Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,109 Commits
2 Branches
25 Tags
3.7 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

1109 Commits (master)
 

Author SHA1 Message Date
Soner Tari 177f6a3b52 Improve overview 3 years ago
Soner Tari def65e195c Update man page with README 
Improve README
 3 years ago
Soner Tari f1e9de7386 Improve documentation 3 years ago
Soner Tari f254ac1586 Add info on DivertUsers and PassUsers options 3 years ago
Soner Tari aded848043 Release v0.8.2 3 years ago
Soner Tari e2bf278933 Allow mirroring without explicit target 
Allow omitting the -T option, indicating the target is irrelevant.

The use case is an IDS sensor listening on a dummy interface for the
packets sslsplit produces. The IDS will listen in promisc mode, so the
target is irrelevant.

Copied from sslsplit.
 4 years ago
Soner Tari 463aa1a71e Fix doc typo 4 years ago
Soner Tari 151b305c2f Do not pass null arg to log_*_printf() 
vfprintf %s NULL in "Error from bufferevent: %i:%s %lu:%i:%s:%i:%s:%i:%s
"
Error from bufferevent: 32:Broken pipe 50327584:32:Broken pipe:2:system
library:4095:(null)
 4 years ago
Soner Tari 4c94853fc5 Disable UserAuth in main.mk if we are not on OpenBSD or Linux 
Fixes osx build after updates to userauth
 4 years ago
Soner Tari 80d10a94c3 Move classify_user into identify_user 
Otherwise, we cannot classify user if we need to issue identify_user
events, in case database is busy or locked. We should call classify_user
callback right after the user is identified.
So we introduce classify_user callback to achieve that, which fixes the
classify_user behavior for autssl proto too.

Return void in pxy_userauth
Fix typo in clasify
 4 years ago
Soner Tari 4f3ce763ac Add DivertUsers and PassUsers options 
Update documentation
 4 years ago
Soner Tari 6c0b981831 Update version to 0.8.1 
Update TLS 1.3 documentation.
 4 years ago
Soner Tari 4ee7bbcf15 Fix whitespace 4 years ago
Soner Tari e209a04268 Fix line_num reported if conf file contains structured proxyspecs 4 years ago
Soner Tari 6f5a7ceeb1 Add WITHOUT_USERAUTH switch 4 years ago
Soner Tari ca79405769 Fix doc for MaxSSLProto default as tls13 4 years ago
Soner Tari e51afcfe4a Fix default CipherSuites 4 years ago
Soner Tari 176570c4a4 Silence warning about <sys/sysctl.h> deprecated on Linux 
/usr/include/x86_64-linux-gnu/sys/sysctl.h:21:2: warning: #warning "The
<sys/sysctl.h> header is deprecated and will be removed." [-Wcpp]
 4 years ago
Soner Tari b679439c9f Silence warning about output truncated before terminating nul by gcc 9.3.0 
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning:
‘__builtin_strncpy’ output truncated before terminating nul copying as
many bytes from a string as its length [-Wstringop-truncation]
 4 years ago
Soner Tari 25ec9d58bc Silence alignment warning by gcc 9.3.0 
logpkt.c:351:3: warning: converting a packed ‘ip4_hdr_t’ {aka ‘struct
<anonymous>’} pointer (alignment 1) to a ‘uint16_t’ {aka ‘short unsigned
int’} pointer (alignment 2) may result in an unaligned pointer value
[-Waddress-of-packed-member]
 4 years ago
Soner Tari ad21615dbe Add -U to getopt() shortopts 4 years ago
Soner Tari af27340889 Add -U CipherSuites option 4 years ago
Soner Tari 3f2d0d56d6 Fix debug dump for no_tls12/no_tls13 4 years ago
Soner Tari fade72ec0d Move main.mk under Mk folder and improve make files 4 years ago
Soner Tari 1a3a2fb9f6 Add missing HAVE_TLSV13 code 4 years ago
Soner Tari 2f89a27551 Use Testproxy v0.0.3 4 years ago
Soner Tari 8989873332 Add sni assertions to testproxy e2e tests for tls12 and tls13 4 years ago
Soner Tari 1403c4eda1 Fix travis for ssl libs without tls13, add no_tls13 e2e tests 4 years ago
Soner Tari f9c8ecbc69 Fix build with LibreSSL 3.1.2, which does not have tls13 4 years ago
Soner Tari ee41c72666 Add tls13 support 
Add e2e tests for tls13 too
 4 years ago
Soner Tari 9da7437919 Release v0.8.0 4 years ago
Soner Tari 826b612c1e Fix build version 
Improve documentation
 4 years ago
Soner Tari 3fe0e5f1eb Move tmp global opts vars to new tmp struct 
The global opts strings in this new tmp struct are used while cloning
global opts into proxyspec opts. A var of this type is passed around as
a flag to indicate if these opts are global (if non-NULL), so should be
stored in that struct and used as such, or proxyspec specific (if NULL),
so should not be used as global. This var is temporary, hence freed
immediately after configuration is complete.
Also improve and clean up.
 4 years ago
Soner Tari 6abfa01252 Free all structs created for testing 4 years ago
Soner Tari 59ce88b1ac Move tmp proxyspec vars to new tmp struct 
These vars are used while configuring proxyspecs, and freed right after
they are used. So they should not be in proxyspec struct.
Refactor accordingly.
 4 years ago
Soner Tari 4a1980d4a5 Add check unit tests for protocol validation and util_get_first_word_len() 
Also improve and clean up
 4 years ago
Soner Tari e3b0ba94d8 Accept space, tab, cr, and nl chars after POP3 and SMTP commands 
POP3 clients may and do append CRLF to commands.
So use the new util_get_first_word_len() function.
 4 years ago
Soner Tari 01577657fd Clean up DOCKER directives 4 years ago
Soner Tari ef2edff60a Improve string comparisons 
We need case-insensitive comparison validating POP3 and SMTP commands.
Define macro function to check string equality.
 4 years ago
Soner Tari ac4285cef1 Fix POP3 and SMTP protocol validation, thanks to the new testproxy e2e tests 
Add testproxy e2e tests for POP3 and SMTP protocol validation.

