Archives/SSLproxy
2
0
Fork 0
mirror of https://github.com/sonertari/SSLproxy synced 2024-10-31 21:20:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
6643d832d9
SSLproxy/GNUmakefile
Daniel Roethlisberger 6643d832d9 Add experimental support for pf on Mac OS X 
Support pf rdr on Mac OS X 10.7, 10.8 and 10.9 by including the missing
Apple headers in the source tree and enable private Apple code.  Since
we are using an interface marked private by Apple, this code is very
experimental.

Issue:		#15
Reported by:	Amit Chowdhary
2014-01-10 15:03:13 +01:00

406 lines
11 KiB
Makefile
Raw Blame History

### OpenSSL tweaking
# Define to use dubious hacks to decrease OpenSSL memory consumption.
#FEATURES+= -DUSE_FOOTPRINT_HACKS
# Define to disable server-mode SSL session caching for SSLv2 clients.
# This is needed if SSL session resumption fails with a bufferevent error:
# "illegal padding in SSL routines SSL2_READ_INTERNAL".
FEATURES+= -DDISABLE_SSLV2_SESSION_CACHE
# Define to disable server-mode SSLv2 completely, but still use SSL23 method.
#FEATURES+= -DDISABLE_SSLV2_SERVER
# Define to make SSLsplit set a session id context in server mode.
#FEATURES+= -DUSE_SSL_SESSION_ID_CONTEXT
### Debugging
# These flags are added to CFLAGS iff building from a git repo.
DEBUG_CFLAGS?= -g
#DEBUG_CFLAGS+= -Werror
# Define to remove false positives when debugging memory allocation.
# Note that you probably want to build OpenSSL with -DPURIFY too.
#FEATURES+= -DPURIFY
# Define to add proxy state machine debugging; dump state in debug mode.
#FEATURES+= -DDEBUG_PROXY
# Define to add certificate debugging; dump all certificates in debug mode.
#FEATURES+= -DDEBUG_CERTIFICATE
# Define to add SSL session cache debugging; dump all sessions in debug mode.
#FEATURES+= -DDEBUG_SESSION_CACHE
# Define to add debugging of parsing the SNI from the SSL ClientHello.
#FEATURES+= -DDEBUG_SNI_PARSER
# Define to add thread debugging; dump thread state when choosing a thread.
#FEATURES+= -DDEBUG_THREAD
### Mac OS X missing pf headers hacks
ifeq ($(shell uname),Darwin)
ifeq ($(basename $(basename $(shell uname -r))),11)
FEATURES+= -DHAVE_PF
PKG_CPPFLAGS+= -I./xnu/10.7
endif
ifeq ($(basename $(basename $(shell uname -r))),12)
FEATURES+= -DHAVE_PF
PKG_CPPFLAGS+= -I./xnu/10.8
endif
ifeq ($(basename $(basename $(shell uname -r))),13)
FEATURES+= -DHAVE_PF
PKG_CPPFLAGS+= -I./xnu/10.9
endif
endif
### Autodetected features
# Autodetect pf
ifneq ($(wildcard /usr/include/net/pfvar.h),)
FEATURES+= -DHAVE_PF
# OpenBSD 4.7+ and FreeBSD 9.0+ also include ipfw-style divert-to in pf
FEATURES+= -DHAVE_IPFW
endif
# Autodetect ipfw
ifneq ($(wildcard /sbin/ipfw),)
FEATURES+= -DHAVE_IPFW
endif
# Autodetect ipfilter
ifneq ($(wildcard /usr/include/netinet/ip_fil.h),)
FEATURES+= -DHAVE_IPFILTER
endif
# Autodetect netfilter
ifneq ($(wildcard /usr/include/linux/netfilter.h),)
FEATURES+= -DHAVE_NETFILTER
endif
### Variables you might need to override
PREFIX?= /usr/local
OPENSSL?= openssl
