Merge branch 'develop' into feature/autossl

8 years ago · e67978f4dd
parent 3c20f473fa 2f834419eb
commit e67978f4dd
77 changed files with 215 additions and 131 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -2,7 +2,7 @@ language: c
 compiler:
  - gcc
  - clang
-script: make && make test && ./sslsplit -V
+script: make && make travis && ./sslsplit -V
 before_install:
  - sudo apt-get update -qq
  - sudo apt-get install -qq libssl-dev libevent-dev check
--- a/3
+++ b/3
@ -397,6 +397,9 @@ endif
 %.o: %.c $(HDRS) GNUmakefile
 	$(CC) -c $(CPPFLAGS) $(CFLAGS) -o $@ $<

+travis: TCPPFLAGS+=-DTRAVIS
+travis: test
+
 test: TCPPFLAGS+=-D"TEST_ZEROUSR=\"$(shell id -u -n root||echo 0)\""
 test: TCPPFLAGS+=-D"TEST_ZEROGRP=\"$(shell id -g -n root||echo 0)\""
 test: $(TARGET).test
--- a/LICENSE.md
+++ b/LICENSE.md
@ -2,7 +2,7 @@

 ## Copyright

-Copyright (c) 2009-2015, Daniel Roethlisberger and contributors.
+Copyright (c) 2009-2016, Daniel Roethlisberger and contributors.
 All rights reserved.
 Licensed under the 2-clause BSD license contained herein.

@ -15,10 +15,15 @@ All rights reserved.
 Licensed under the MIT license.

 `xnu/xnu-*`:
-Copyright (c) 1988-2010, Apple Inc. and original copyright holders.
+Copyright (c) 1988-2015, Apple Inc. and original copyright holders.
 All rights reserved.
 Licensed under the APSL.

+`extra/log*.py`:
+Copyright (C) 2015, Maciej Kotowicz and Daniel Roethlisberger.
+All rights reserved.
+Licensed under a 2-clause BSD license.
+
 See the respective source and/or license files for details.


--- a/NEWS.md
+++ b/NEWS.md
@ -1,6 +1,11 @@

 ### SSLsplit develop

+-   Fix a rare segmentation fault upon receiving EOF on the inbound connection
+    while the outbound connection has not been established yet (patch by
+    @eunsoopark, issue #124).
+-   Enable full-strength DHE and ECDHE by default, even for non-RSA leaf keys,
+    in order to avoid weak cipher warnings from browsers (issue #119).
 -   Fix SSL sessions to actually time out (patch by @eunsoopark, issue #115).
 -   Add XNU headers for OS X 10.11 El Capitan (issue #116).
 -   Fix EV_READ event re-enable bug that could lead to stalled connections
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 # SSLsplit - transparent SSL/TLS interception [![Build Status](https://travis-ci.org/droe/sslsplit.svg?branch=master)](https://travis-ci.org/droe/sslsplit)
-Copyright (C) 2009-2015, [Daniel Roethlisberger](//daniel.roe.ch/).  
+Copyright (C) 2009-2016, [Daniel Roethlisberger](//daniel.roe.ch/).  
 http://www.roe.ch/SSLsplit


--- a/attrib.h
+++ b/attrib.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/base64.c
+++ b/base64.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/base64.h
+++ b/base64.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/base64.t.c
+++ b/base64.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cache.c
+++ b/cache.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cache.h
+++ b/cache.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachedsess.c
+++ b/cachedsess.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachedsess.h
+++ b/cachedsess.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachedsess.t.c
+++ b/cachedsess.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachefkcrt.c
+++ b/cachefkcrt.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachefkcrt.h
+++ b/cachefkcrt.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachefkcrt.t.c
+++ b/cachefkcrt.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachemgr.c
+++ b/cachemgr.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachemgr.h
+++ b/cachemgr.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachemgr.t.c
+++ b/cachemgr.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachessess.c
+++ b/cachessess.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachessess.h
+++ b/cachessess.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachessess.t.c
+++ b/cachessess.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachetgcrt.c
+++ b/cachetgcrt.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachetgcrt.h
+++ b/cachetgcrt.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cachetgcrt.t.c
+++ b/cachetgcrt.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cert.c
+++ b/cert.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cert.h
+++ b/cert.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/cert.t.c
+++ b/cert.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/defaults.h
+++ b/defaults.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -60,7 +60,7 @@
 /*
 * Default elliptic curve for EC cipher suites.
 */
-#define DFLT_CURVE "secp160r2"
+#define DFLT_CURVE "prime256v1"

