Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
583 Commits
2 Branches
25 Tags
3.7 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd2e9ab4487'
${ noResults }
Commit Graph

59 Commits (d2e9ab4487761d199deddfa825bd0b7253e2b694)

Author SHA1 Message Date
Soner Tari d2e9ab4487 Merge sslsplit-develop changes 6 years ago
Soner Tari a584363f62 Add defined(LIBRESSL_VERSION_NUMBER) directives to fix signal 6 and 10 crashes: LibreSSL versions up to v2.7.4 behave like OPENSSL_VERSION_NUMBER < 0x1000200fL, beware not just OPENSSL_VERSION_NUMBER < 0x10100000L 
Fix up:port af, use a different var, because utm port af is always AF_INET, and it breaks the target address af if the listening address is AF_INET6
Enable -O2 C flag, because LibreSSL is compiled with -O2 too
 6 years ago
Soner Tari 0c8348db75 Merge sslsplit develop changes 6 years ago
Soner Tari 7ac3e0a445 Remove most of defined(LIBRESSL_VERSION_NUMBER), LibreSSL behaves more like OPENSSL_VERSION_NUMBER >= 0x10100000L now 6 years ago
Soner Tari 27650fab69 Support all command line options in the conf file as well 
Update with the latest sslsplit-devel changes
 6 years ago
Soner Tari 027b6e3a95 Update with sslsplit develop changes 6 years ago
Soner Tari 9d435e180c Update with SSLsplit 0.5.2 and develop branch changes as of 270218 6 years ago
Soner Tari 4c8831bd90 Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues 
Add VerifyPeer and AllowWrongHost options
 6 years ago
Soner Tari a1c5d05143 Add support for log priority to error logs, so syslogd prints the correct prio for error logs now 7 years ago
Soner Tari 1a6eab50a5 Tidy and clean logs up 
Add DEBUG_PROXY directive around all log_dbg_level_printf() and related lines
Log stats to syslog, similar to error logs, so that it is simpler to rotate and parse
-O w/o -g is failing bufferevent_socket_connect for parent dst, so either enable -O w/ -g, or disable -O w/o -g (-O2 is failing too)
Refactoring
 7 years ago
Soner Tari 67ddee1585 Import sslsplit-devel changes 
Add stats logs, initial
Add SSLproxy_SrcAddr header field
Clean-up
 7 years ago
Daniel Roethlisberger b1cc2b30c1 Remove debug printf 8 years ago
Daniel Roethlisberger e67978f4dd Merge branch 'develop' into feature/autossl 8 years ago
Daniel Roethlisberger 0506024587 Update copyright notices to 2016 8 years ago
Daniel Roethlisberger b3b7a7ab17 Merge branch 'develop' into feature/autossl 8 years ago
Daniel Roethlisberger b3a3c36b70 Fix the SSL session timeout calculation 
Issue:		#115
Reported by:	Eun Soo Park
 8 years ago
Daniel Roethlisberger d0d3ca9d21 Update docs and -V for LibreSSL and BoringSSL 9 years ago
Daniel Roethlisberger 79d570fe2e Use direct access workaround with LibreSSL 
LibreSSL defines OPENSSL_VERSION_NUMBER == 0x20000000L and therefore
needs special treatment when detecting OpenSSL API features based on
OPENSSL_VERSION_NUMBER.  LibreSSL currently does not seem to implement
SSL_CTX_get0_chain_certs().  Once it does, there will be a need for a
specific version check on LIBRESSL_VERSION_NUMBER.

Reported by:		Jérémie Courrèges-Anglas
 9 years ago
Daniel Roethlisberger 3f39f589f2 Warn on OpenSSL version mismatch in debug mode 
Issue:		#88
 9 years ago
Daniel Roethlisberger 74f62c3e5e Refactor and unify ClientHello parsers 
Refactor and unify ssl_tls_clienthello_identify() and the earlier
ssl_tls_clienthello_parse_sni() into a single
ssl_tls_clienthello_parse() function that handles parsing ClientHello
messages for different purposes.  As a result, rename the debug knob
DEBUG_SNI_PARSER into DEBUG_CLIENTHELLO_PARSER.
 9 years ago
Daniel Roethlisberger d7cccacc05 Move ssl_tls_clienthello_identify out of !OPENSSL_NO_TLSEXT 
Issue:		#87
 9 years ago
Richard Poole 5c8b5e30d5 connection upgrade feature: upgrade tcp to ssl on client hello 
This code looks at the beginning of each read from the src for something
that looks like an ssl client hello message; if it finds one it tries to
upgrade the connection to proxied ssl. So it works only in the simple
case where the connection has no binary data before the upgrade attempt
(so there are no false positives), and where the client hello comes at
the beginning of a packet from the source.
 9 years ago
Daniel Roethlisberger 35dae31624 Rename badly named local var to avoid grep FPs 
Issue:		#83
 9 years ago
Daniel Roethlisberger a027fb68cd Fix loading of certificate chains with OpenSSL 1.0.2 
SSLsplit was directly accessing `extra_certs` within `SSL_CTX` to get to
the extra certificates chain.  When building on OpenSSL 1.0.2 or newer,
use the new API instead of directly accessing `extra_certs`.