PKGCONFIG?= pkg-config
BASENAME?= basename
CAT?= cat
GREP?= grep
INSTALL?= install
MKDIR?= mkdir
SED?= sed
### Variables only used for developer targets
KHASH_URL?= https://github.com/attractivechaos/klib/raw/master/khash.h
XNU_URL?= https://raw2.github.com/opensource-apple/xnu/
GPGSIGNKEY?= 0xB5D3397E
CPPCHECK?= cppcheck
GPG?= gpg
GIT?= git
WGET?= wget
WGET_FLAGS?= --no-check-certificate
BZIP2?= bzip2
COL?= col
LN?= ln
MAN?= man
TAR?= tar
### You should not need to touch anything below this line
TARGET:= sslsplit
PNAME:= SSLsplit
SRCS:= $(filter-out $(wildcard *.t.c),$(wildcard *.c))
HDRS:= $(wildcard *.h)
OBJS:= $(SRCS:.c=.o)
TSRCS:= $(wildcard *.t.c)
TOBJS:= $(TSRCS:.t.c=.t.o)
TOBJS+= $(filter-out main.o,$(OBJS))
VFILE:= $(wildcard VERSION)
GITDIR:= $(wildcard .git)
ifdef VFILE
VERSION:= $(shell $(CAT) VERSION)
else
ifndef GITDIR
VERSION:= $(shell $(BASENAME) $(PWD)|\
$(GREP) $(TARGET)-|\
$(SED) 's/.*$(TARGET)-\(.*\)/\1/g')
else
VERSION:= $(shell $(GIT) describe --tags --dirty --always)
endif
CFLAGS+= $(DEBUG_CFLAGS)
endif
BUILD_DATE:= $(shell date +%Y-%m-%d)
# Autodetect dependencies known to pkg-config
PKGS:=
ifndef OPENSSL_BASE
PKGS+= $(shell $(PKGCONFIG) --exists openssl && echo openssl)
endif
ifndef LIBEVENT_BASE
PKGS+= $(shell $(PKGCONFIG) --exists libevent && echo libevent)
PKGS+= $(shell $(PKGCONFIG) --exists libevent_openssl \
&& echo libevent_openssl)
PKGS+= $(shell $(PKGCONFIG) --exists libevent_pthreads \
&& echo libevent_pthreads)
endif
TPKGS:=
ifndef CHECK_BASE
TPKGS+= $(shell $(PKGCONFIG) --exists check && echo check)
endif
# Autodetect dependencies not known to pkg-config
ifeq (,$(filter openssl,$(PKGS)))
OPENSSL_PAT:= include/openssl/ssl.h
ifdef OPENSSL_BASE
OPENSSL_FIND:= $(wildcard $(OPENSSL_BASE)/$(OPENSSL_PAT))
else
OPENSSL_FIND:= $(wildcard \
/opt/local/$(OPENSSL_PAT) \
/usr/local/$(OPENSSL_PAT) \
/usr/$(OPENSSL_PAT))
endif
OPENSSL_FOUND:= $(OPENSSL_FIND:/$(OPENSSL_PAT)=)
ifndef OPENSSL_FOUND
$(error dependency 'OpenSSL' not found; \
install it or point OPENSSL_BASE to base path)
endif
endif
ifeq (,$(filter libevent,$(PKGS)))
LIBEVENT_PAT:= include/event2/event.h
ifdef LIBEVENT_BASE
LIBEVENT_FIND:= $(wildcard $(LIBEVENT_BASE)/$(LIBEVENT_PAT))
else
LIBEVENT_FIND:= $(wildcard \
/opt/local/$(LIBEVENT_PAT) \
/usr/local/$(LIBEVENT_PAT) \
/usr/$(LIBEVENT_PAT))
endif
LIBEVENT_FOUND:=$(LIBEVENT_FIND:/$(LIBEVENT_PAT)=)
ifndef LIBEVENT_FOUND
$(error dependency 'libevent 2.x' not found; \
install it or point LIBEVENT_BASE to base path)
endif
endif
ifeq (,$(filter check,$(TPKGS)))
CHECK_PAT:= include/check.h
ifdef CHECK_BASE
CHECK_FIND:= $(wildcard $(CHECK_BASE)/$(CHECK_PAT))
else
CHECK_FIND:= $(wildcard \
/opt/local/$(CHECK_PAT) \
/usr/local/$(CHECK_PAT) \
/usr/$(CHECK_PAT))
endif
CHECK_FOUND:= $(CHECK_FIND:/$(CHECK_PAT)=)
ifndef CHECK_FOUND
CHECK_MISSING:= 1
endif
endif
ifdef OPENSSL_FOUND
PKG_CPPFLAGS+= -I$(OPENSSL_FOUND)/include
PKG_LDFLAGS+= -L$(OPENSSL_FOUND)/lib
PKG_LIBS+= -lssl -lcrypto -lz
endif