 #endif /* !DEFAULTS_H */

--- a/dynbuf.c
+++ b/dynbuf.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/dynbuf.h
+++ b/dynbuf.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/dynbuf.t.c
+++ b/dynbuf.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/khash.h
+++ b/khash.h
@ -151,6 +151,14 @@ typedef unsigned long long khint64_t;
 #endif
 #endif /* kh_inline */

+#ifndef klib_unused
+#if (defined __clang__ && __clang_major__ >= 3) || (defined __GNUC__ && __GNUC__ >= 3)
+#define klib_unused __attribute__ ((__unused__))
+#else
+#define klib_unused
+#endif
+#endif /* klib_unused */
+
 typedef khint32_t khint_t;
 typedef khint_t khiter_t;

@ -184,7 +192,7 @@ typedef khint_t khiter_t;
 static const double __ac_HASH_UPPER = 0.77;

 #define __KHASH_TYPE(name, khkey_t, khval_t) \
-	typedef struct { \
+	typedef struct kh_##name##_s { \
 		khint_t n_buckets, size, n_occupied, upper_bound; \
 		khint32_t *flags; \
 		khkey_t *keys; \
@ -355,7 +363,7 @@ static const double __ac_HASH_UPPER = 0.77;
 	__KHASH_IMPL(name, SCOPE, khkey_t, khval_t, kh_is_map, __hash_func, __hash_equal)

 #define KHASH_INIT(name, khkey_t, khval_t, kh_is_map, __hash_func, __hash_equal) \
-	KHASH_INIT2(name, static kh_inline, khkey_t, khval_t, kh_is_map, __hash_func, __hash_equal)
+	KHASH_INIT2(name, static kh_inline klib_unused, khkey_t, khval_t, kh_is_map, __hash_func, __hash_equal)

 /* --- BEGIN OF HASH FUNCTIONS --- */

@ -411,7 +419,7 @@ static kh_inline khint_t __ac_Wang_hash(khint_t key)
    key ^=  (key >> 16);
    return key;
 }
-#define kh_int_hash_func2(k) __ac_Wang_hash((khint_t)key)
+#define kh_int_hash_func2(key) __ac_Wang_hash((khint_t)key)

 /* --- END OF HASH FUNCTIONS --- */

--- a/log.c
+++ b/log.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -51,6 +51,19 @@
 */


+/*
+ * Common code for all logs.
+ */
+static proxy_ctx_t *proxy_ctx = NULL;
+
+static void
+log_exceptcb(void)
+{
+	if (proxy_ctx) {
+		proxy_loopbreak(proxy_ctx);
+	}
+}
+
 /*
 * Error log.
 * Switchable between stderr and syslog.
@ -937,7 +950,8 @@ log_preinit(opts_t *opts)
 			prepcb = log_content_file_prepcb;
 		}
 		if (!(content_log = logger_new(reopencb, opencb, closecb,
-		                               writecb, prepcb))) {
+		                               writecb, prepcb,
+		                               log_exceptcb))) {
 			log_content_file_fini();
 			goto out;
 		}
@ -945,18 +959,21 @@ log_preinit(opts_t *opts)
 	if (opts->connectlog) {
 		if (log_connect_preinit(opts->connectlog) == -1)
 			goto out;
-		if (!(connect_log = logger_new(log_connect_reopencb, NULL, NULL,
-		                               log_connect_writecb, NULL))) {
+		if (!(connect_log = logger_new(log_connect_reopencb,
+		                               NULL, NULL,
+		                               log_connect_writecb, NULL,
+		                               log_exceptcb))) {
 			log_connect_fini();
 			goto out;
 		}
 	}
 	if (opts->certgendir) {
 		if (!(cert_log = logger_new(NULL, NULL, NULL, log_cert_writecb,
-		                            NULL)))
+		                            NULL, log_exceptcb)))
 			goto out;
 	}
-	if (!(err_log = logger_new(NULL, NULL, NULL, log_err_writecb, NULL)))
+	if (!(err_log = logger_new(NULL, NULL, NULL, log_err_writecb, NULL,
+	                           log_exceptcb)))
 		goto out;
 	return 0;

