or socket connect Use strncpy() instead of memcpy(), to limit max size with dest buffer Soner Tari 2019-03-13 17:11:54 +0300
  • 7b11eb15fa Update copyright year to 2019 Soner Tari 2019-03-13 14:42:40 +0300
  • 7eb0ebc814 Refactor fd usage code for code reuse Soner Tari 2019-03-12 21:41:16 +0300
  • 56c3bdf5d8 Do not try to term/close conns on the thrmgr thread after setting event callbacks and/or socket connect Soner Tari 2019-03-12 19:36:30 +0300
  • 76a599d464 Put the getdtablecount() solution back in, otherwise sometimes, although rarely, we get "Error 24 on listener: Too many open files" nonstop, it's better to be safe(r) Soner Tari 2019-03-11 02:41:16 +0300
  • 96ecd8e4c3 Pass BEV_OPT_THREADSAFE to bufferevent_socket_new() and similar functions, otherwise if we are out of fds, we get signal 10 or 6 crashes sometimes, nothing else seems to work Soner Tari 2019-03-11 01:56:09 +0300
  • 3a6f797917 Do not forget to reset sqlite stmt if userdb is busy or locked, otherwise we get stuck and go out of fds too Check retval of event_add() calls Reduce frequency of userdb atime updates by not updating until idle time reaches more than half of user timeout value, otherwise privsep server can get very busy causing locked userdb Do not care about multiple matches of IP addresses in arp cache on OpenBSD either Performance and code reuse improvements, simplifications Soner Tari 2019-03-10 04:26:00 +0300
  • 0d49ba56db Enable user auth support on Linux Soner Tari 2019-03-09 18:10:52 +0300
  • 4f4b41d5ad Add user and proto validation info to connection logs Soner Tari 2019-03-09 01:09:08 +0300
  • 56ddbcb5c8 Update version to 0.5.10 Soner Tari 2019-03-08 20:24:08 +0300
  • b6f2203495 Validate proxyspec protocols http, pop3, and smtp Soner Tari 2019-03-07 23:14:53 +0300
  • f3e7a359a6 Update documentation with user auth feature Soner Tari 2019-03-06 22:43:43 +0300
  • 6f37661772 Enable user auth for all supported protos or proxyspec types Soner Tari 2019-03-06 01:09:02 +0300
  • fcd24a2cbe Do not terminate redirected connection until src outbuf is empty, otherwise 302 redirection may not have been sent yet Soner Tari 2019-03-05 19:01:53 +0300
  • 1f451aa04d Change user db table name to users, change mac column name to ether Clean up Soner Tari 2019-03-02 03:44:14 +0300
  • c37bcc6de1 Add UserDBPath and UserTimeout options Soner Tari 2019-03-02 02:52:48 +0300
  • fd52ba0c56 Refactor, handle error conditions, and clean up Soner Tari 2019-03-02 02:04:53 +0300
  • cde3fbca3f Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD Get ethernet address and compare with the one in userdb, on each conn setup Create user_auth options Rename and clean-up Soner Tari 2019-03-01 02:08:24 +0300
  • 630c7131e8
         FreeBSD Compatibility 5u623l20 2019-02-21 02:13:24 +0600
  • fb25c45c66 Clean-up Soner Tari 2019-02-16 17:51:40 +0300
  • 304207e9e9 Add initial user database support using sqlite3 Soner Tari 2019-02-16 17:29:14 +0300
  • 19f68a2800 Fix documentation Soner Tari 2019-02-03 22:48:20 +0300
  • 588122b512 Explain support for remote listening programs in README Soner Tari 2019-01-07 01:05:48 +0300
  • e132b12d79 Support remote listening programs using ua and ra proxyspec options, address of remote listening program that decrypted packets are diverted to and address SSLproxy is listening for returned packets from remote listening program, respectively Soner Tari 2019-01-06 18:09:17 +0300
  • c0a943beb6 Release v0.5.9 v0.5.9 Soner Tari 2018-12-11 21:58:45 +0300
  • 87403615f9 Remove now unnecessary UNUSED attributes Soner Tari 2018-12-01 00:36:03 +0300
  • 670f609d7a Refactor logging code and fix memory leak Soner Tari 2018-11-30 14:28:51 +0300
  • 70a22f4515 Do not break the event loop if out of fds, instead properly check all retvals of libevent functions So remove getdtable*() solution Soner Tari 2018-11-30 02:49:37 +0300
  • f848248f54 Use better names and fix white space Soner Tari 2018-11-10 23:33:12 +0300
  • d0687b3398 Fix double init of protoctx, memory leak Free vars where they are allocated, always Soner Tari 2018-11-10 20:46:39 +0300
  • 83468afb1f Fix ssl setup error handling, ssl ctx does not have any proto arg, so arg is always null at that point Soner Tari 2018-11-10 19:22:16 +0300