ifdef LIBEVENT_FOUND
PKG_CPPFLAGS+= -I$(LIBEVENT_FOUND)/include
PKG_LDFLAGS+= -L$(LIBEVENT_FOUND)/lib
PKG_LIBS+= -levent
endif
ifeq (,$(filter libevent_openssl,$(PKGS)))
PKG_LIBS+= -levent_openssl
endif
ifeq (,$(filter libevent_pthreads,$(PKGS)))
PKG_LIBS+= -levent_pthreads
endif
ifdef CHECK_FOUND
TPKG_CPPFLAGS+= -I$(CHECK_FOUND)/include
TPKG_LDFLAGS+= -L$(CHECK_FOUND)/lib
TPKG_LIBS+= -lcheck
endif
ifneq (,$(strip $(PKGS)))
PKG_CFLAGS+= $(shell $(PKGCONFIG) --cflags-only-other $(PKGS))
PKG_CPPFLAGS+= $(shell $(PKGCONFIG) --cflags-only-I $(PKGS))
PKG_LDFLAGS+= $(shell $(PKGCONFIG) --libs-only-L --libs-only-other $(PKGS))
PKG_LIBS+= $(shell $(PKGCONFIG) --libs-only-l $(PKGS))
endif
ifneq (,$(strip $(TPKGS)))
TPKG_CFLAGS+= $(shell $(PKGCONFIG) --cflags-only-other $(TPKGS))
TPKG_CPPFLAGS+= $(shell $(PKGCONFIG) --cflags-only-I $(TPKGS))
TPKG_LDFLAGS+= $(shell $(PKGCONFIG) --libs-only-L --libs-only-other $(TPKGS))
TPKG_LIBS+= $(shell $(PKGCONFIG) --libs-only-l $(TPKGS))
endif
PKG_CPPFLAGS:= $(subst -I,-isystem,$(PKG_CPPFLAGS))
TPKG_CPPFLAGS:= $(subst -I,-isystem,$(TPKG_CPPFLAGS))
CFLAGS+= $(PKG_CFLAGS) -pthread \
-std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2
CPPFLAGS+= -D_GNU_SOURCE $(PKG_CPPFLAGS) $(FEATURES) \
-D"BNAME=\"$(TARGET)\"" -D"PNAME=\"$(PNAME)\"" \
-D"VERSION=\"$(VERSION)\"" -D"BUILD_DATE=\"$(BUILD_DATE)\"" \
-D"FEATURES=\"$(FEATURES)\""
LDFLAGS+= $(PKG_LDFLAGS) -pthread
LIBS+= $(PKG_LIBS)
export VERSION
export OPENSSL
export MKDIR
all: version config $(TARGET)
version:
@echo "$(PNAME) $(VERSION)"
config:
@echo "via pkg-config: $(strip $(PKGS) $(TPKGS))"
ifdef OPENSSL_FOUND
@echo "OPENSSL_BASE: $(strip $(OPENSSL_FOUND))"
endif
ifdef LIBEVENT_FOUND
@echo "LIBEVENT_BASE: $(strip $(LIBEVENT_FOUND))"
endif
ifdef CHECK_FOUND
@echo "CHECK_BASE: $(strip $(CHECK_FOUND))"
endif
@echo "Build options: $(FEATURES)"
$(TARGET): $(OBJS)
$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
version.o: version.c version.h GNUmakefile $(VFILE) FORCE
%.t.o: %.t.c $(HDRS) GNUmakefile
ifdef CHECK_MISSING
$(error unit test dependency 'check' not found; \
install it or point CHECK_BASE to base path)
endif
$(CC) -c $(CPPFLAGS) $(TPKG_CPPFLAGS) $(CFLAGS) $(TPKG_CFLAGS) -o $@ \
-x c $<
%.o: %.c $(HDRS) GNUmakefile
$(CC) -c $(CPPFLAGS) $(CFLAGS) -o $@ $<
test: $(TARGET).test
$(RM) extra/pki/session.pem
$(MAKE) -C extra/pki testreqs session
./$(TARGET).test
$(TARGET).test: $(TOBJS)
$(CC) $(LDFLAGS) $(TPKG_LDFLAGS) -o $@ $^ $(LIBS) $(TPKG_LIBS)
clean:
$(RM) -f $(TARGET) *.o $(TARGET).test *.core *~
$(RM) -rf *.dSYM
install: $(TARGET)
test -d $(PREFIX)/bin || $(MKDIR) -p $(PREFIX)/bin
test -d $(PREFIX)/share/man/man1 || \
$(MKDIR) -p $(PREFIX)/share/man/man1
$(INSTALL) -o 0 -g 0 -m 0755 $(TARGET) $(PREFIX)/bin/
$(INSTALL) -o 0 -g 0 -m 0644 $(TARGET).1 $(PREFIX)/share/man/man1/
deinstall:
$(RM) -f $(PREFIX)/bin/$(TARGET) $(PREFIX)/share/man/man1/$(TARGET).1
ifdef GITDIR
lint:
$(CPPCHECK) --force --enable=all --error-exitcode=1 .