@ -997,8 +1014,9 @@ log_preinit_undo(void)
 * Return -1 on errors, 0 otherwise.
 */
 int
-log_init(opts_t *opts, int clisock1, int clisock2)
+log_init(opts_t *opts, proxy_ctx_t *ctx, int clisock1, int clisock2)
 {
+	proxy_ctx = ctx;
 	if (err_log)
 		if (logger_start(err_log) == -1)
 			return -1;
--- a/log.h
+++ b/log.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -29,6 +29,7 @@
 #define LOG_H

 #include "opts.h"
+#include "proxy.h"
 #include "logger.h"
 #include "attrib.h"

@ -69,7 +70,7 @@ int log_cert_submit(const char *, X509 *) NONNULL(1,2) WUNRES;

 int log_preinit(opts_t *) NONNULL(1) WUNRES;
 void log_preinit_undo(void);
-int log_init(opts_t *, int, int) NONNULL(1) WUNRES;
+int log_init(opts_t *, proxy_ctx_t *, int, int) NONNULL(1,2) WUNRES;
 void log_fini(void);
 int log_reopen(void) WUNRES;

--- a/logbuf.c
+++ b/logbuf.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/logbuf.h
+++ b/logbuf.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/logger.c
+++ b/logger.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -49,6 +49,7 @@ struct logger {
 	logger_close_func_t close;
 	logger_prep_func_t prep;
 	logger_write_func_t write;
+	logger_except_func_t except;
 	thrqueue_t *queue;
 };

@ -70,7 +71,7 @@ logger_clear(logger_t *logger)
 logger_t *
 logger_new(logger_reopen_func_t reopenfunc, logger_open_func_t openfunc,
           logger_close_func_t closefunc, logger_write_func_t writefunc,
-           logger_prep_func_t prepfunc)
+           logger_prep_func_t prepfunc, logger_except_func_t exceptfunc)
 {
 	logger_t *logger;

@ -83,6 +84,7 @@ logger_new(logger_reopen_func_t reopenfunc, logger_open_func_t openfunc,
 	logger->close = closefunc;
 	logger->write = writefunc;
 	logger->prep = prepfunc;
+	logger->except = exceptfunc;
 	logger->queue = NULL;
 	return logger;
 }
@ -186,16 +188,24 @@ logger_thread(void *arg)
 {
 	logger_t *logger = arg;
 	logbuf_t *lb;
+	int e = 0;

 	while ((lb = thrqueue_dequeue(logger->queue))) {
 		if (logbuf_ctl_isset(lb, LBFLAG_REOPEN)) {
-			logger->reopen();
+			if (logger->reopen() != 0)
+				e = 1;
 		} else if (logbuf_ctl_isset(lb, LBFLAG_OPEN)) {
-			logger->open(lb->fh);
+			if (logger->open(lb->fh) != 0)
+				e = 1;
 		} else if (logbuf_ctl_isset(lb, LBFLAG_CLOSE)) {
 			logger->close(lb->fh);
 		} else {
-			logbuf_write_free(lb, logger->write);
+			if (logbuf_write_free(lb, logger->write) < 0)
+				e = 1;
+		}
+
+		if (e && logger->except) {
+			logger->except();
 		}
 	}