  • 3f148cf3b9 Move thrmgr->conn_count inc for conn id back to conn acceptcb, because acceptcb runs on thrmgr thread which is single threaded, so there is no multithreading issues there Soner Tari 2018-11-09 12:32:16 +0300
  • 360b951ade Prevent possible multithreading issues, which would not cause crashes but incorrect conn ids and memory leaks due to broken thread conn linked lists Soner Tari 2018-11-09 02:10:08 +0300
  • 3d1ed7c8d2 Fix the link for The Risks of SSL Inspection, markdown doesn't like the new line in between caption and link Soner Tari 2018-11-06 21:44:25 +0300
  • 3fd02eee9d Use available_fds() on osx to detect out of file descriptors condition, borrowed from opensmtpd v0.5.8 Soner Tari 2018-11-03 20:57:50 +0300
  • e1d96a874e Disable getdtablecount() on osx, temporarily Soner Tari 2018-11-03 20:23:54 +0300
  • 7847486bc4 Try to fix travis osx build, osx does not have getdtablecount() either Soner Tari 2018-11-03 19:23:13 +0300
  • 77b81aa45f Fix travis osx build Soner Tari 2018-11-03 18:50:49 +0300
  • 52d37297b6 Update with sslsplit develop changes, especially content logging Change SIGHUP to behave like SIGUSR1 Soner Tari 2018-11-03 18:23:31 +0300
  • 12ecc96648 Assume co-ownership of refactored and new pxy and proto source files by adding copyright line below the original copyright line Soner Tari 2018-10-30 12:42:52 +0300
  • 87eb6ce004 Move conn end free function callback to conn end struct, proto ctx should not keep track of such conn end details, conn end should know which function to be called to free itself, we may have different protos on different ends of the same conn Improve and clean up Soner Tari 2018-10-29 21:38:42 +0300
  • 5351e78740 Combine term and enomem handling code and improve Soner Tari 2018-10-29 01:59:26 +0300
  • ca959ca391 Do not call topmost callback functions directly, use them in bufferevent setup only, otherwise can possibly cause double free of ctx Run preexec and postexec logging and/or stats code when calling interface callback functions directly, they are mostly called in edge cases, but otherwise we would miss related logs and/or stats Soner Tari 2018-10-28 23:51:22 +0300
  • 8c7b8bafcf Fix build warning with LibreSSL 2.8.2, id is const now Soner Tari 2018-10-27 00:30:09 +0300
  • 62b4760930 Improve messages for omitted tests Do not remove repo file session.pem Soner Tari 2018-10-26 18:13:17 +0300
  • 3d668aabb6 Minor improvements Soner Tari 2018-10-25 14:58:18 +0300
  • cd78d881c8 Fix passthrough mode double free crash and free any/all data of previous proto asap Improve and clean up Soner Tari 2018-10-23 04:02:00 +0300
  • d4a209cbfb Avoid redundant void to ctx type casts by passing ctx explicitly Soner Tari 2018-10-23 00:18:48 +0300
  • e8e8071772 Defer conn free until the exit code of topmost callback functions, for both parent and child connections, this is necessary to handle error conditions correctly and terminate connections gracefully So introduce term flags in ctx and replace free functions with term functions to raise the term flag, this approach enables us to terminate connection anywhere in the code without causing use after free crashes Improve and clean up Soner Tari 2018-10-22 23:13:42 +0300
  • c085cafe0f Rename srv_dst to srvdst Clean up Soner Tari 2018-10-22 16:12:07 +0300
  • adb99db518 Handle out of memory conditions correctly Do not do anything else with ctx while returning from topmost callback functions if it is freed Rename functions, improve, and clean up Soner Tari 2018-10-22 15:30:18 +0300
  • cbb9d593c4 Do not do anything else with ctx while returning from topmost callback functions if it is freed Handle out of memory conditions correctly Soner Tari 2018-10-22 01:57:15 +0300
  • 2aeec751e0 Handle out of memory conditions correctly Soner Tari 2018-10-22 00:18:27 +0300
  • 2f0e574f09 Fix autossl, but Evolution client sometimes does not send ehlo, especially after user rejects self-signed cert, which needs further investigation And other improvements Soner Tari 2018-10-21 22:01:46 +0300
  • c91d569723 Improve debug logging, log proto name on connect/disconnect Rename vars and functions Improve and clean up Soner Tari 2018-10-21 00:25:01 +0300