Issue:		#79
 9 years ago
Daniel Roethlisberger 91da4674e5 Update copyright, license and tagline 
-   Update copyright to 2015
-   Remove the non-standard "unmodified" from the 2-clause BSD license
-   Remove scalable from the tagline to avoid misinterpretations
 9 years ago
Daniel Roethlisberger 27cf6c90e7 Merge branch 'feature/genstore' into develop 10 years ago
Daniel Roethlisberger 3da7407f14 Use same hash algo in RSA sigs as orig cert uses 10 years ago
Daniel Roethlisberger 11f6742bff Add convenience functions for printing SHA1 values 10 years ago
Daniel Roethlisberger 8422c6b478 Minor code cleanup of ssl_key_identifier_sha1() 10 years ago
Daniel Roethlisberger 8b0b1d0226 Add ssl_key_identifier_sha1() utility function 
Issue:		#67
 10 years ago
Daniel Roethlisberger e69b13f2eb SIGUSR1 re-opens -l/-L log files; add defaults.h 
Issue:		#52
 10 years ago
Daniel Roethlisberger 341d6b77d1 Use SSL_get_certificate() hack for OpenSSL 0.9.8y 
OpenSSL 0.9.8y also crashes in OpenSSL's SSL_get_certificate() on a
NULL pointer dereference.  Fix by also using the direct access hack
developed for OpenSSL 1.0.0k and 1.0.1e with OpenSSL 0.9.8y.
 10 years ago
Daniel Roethlisberger fcd008df4b Unify asprintf error handling 10 years ago
wjensen cc0b57d341 Fix memory leaks in ssl_x509_load() and ssl_key_load(), remove unnecessary condition in ssl_x509chain_load() 10 years ago
Daniel Roethlisberger 6b0e47dc89 Allow more control over used SSL/TLS versions 
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.

Issue:		#30
Reported by:	@Apollo2342
 10 years ago
Daniel Roethlisberger 8dbea83b21 Prevent malloc(0) when ssl_x509_names() returns no names 10 years ago
Daniel Roethlisberger eca1ac9a5e Rewrite ssl_x509_subject_cn() error handling 10 years ago
Daniel Roethlisberger 76aab3b816 Fix X509_NAME_get_text_by_NID() error handling 10 years ago
Daniel Roethlisberger ed99fc0260 Use NULL instead of '\0' to avoid type conversion 10 years ago
Daniel Roethlisberger 47c409cbb5 Don't rely on OpenSSL to pull in string.h 
Obtained from:	OpenBSD port patches
 10 years ago
Daniel Roethlisberger 2235e1aad9 Fix memory leak in fake cert generation code 
The code in pxy_ossl_servername_cb() which generated the forged
certificates did not call SSL_CTX_free() on the newly allocated SSL_CTX
struct after associating it with the SSL struct, which increments the
reference count internally.  Also add some comments explaining OpenSSL
reference counting behaviour to be more explicit on what happens to the
instances that OpenSSL keeps track of.
 11 years ago
Daniel Roethlisberger 05410fe9b3 Enable SSL_MODE_RELEASE_BUFFERS by default 11 years ago
Daniel Roethlisberger b82ca9b414 Print status of free'd SSL structs in debug mode 11 years ago
Daniel Roethlisberger ca923ee7f1 Update copyright notices to 2014 11 years ago
Daniel Roethlisberger c972501063 Update copyright notices 11 years ago
Daniel Roethlisberger f99e5e34a7 Improve workaround for OpenSSL 1.0.0k/1.0.1e 
Extend and improve the workaround introduced in commit 20b3f66120.
Automatically replace SSL_get_certificate() with a drop-in replacement
if a version of OpenSSL known to be broken is used.  This now covers the
use of SSL_get_certificate() within the connection manager as well and
resolves one more case where OpenSSL could crash.
 11 years ago
Daniel Roethlisberger 20b3f66120 Work around segfault with OpenSSL 1.0.0k/1.0.1e 
A bug in OpenSSL 1.0.0k and 1.0.1e caused sslsplit to crash when loading
certificates using SSL_get_certificate().  Work around the bug by
directly accessing the respective members of SSL* when using any of the
broken versions of OpenSSL.
 11 years ago
Daniel Roethlisberger f27dc964a5 Add warning for OpenSSL 1.0.1e bug causing crash 11 years ago
Daniel Roethlisberger 1995dc4b89 Reinitialize SSL mutexes after fork 
See issue #5.
 12 years ago
Daniel Roethlisberger bd77e6a228 Improve ssl_tmp_dh_callback() error messages 12 years ago