--- a/logger.h
+++ b/logger.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -39,11 +39,13 @@ typedef int (*logger_open_func_t)(void *);
 typedef void (*logger_close_func_t)(void *);
 typedef ssize_t (*logger_write_func_t)(void *, const void *, size_t);
 typedef logbuf_t * (*logger_prep_func_t)(void *, unsigned long, logbuf_t *);
+typedef void (*logger_except_func_t)(void);
 typedef struct logger logger_t;

 logger_t * logger_new(logger_reopen_func_t, logger_open_func_t,
                      logger_close_func_t, logger_write_func_t,
-                      logger_prep_func_t) NONNULL(4) MALLOC;
+                      logger_prep_func_t, logger_except_func_t)
+                      NONNULL(4,6) MALLOC;
 void logger_free(logger_t *) NONNULL(1);
 int logger_start(logger_t *) NONNULL(1) WUNRES;
 void logger_leave(logger_t *) NONNULL(1);
--- a/main.c
+++ b/main.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -70,7 +70,30 @@ static void
 main_version(void)
 {
 	fprintf(stderr, "%s %s (built %s)\n", PNAME, version, build_date);
-	fprintf(stderr, "Copyright (c) 2009-2015, "
+	if (strlen(version) < 5) {
+		/*
+		 * Note to package maintainers:  If you break the version
+		 * string in your build, it will be impossible to provide
+		 * proper upstream support to the users of the package,
+		 * because it will be difficult or impossible to identify
+		 * the exact codebase that is being used by the user
+		 * reporting a bug.  The version string is provided through
+		 * different means depending on whether the code is a git
+		 * checkout, a tarball downloaded from GitHub or a release.
+		 * See GNUmakefile for the gory details.
+		 */
+		fprintf(stderr, "---------------------------------------"
+		                "---------------------------------------\n");
+		fprintf(stderr, "WARNING: Something is wrong with the "
+		                "version compiled into sslsplit!\n");
+		fprintf(stderr, "The version should contain a release "
+		                "number and/or a git commit reference.\n");
+		fprintf(stderr, "If using a package, please report a bug "
+		                "to the distro package maintainer.\n");
+		fprintf(stderr, "---------------------------------------"
+		                "---------------------------------------\n");
+	}
+	fprintf(stderr, "Copyright (c) 2009-2016, "
 	                "Daniel Roethlisberger <daniel@roe.ch>\n");
 	fprintf(stderr, "http://www.roe.ch/SSLsplit\n");
 	if (build_info[0]) {
@ -128,7 +151,7 @@ main_usage(void)
 #define OPT_g 
 #endif /* !OPENSSL_NO_DH */
 #ifndef OPENSSL_NO_ECDH
-"  -G curve    use ECDH named curve (default: " DFLT_CURVE " for non-RSA leafkey)\n"
+"  -G curve    use ECDH named curve (default: " DFLT_CURVE ")\n"
 #define OPT_G "G:"
 #else /* OPENSSL_NO_ECDH */
 #define OPT_G 
@ -927,7 +950,7 @@ main(int argc, char *argv[])
 	ssl_reinit();

 	/* Post-privdrop/chroot/detach initialization, thread spawning */
-	if (log_init(opts, clisock[1], clisock[2]) == -1) {
+	if (log_init(opts, proxy, clisock[1], clisock[2]) == -1) {
 		fprintf(stderr, "%s: failed to init log facility: %s\n",
 		                argv0, strerror(errno));
 		goto out_log_failed;
--- a/main.t.c
+++ b/main.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/nat.c
+++ b/nat.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/nat.h
+++ b/nat.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/opts.c
+++ b/opts.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -446,14 +446,14 @@ proxyspec_parse(int *argc, char **argv[], const char *natengine)
 void
 proxyspec_free(proxyspec_t *spec)
 {
-	while (spec) {
+	do {
 		proxyspec_t *next = spec->next;
 		if (spec->natengine)
 			free(spec->natengine);
 		memset(spec, 0, sizeof(proxyspec_t));
 		free(spec);
 		spec = next;
-	}
+	} while (spec);
 }

