Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,109 Commits
2 Branches
25 Tags
3.7 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

84 Commits (master)

Author SHA1 Message Date
Soner Tari 8b2860b0b3 Fix unit tests with WITHOUT_USERAUTH enabled 3 years ago
Soner Tari 6bd0dea851 Disable travis e2e tests 3 years ago
Soner Tari 69753b250c Add split mode of operation similar to SSLsplit 
The -n command line option enables split mode for all proxyspecs,
effectively making sslproxy behave like sslsplit.
Divert option can be set/unset globally and per-proxyspec.
Add e2e tests for split mode, and update make file for tests
accordingly.
Update documentation accordingly.
Improve code reuse, remove duplicate functions.

This change deserves a release of its own, hence v0.8.4.
 3 years ago
Soner Tari 255cd1cd88 Separate make test as unit and e2e 3 years ago
Soner Tari 9ff63a1639 Disable travis testproxy tests on osx 
SSL tests fail with "SSL stream connect HandshakeError: the handshake
was interrupted" and "SSL stream error: the handshake failed: Connection
reset by peer (os error 54)"
 4 years ago
Soner Tari 155b83c045 Do not export vars to the shell, instead create a main.mk and include it when needed 
Otherwise it is almost impossible to stop var redefinitions in
successive builds
 4 years ago
Soner Tari 6d9cdeb8f5 Install cargo and testproxy to only one linux machine for now 4 years ago
Soner Tari c69755a4bc Fix osx xnu path 4 years ago
Soner Tari 85d6a8690c Fix error message if check is missing 4 years ago
Soner Tari af3366b84f Create make files for src and tests/check folders 
Move folders and files related with check tests under tests/check folder
Fix check unit tests accordingly
 4 years ago
Soner Tari 8eab8d1da8 Restructure source tree, create src and tests folders, move files accordingly 
Remove docker
 4 years ago
Soner Tari 009fe9f6ad Merge sslsplit develop changes 5 years ago
Soner Tari f6a8522d1e Enable -O2 optimization, remove -g 
Clean up gitignore
Fix typos
 5 years ago
Soner Tari cde3fbca3f Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD 
Get ethernet address and compare with the one in userdb, on each conn setup
Create user_auth options
Rename and clean-up
 5 years ago
Soner Tari 304207e9e9 Add initial user database support using sqlite3 5 years ago
Soner Tari 52d37297b6 Update with sslsplit develop changes, especially content logging 
Change SIGHUP to behave like SIGUSR1
 6 years ago
Soner Tari d2e9ab4487 Merge sslsplit-develop changes 6 years ago
Soner Tari a584363f62 Add defined(LIBRESSL_VERSION_NUMBER) directives to fix signal 6 and 10 crashes: LibreSSL versions up to v2.7.4 behave like OPENSSL_VERSION_NUMBER < 0x1000200fL, beware not just OPENSSL_VERSION_NUMBER < 0x10100000L 
Fix up:port af, use a different var, because utm port af is always AF_INET, and it breaks the target address af if the listening address is AF_INET6
Enable -O2 C flag, because LibreSSL is compiled with -O2 too
 6 years ago
Soner Tari 0c8348db75 Merge sslsplit develop changes 6 years ago
Soner Tari 27650fab69 Support all command line options in the conf file as well 
Update with the latest sslsplit-devel changes
 6 years ago
Soner Tari 027b6e3a95 Update with sslsplit develop changes 6 years ago
Soner Tari ae69b21908 Fix build on Linux, need to implement getdtablecount(2) of OpenBSD 6 years ago
Soner Tari d76a9a52ad Fix examples 6 years ago
Soner Tari 4c8831bd90 Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues 
Add VerifyPeer and AllowWrongHost options
 6 years ago
Soner Tari b064ffa668 Use llu int as unique conn id, much simpler than uuid 7 years ago
Soner Tari a79cf4e0d1 Add sslproxy.conf man page and example sslproxy.conf, and related make changes 7 years ago
Soner Tari 1a6eab50a5 Tidy and clean logs up 
Add DEBUG_PROXY directive around all log_dbg_level_printf() and related lines
Log stats to syslog, similar to error logs, so that it is simpler to rotate and parse
-O w/o -g is failing bufferevent_socket_connect for parent dst, so either enable -O w/ -g, or disable -O w/o -g (-O2 is failing too)
Refactoring
 7 years ago
Soner Tari 36c89a0314 Fix crash if no logging enabled 
Disable debug, the default now
 7 years ago
Soner Tari ea6dc07248 Rename to sslproxy 
Reduce http headers to just one SSLproxy line
 7 years ago
Soner Tari 5a136b7ce7 Add extra stats 
Rearrange, clean-up
 7 years ago
Soner Tari cea873e6f2 Set the OPENBSD directive at compile time 7 years ago
Soner Tari 67ddee1585 Import sslsplit-devel changes 
Add stats logs, initial
Add SSLproxy_SrcAddr header field
Clean-up
 7 years ago
Soner Tari 0b0f6b21dc Add uuid to all conn mctxs, otherwise we cannot uniquely identify them, causing trouble especially while deleting conns 
Fix issues, clean-up
 7 years ago
Soner Tari d033ea68dd Plain TCP version is running good enough, next will try to switch the SSL on 7 years ago
Daniel Roethlisberger e67978f4dd Merge branch 'develop' into feature/autossl 8 years ago
Daniel Roethlisberger 1c9aa249a9 Fix Travis build by disabling tests using IPv6 
TravisCI has removed IPv6 support in 2016.  To cope with this regression
in the testing infrastructure, disable all tests on Travis that depend
on the system being able to handle ::1 as an IP address.  Normal unit
testing still uses the full test suite.
 8 years ago
Daniel Roethlisberger b3b7a7ab17 Merge branch 'develop' into feature/autossl 8 years ago
Daniel Roethlisberger 57a2ab8588 Rewrite protocol version macros and refactoring 
Introduce HAVE_SSLV2, HAVE_SSLV3, HAVE_TLSV10, HAVE_TLSV11 and
HAVE_TLSV12 to indicate that support for the respective protocol is
available in OpenSSL.  This was necessary due to the increased
complexity of testing version support following the phasing out of SSLv2
and SSLv3 from OpenSSL implementations.  This fixes the build with
OpenSSL versions which have SSLv3 support removed.

