mirror of
https://github.com/sonertari/SSLproxy
synced 2024-11-18 03:25:31 +00:00
149 lines
4.6 KiB
C
149 lines
4.6 KiB
C
/*-
|
|
* SSLsplit - transparent SSL/TLS interception
|
|
* https://www.roe.ch/SSLsplit
|
|
*
|
|
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
* this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
* and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS ``AS IS''
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#ifndef OPTS_H
|
|
#define OPTS_H
|
|
|
|
#include "proc.h"
|
|
#include "nat.h"
|
|
#include "ssl.h"
|
|
#include "attrib.h"
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
|
|
typedef struct proxyspec {
|
|
unsigned int ssl : 1;
|
|
unsigned int http : 1;
|
|
unsigned int upgrade: 1;
|
|
unsigned int mail : 1;
|
|
unsigned int pop3 : 1;
|
|
unsigned int smtp : 1;
|
|
unsigned int dns : 1; /* set if spec needs DNS lookups */
|
|
struct sockaddr_storage listen_addr;
|
|
socklen_t listen_addrlen;
|
|
/* connect_addr and connect_addrlen are set: static mode;
|
|
* natlookup is set: NAT mode; natsocket /may/ be set too;
|
|
* sni_port is set, in which case we use SNI lookups */
|
|
struct sockaddr_storage connect_addr;
|
|
socklen_t connect_addrlen;
|
|
unsigned short sni_port;
|
|
char *natengine;
|
|
nat_lookup_cb_t natlookup;
|
|
nat_socket_cb_t natsocket;
|
|
struct proxyspec *next;
|
|
|
|
// @todo Make these config options
|
|
struct sockaddr_storage parent_dst_addr;
|
|
socklen_t parent_dst_addrlen;
|
|
|
|
struct sockaddr_storage child_src_addr;
|
|
socklen_t child_src_addrlen;
|
|
} proxyspec_t;
|
|
|
|
typedef struct opts {
|
|
unsigned int debug : 1;
|
|
unsigned int detach : 1;
|
|
unsigned int sslcomp : 1;
|
|
#ifdef HAVE_SSLV2
|
|
unsigned int no_ssl2 : 1;
|
|
#endif /* HAVE_SSLV2 */
|
|
#ifdef HAVE_SSLV3
|
|
unsigned int no_ssl3 : 1;
|
|
#endif /* HAVE_SSLV3 */
|
|
#ifdef HAVE_TLSV10
|
|
unsigned int no_tls10 : 1;
|
|
#endif /* HAVE_TLSV10 */
|
|
#ifdef HAVE_TLSV11
|
|
unsigned int no_tls11 : 1;
|
|
#endif /* HAVE_TLSV11 */
|
|
#ifdef HAVE_TLSV12
|
|
unsigned int no_tls12 : 1;
|
|
#endif /* HAVE_TLSV12 */
|
|
unsigned int passthrough : 1;
|
|
unsigned int deny_ocsp : 1;
|
|
unsigned int contentlog_isdir : 1;
|
|
unsigned int contentlog_isspec : 1;
|
|
#ifdef HAVE_LOCAL_PROCINFO
|
|
unsigned int lprocinfo : 1;
|
|
#endif /* HAVE_LOCAL_PROCINFO */
|
|
unsigned int certgen_writeall: 1;
|
|
char *ciphers;
|
|
char *certgendir;
|
|
char *tgcrtdir;
|
|
char *dropuser;
|
|
char *dropgroup;
|
|
char *jaildir;
|
|
char *pidfile;
|
|
char *conffile;
|
|
char *connectlog;
|
|
int statslog;
|
|
char *contentlog;
|
|
char *contentlog_basedir; /* static part of logspec, for privsep srv */
|
|
char *masterkeylog;
|
|
CONST_SSL_METHOD *(*sslmethod)(void);
|
|
X509 *cacrt;
|
|
EVP_PKEY *cakey;
|
|
EVP_PKEY *key;
|
|
STACK_OF(X509) *chain;
|
|
#ifndef OPENSSL_NO_DH
|
|
DH *dh;
|
|
#endif /* !OPENSSL_NO_DH */
|
|
#ifndef OPENSSL_NO_ECDH
|
|
char *ecdhcurve;
|
|
#endif /* !OPENSSL_NO_ECDH */
|
|
proxyspec_t *spec;
|
|
char *crlurl;
|
|
unsigned int conn_idle_timeout;
|
|
unsigned int expired_conn_check_period;
|
|
unsigned int ssl_shutdown_retry_delay;
|
|
int log_stats;
|
|
unsigned int stats_period;
|
|
int remove_http_accept_encoding;
|
|
int remove_http_referer;
|
|
int verify_peer;
|
|
int allow_wrong_host;
|
|
} opts_t;
|
|
|
|
opts_t *opts_new(void) MALLOC;
|
|
void opts_free(opts_t *) NONNULL(1);
|
|
int opts_has_ssl_spec(opts_t *) NONNULL(1) WUNRES;
|
|
int opts_has_dns_spec(opts_t *) NONNULL(1) WUNRES;
|
|
void opts_proto_force(opts_t *, const char *, const char *) NONNULL(1,2,3);
|
|
void opts_proto_disable(opts_t *, const char *, const char *) NONNULL(1,2,3);
|
|
void opts_proto_dbg_dump(opts_t *) NONNULL(1);
|
|
#define OPTS_DEBUG(opts) unlikely((opts)->debug)
|
|
|
|
void proxyspec_parse(int *, char **[], const char *, opts_t *);
|
|
void proxyspec_free(proxyspec_t *) NONNULL(1);
|
|
char * proxyspec_str(proxyspec_t *) NONNULL(1) MALLOC;
|
|
|
|
#endif /* !OPTS_H */
|
|
|
|
/* vim: set noet ft=c: */
|