 /*
--- a/opts.h
+++ b/opts.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/opts.t.c
+++ b/opts.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -385,7 +385,9 @@ opts_suite(void)

 	tc = tcase_create("proxyspec_parse");
 	tcase_add_test(tc, proxyspec_parse_01);
-	tcase_add_test(tc, proxyspec_parse_02);
+#ifndef TRAVIS
+	tcase_add_test(tc, proxyspec_parse_02); /* IPv6 */
+#endif /* TRAVIS */
 	tcase_add_exit_test(tc, proxyspec_parse_03, EXIT_FAILURE);
 	tcase_add_exit_test(tc, proxyspec_parse_04, EXIT_FAILURE);
 	tcase_add_test(tc, proxyspec_parse_05);
@ -396,8 +398,10 @@ opts_suite(void)
 	tcase_add_exit_test(tc, proxyspec_parse_10, EXIT_FAILURE);
 	tcase_add_test(tc, proxyspec_parse_11);
 	tcase_add_exit_test(tc, proxyspec_parse_12, EXIT_FAILURE);
-	tcase_add_test(tc, proxyspec_parse_13);
-	tcase_add_test(tc, proxyspec_parse_14);
+#ifndef TRAVIS
+	tcase_add_test(tc, proxyspec_parse_13); /* IPv6 */
+	tcase_add_test(tc, proxyspec_parse_14); /* IPv6 */
+#endif /* TRAVIS */
 	suite_add_tcase(s, tc);

 	tc = tcase_create("opts_debug");
--- a/privsep.c
+++ b/privsep.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/privsep.h
+++ b/privsep.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/proc.c
+++ b/proc.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/proc.h
+++ b/proc.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/proxy.c
+++ b/proxy.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -208,7 +208,7 @@ proxy_signal_cb(evutil_socket_t fd, UNUSED short what, void *arg)
 	case SIGQUIT:
 	case SIGINT:
 	case SIGHUP:
-		event_base_loopbreak(ctx->evbase);
+		proxy_loopbreak(ctx);
 		break;
 	case SIGUSR1:
 		if (log_reopen() == -1) {
@ -393,6 +393,15 @@ proxy_run(proxy_ctx_t *ctx)
 	}
 }

+/*
+ * Break the loop of the proxy, causing the proxy_run to return.
+ */
+void
+proxy_loopbreak(proxy_ctx_t *ctx)
+{
+	event_base_loopbreak(ctx->evbase);
+}
+
 /*
 * Free the proxy data structures.
 */
--- a/proxy.h
+++ b/proxy.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -35,6 +35,7 @@ typedef struct proxy_ctx proxy_ctx_t;

 proxy_ctx_t * proxy_new(opts_t *, int) NONNULL(1) MALLOC;
 void proxy_run(proxy_ctx_t *) NONNULL(1);
+void proxy_loopbreak(proxy_ctx_t *) NONNULL(1);
 void proxy_free(proxy_ctx_t *) NONNULL(1);