mantest:
$(RM) -f man1
$(LN) -sf . man1
$(MAN) -M . 1 $(TARGET)
$(RM) man1
$(TARGET)-$(VERSION).1.txt: $(TARGET).1
$(RM) -f man1
$(LN) -sf . man1
$(MAN) -M . 1 $(TARGET) | $(COL) -b >$@
$(RM) man1
man: $(TARGET)-$(VERSION).1.txt
manclean:
$(RM) -f $(TARGET)-*.1.txt
fetchdeps:
$(WGET) $(WGET_FLAGS) -O- $(KHASH_URL) >khash.h
$(MKDIR) -p xnu/10.7/libkern xnu/10.7/net
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.7/APPLE_LICENSE \
>xnu/10.7/APPLE_LICENSE
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.7/libkern/libkern/tree.h \
>xnu/10.7/libkern/tree.h
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.7/bsd/net/radix.h \
>xnu/10.7/net/radix.h
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.7/bsd/net/pfvar.h \
>xnu/10.7/net/pfvar.h
$(MKDIR) -p xnu/10.8/libkern xnu/10.8/net
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.8/APPLE_LICENSE \
>xnu/10.8/APPLE_LICENSE
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.8/libkern/libkern/tree.h \
>xnu/10.8/libkern/tree.h
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.8/bsd/net/radix.h \
>xnu/10.8/net/radix.h
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.8/bsd/net/pfvar.h \
>xnu/10.8/net/pfvar.h
$(MKDIR) -p xnu/10.9/libkern xnu/10.9/net
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.9/APPLE_LICENSE \
>xnu/10.9/APPLE_LICENSE
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.9/libkern/libkern/tree.h \
>xnu/10.9/libkern/tree.h
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.9/bsd/net/radix.h \
>xnu/10.9/net/radix.h
$(WGET) $(WGET_FLAGS) -O- $(XNU_URL)10.9/bsd/net/pfvar.h \
>xnu/10.9/net/pfvar.h
dist: $(TARGET)-$(VERSION).tar.bz2 $(TARGET)-$(VERSION).tar.bz2.asc
%.asc: %
$(GPG) -u $(GPGSIGNKEY) --armor --output $@ --detach-sig $<
$(TARGET)-$(VERSION).tar.bz2:
$(MKDIR) -p $(TARGET)-$(VERSION)
echo $(VERSION) >$(TARGET)-$(VERSION)/VERSION
$(GIT) archive --prefix=$(TARGET)-$(VERSION)/ HEAD \
>$(TARGET)-$(VERSION).tar
$(TAR) -f $(TARGET)-$(VERSION).tar -r $(TARGET)-$(VERSION)/VERSION
$(BZIP2) <$(TARGET)-$(VERSION).tar >$(TARGET)-$(VERSION).tar.bz2
$(RM) $(TARGET)-$(VERSION).tar
$(RM) -r $(TARGET)-$(VERSION)
disttest: $(TARGET)-$(VERSION).tar.bz2 $(TARGET)-$(VERSION).tar.bz2.asc
$(GPG) --verify $<.asc $<
$(BZIP2) -d < $< | $(TAR) -x -f -
cd $(TARGET)-$(VERSION) && $(MAKE) && $(MAKE) test && ./$(TARGET) -V
$(RM) -r $(TARGET)-$(VERSION)
distclean:
$(RM) -f $(TARGET)-*.tar.bz2*
realclean: distclean manclean clean
$(MAKE) -C extra/pki clean
endif
FORCE:
.PHONY: all config clean test lint install deinstall \
mantest man manclean fetchdeps dist disttest distclean realclean
Reference in New Issue View Git Blame Copy Permalink