We have detected that POP3 and SMTP protocol validation was broken
thanks to these new testproxy e2e tests. This is yet another example why
e2e tests are important.
 4 years ago
Soner Tari f3ac5ee4f2 Move passsite flag to sslctx 
The passsite flag is ssl specific.
 4 years ago
Soner Tari f8580d6ac7 Update news 
This is the first SSLproxy specific changelog.
 4 years ago
Soner Tari 313da5cfca Add -A DefaultLeafCert option 
Rename LeafCerts to LeafKey, TargetCertDir to LeafCertDir, CRL to
LeafCRLURL
 4 years ago
Soner Tari aba07a53ee Disable conn ids unless debugging 
We don't need parent or child ids unless debugging. IDLE and EXPIRED
conn logs do not need to report ids either. Ids are useful only in
detailed debug logs.
 4 years ago
Soner Tari 5285b9e433 Fix valgrind REDIR warning about strncpy(), use memcpy() instead 
REDIR: 0x562c100 (libc.so.6:__strncpy_ssse3) redirected to 0x4c32fb0
(strncpy)
The src strings are not NULL terminated at the correct positions.
 4 years ago
Soner Tari 11f92e3ce8 Add unique child id, set to the children count of parent conn 
This is necessary to uniquely identify child conns. The src fd of child
conns was possibly not unique. We use this id in debug logs only.
Also relocate the update code related with this id.
 4 years ago
Soner Tari 519e82a624 Warn unused result of max() 4 years ago
Soner Tari be80523036 Use the new inline max() function instead of MAX() macro function in sslproxy 
Do not pass pxy_thr_print_children() or bufferevent_getfd() to MAX() or
util_max() macro functions as params, or else they are called twice.
Since MAX() macro call duplicates params, do not call it nested either,
or else we get very long macro expansions.
 4 years ago
Soner Tari e63d6dd3aa Remove BEV_OPT_THREADSAFE in lp too 
thrmgr and conn handling threads in lp are cleanly decoupled now.
 4 years ago
Soner Tari d611ec727d Do not close fd -1, true for tcp conns too 4 years ago