mirror of
https://github.com/sonertari/SSLproxy
synced 2024-11-02 15:40:19 +00:00
982880ccfe
Now we don't go over all of the passsite rules in a linked list trying to apply passsite to the sni or common names of a conn. Instead, we now have user+keyword, keyword, ip, and all lists. For example, if we find the conn user in the user+keyword list and a passsite in that list matches, we don't look into other lists. This change is expected to improve the performance of passsite processing considerably, because in the earlier implementation we had to go over all of the passsite rules trying to match passsite. And this solution uses a correct data structure, even if not the best. For example, each user or keyword in passsite rules is strdup()'ed only once. Note that a better solution could use, say, a hash table for users, instead of a linked list. But hash tables are not suitable for keywords or sites, because we search for substring matches with them, not exact matches. Also, this fixes passsite rules without any filters defined, i.e. to be applied to all connections. Also, now e2e tests error exit if WITHOUT_USERAUTH is enabled. E2e tests require UserAuth enabled. |
||
|---|---|---|
| .. | ||
| engine | ||
| pki | ||
| base64.t.c | ||
| BSDmakefile | ||
| cachedsess.t.c | ||
| cachefkcrt.t.c | ||
| cachemgr.t.c | ||
| cachessess.t.c | ||
| cachetgcrt.t.c | ||
| cert.t.c | ||
| defaults.t.c | ||
| dynbuf.t.c | ||
| GNUmakefile | ||
| logbuf.t.c | ||
| main.t.c | ||
| opts.t.c | ||
| proto.t.c | ||
| pxythrmgr.t.c | ||
| ssl.t.c | ||
| sys.t.c | ||
| url.t.c | ||
| util.t.c | ||