 #endif /* !PROXY_H */
--- a/pxyconn.c
+++ b/pxyconn.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -717,7 +717,7 @@ pxy_srcsslctx_create(pxy_conn_ctx_t *ctx, X509 *crt, STACK_OF(X509) *chain,
 #ifndef OPENSSL_NO_DH
 	if (ctx->opts->dh) {
 		SSL_CTX_set_tmp_dh(sslctx, ctx->opts->dh);
-	} else if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) {
+	} else {
 		SSL_CTX_set_tmp_dh_callback(sslctx, ssl_tmp_dh_callback);
 	}
 #endif /* !OPENSSL_NO_DH */
@ -726,7 +726,7 @@ pxy_srcsslctx_create(pxy_conn_ctx_t *ctx, X509 *crt, STACK_OF(X509) *chain,
 		EC_KEY *ecdh = ssl_ec_by_name(ctx->opts->ecdhcurve);
 		SSL_CTX_set_tmp_ecdh(sslctx, ecdh);
 		EC_KEY_free(ecdh);
-	} else if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) {
+	} else {
 		EC_KEY *ecdh = ssl_ec_by_name(NULL);
 		SSL_CTX_set_tmp_ecdh(sslctx, ecdh);
 		EC_KEY_free(ecdh);
@ -2075,7 +2075,12 @@ connected:
 	}

 	if (events & BEV_EVENT_EOF) {
-		if (!other->closed) {
+		if (!ctx->connected) {
+			log_dbg_printf("EOF on inbound connection while "
+			               "connecting to original destination\n");
+			evutil_closesocket(ctx->fd);
+			other->closed = 1;
+		} else if (!other->closed) {
 			struct evbuffer *inbuf, *outbuf;
 			inbuf = bufferevent_get_input(bev);
 			outbuf = bufferevent_get_output(other->bev);
--- a/pxyconn.h
+++ b/pxyconn.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/pxysslshut.c
+++ b/pxysslshut.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/pxysslshut.h
+++ b/pxysslshut.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/pxythrmgr.c
+++ b/pxythrmgr.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
@ -119,9 +119,6 @@ pxy_thrmgr_run(pxy_thrmgr_ctx_t *ctx)
 {
 	int idx = -1, dns = 0;

-	if (!ctx)
-		return -1;
-
 	dns = opts_has_dns_spec(ctx->opts);