While here, de-duplicate code for setting SSL_CTX options and do not set
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION anymore; it has no benefit
in the context of splitting SSL/TLS for analysis.

Reported by:	Jérémie Courrèges-Anglas
 9 years ago
Daniel Roethlisberger 74f62c3e5e Refactor and unify ClientHello parsers 
Refactor and unify ssl_tls_clienthello_identify() and the earlier
ssl_tls_clienthello_parse_sni() into a single
ssl_tls_clienthello_parse() function that handles parsing ClientHello
messages for different purposes.  As a result, rename the debug knob
DEBUG_SNI_PARSER into DEBUG_CLIENTHELLO_PARSER.
 9 years ago
Daniel Roethlisberger 64cc8ffcde Fix lib search w/o pkg-config w/multiple instances 
Fix automatic search for dependencies when multiple instances of the
same library are installed in different prefixes that we search, by
using the first one found.  Automatic search is only used when
pkg-config was not found.  This fixes compiler errors caused by spurious
path names within compiler or linker flags, such as

    ld: can't map file, errno=22 file '/usr/lib' for architecture x86_64
    clang: error: linker command failed with exit code 1 (use -v to see
    invocation)

While here, also make XNU header version fallback more robust and add
(diabled) version mappings for 10.10.2 and 10.10.3 which are not
published by Apple yet.

Issue:		#96
Reported by:	Jan Vilhuber
 9 years ago
Daniel Roethlisberger dd0d3238ca Add sha1(NEWS.md) to BUILD_INFO when VERSION from dir 
Issue:		#85
 9 years ago
Daniel Roethlisberger 9b5006d6f7 Add PCFLAGS for additional pkg-config flags 
Allow for additional flags to pkg-config by means of a PCFLAGS variable.
This e.g. allows to set PCFLAGS='--static' for static builds in
combination with CFLAGS='-static' and LDFLAGS='-static'.

Issue:		#82
Reported by:	@kickwindbg
 9 years ago
Daniel Roethlisberger a14354d18b Allow uid, gid and mode of installed files to be tuned 
Introducing the overridable variables INSTALLUID, INSTALLGID, BINUID,
BINGID, BINMODE, MANUID, MANGID, MANMODE that allow overriding of uid,
gid and mode of installed files.  Note that this solution still has the
limitation that uid, gid and mode of created directories cannot be set.

Issue:		#81
Reported by:	Shiloh Heurich
 9 years ago
Daniel Roethlisberger da47cd3fe1 Improve documentation of build process 9 years ago
Daniel Roethlisberger 3231c9c031 Record the actual XNU version detected 9 years ago
Daniel Roethlisberger 20ea783cf7 Add XNU header selection fallback 
If the proper headers matching either the reported XNU version or OS X
version exactly cannot be found, use the latest headers that SSLsplit
knows about.  This fixes build on new releases of OS X that have no
source code published by Apple yet.
 9 years ago
Daniel Roethlisberger bb071336e0 Escape # in shell invocation 
This fixes the following make error on Mac OS X versions that we don't
explicitly support yet due to missing sources:

    GNUmakefile:55: *** unterminated call to function `shell': missing `)'.
    Stop.

Reported by:	Justin Garrick
 9 years ago
Daniel Roethlisberger c9aa840214 Quote dollar signs in shell invocation 
Reported by:	Justin Garrick
 9 years ago
Daniel Roethlisberger 47abb0030d Update clean target for newer clang build artefacts 10 years ago
Daniel Roethlisberger e1156a3482 Make awk regexp more robust 10 years ago