 	pthread_mutex_init(&ctx->mutex, NULL);
@ -210,8 +207,6 @@ leave:
 void
 pxy_thrmgr_free(pxy_thrmgr_ctx_t *ctx)
 {
-	if (!ctx)
-		return;
 	pthread_mutex_destroy(&ctx->mutex);
 	if (ctx->thr) {
 		for (int idx = 0; idx < ctx->num_thr; idx++) {
@ -222,8 +217,12 @@ pxy_thrmgr_free(pxy_thrmgr_ctx_t *ctx)
 			pthread_join(ctx->thr[idx]->thr, NULL);
 		}
 		for (int idx = 0; idx < ctx->num_thr; idx++) {
-			evdns_base_free(ctx->thr[idx]->dnsbase, 0);
-			event_base_free(ctx->thr[idx]->evbase);
+			if (ctx->thr[idx]->dnsbase) {
+				evdns_base_free(ctx->thr[idx]->dnsbase, 0);
+			}
+			if (ctx->thr[idx]->evbase) {
+				event_base_free(ctx->thr[idx]->evbase);
+			}
 			free(ctx->thr[idx]);
 		}
 		free(ctx->thr);
--- a/pxythrmgr.h
+++ b/pxythrmgr.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/pxythrmgr.t.c
+++ b/pxythrmgr.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/ssl.c
+++ b/ssl.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/ssl.h
+++ b/ssl.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/ssl.t.c
+++ b/ssl.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/sslsplit.1
+++ b/sslsplit.1
@ -1,5 +1,5 @@
 .\" SSLsplit - transparent SSL/TLS interception
-.\" Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+.\" Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 .\" All rights reserved.
 .\" http://www.roe.ch/SSLsplit
 .\"
@ -140,24 +140,14 @@ Use Diffie-Hellman group parameters from \fIpemfile\fP for Ephemereal
 Diffie-Hellman (EDH/DHE) cipher suites.  If \fB-g\fP is not given, SSLsplit
 first tries to load DH parameters from the PEM files given by \fB-K\fP,
 \fB-k\fP or \fB-c\fP.  If no DH parameters are found in the key files, built-in
-512 or 1024 bit group parameters are automatically used iff a non-RSA private
-key is given with \fB-K\fP.
-This is because DSA/DSS private keys can by themselves only be used for signing
-and thus require DH to exchange an SSL/TLS session key.
-If \fB-g\fP is given, the parameters from the given \fIpemfile\fP will always
-be used, even with RSA private keys (within the cipher suites available in
-OpenSSL).
+group parameters are automatically used.
 The \fB-g\fP option is only available if SSLsplit was built against a version
 of OpenSSL which supports Diffie-Hellman cipher suites.
 .TP
 .B \-G \fIcurve\fP
-Use the named \fIcurve\fP for Ephemereal Elliptic Curve Diffie-Hellman (EECDH)
-cipher suites.  If \fB-G\fP is not given, a default curve (\fBsecp160r2\fP) is
-used automatically iff a non-RSA private key is given with \fB-K\fP.
-This is because ECDSA/ECDSS private keys can by themselves only be used for
-signing and thus require ECDH to exchange an SSL/TLS session key.
-If \fB-G\fP is given, the named \fIcurve\fP will always be used, even with RSA
-private keys (within the cipher suites available in OpenSSL).
+Use the named \fIcurve\fP for Ephemereal Elliptic Curve Diffie-Hellman (ECDHE)
+cipher suites.  If \fB-G\fP is not given, a default curve (\fBprime256v1\fP) is
+used automatically.
 The \fB-G\fP option is only available if SSLsplit was built against a version
 of OpenSSL which supports Elliptic Curve Diffie-Hellman cipher suites.
 .TP
@ -646,16 +636,17 @@ instead of querying a NAT engine:
 .RE
 .LP
 The original example, but using SSL options optimized for speed by disabling
-compression and selecting only fast block cipher cipher suites and using a
-precomputed private key \fBleaf.key\fP for the forged certificates
-(most significant speed increase is gained by choosing fast algorithms and
-small keysizes for the CA and leaf private keys; check \fBopenssl speed\fP for
-algorithm performance on your system and note that clients may not support all
-algorithms and key sizes):
+compression and selecting only fast cipher cipher suites and using a
+precomputed private key \fBleaf.key\fP for the forged certificates.  Most
+significant speed increase is gained by choosing fast algorithms and small
+keysizes for the CA and leaf private keys.  Check \fBopenssl speed\fP for
+algorithm performance on your system.  Note that clients may not support all
+algorithms and key sizes.  Also, some clients warn their users about cipher
+suites they consider weak.
 .LP
 .HS
 .nf
-\fBsslsplit -Z -s NULL:RC4:AES128 -K leaf.key \\
+\fBsslsplit -Z -s NULL:RC4:AES128:-DHE -K leaf.key \\
         -k ca.key -c ca.crt -l connect.log -L /tmp \\
         https ::1 10443  https 127.0.0.1 10443 \\
         http  ::1 10080  http  127.0.0.1 10080\fP
--- a/sys.c
+++ b/sys.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/sys.h
+++ b/sys.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/sys.t.c
+++ b/sys.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/thrqueue.c
+++ b/thrqueue.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/thrqueue.h
+++ b/thrqueue.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/url.c
+++ b/url.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/url.h
+++ b/url.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/url.t.c
+++ b/url.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/util.c
+++ b/util.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/util.h
+++ b/util.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/util.t.c
+++ b/util.t.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/version.c
+++ b/version.c
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *
--- a/version.h
+++ b/version.h
@ -1,6 +1,6 @@
 /*
 * SSLsplit - transparent SSL/TLS interception
- * Copyright (c) 2009-2015, Daniel Roethlisberger <daniel@roe.ch>
+ * Copyright (c) 2009-2016, Daniel Roethlisberger <daniel@roe.ch>
 * All rights reserved.
 * http://www.roe.ch/SSLsplit
 *