third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-14 16:17:14 +03:00
Code Issues Packages Projects Releases Wiki Activity
693 Commits 3 Branches 42 Tags
Commit Graph

693 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Guus der Kinderen
1f98b97756 Allow SSLv2 CLIENT-HELLO (without SSL 2.0) 
The existing TLS probe is documented to ignore SSL 2.0, citing RFC 6176 as a reason.
RFC 6176 does prohibit the usage of SSL 2.0, but does allow for ClientHello messages
in the version 2 CLIENT-HELLO format (as long as those are used to negotiate the use
of a higher protocol).

This commit extends the TLS probe, by making it accept SSL v2 ClientHello messages
that negotiate a version of SSL/TLS 1.0 or higher (which is the same version range
as the original code).
 2017-11-10 19:47:07 +01:00
Alejandro Riera
09d11e3bc8
Doc update about Transparent proxy support 
Advise users to save the configuration of `iptables` and `ip` rules and routes or they risk loosing it after a reboot and/or crash.
 2017-11-08 11:54:26 +01:00
Oleg Oshmyan
2a70470f13 sslh-select: reduce CPU and memory usage in forked processes 2017-10-28 23:27:10 +03:00
Oleg Oshmyan
2544f20bdf sslh-select: support forking for particular protocols 
To keep the code simple, use the same event loop in the child process
as in the parent process but close all irrelevant file descriptors.
 2017-10-28 23:27:06 +03:00
Oleg Oshmyan
60b11e4964 Fix defer_write when deferred_data != begin_deferred_data 
I think this currently never happens, but let's
not wait until it starts happening and blows up.
 2017-10-28 23:13:29 +03:00
Oleg Oshmyan
b7fafb5039 sslh-select: invoke FD_CLR on fd before closing fd 
POSIX requires the fd argument to any FD_ macro to be valid.
 2017-10-28 23:13:28 +03:00
Oleg Oshmyan
b56f302b85 sslh-select: simplify some code 2017-10-28 23:13:28 +03:00
Oleg Oshmyan
684c9afcc6 sslh-select: actually close socket on error in accept_new_connection 
Previously, it was leaked (and the client was left waiting for a timeout).
 2017-10-28 23:13:28 +03:00
Oleg Oshmyan
a3df50f31f sslh-select: fix connections with deferred data after connect_queue 
Previously, if some data was still deferred after the connect_queue
call, the server side of the connection would never start being
monitored for reads, while the client side kept being monitored
and new data from the client could be sent to the server before
the previously deferred data.
 2017-10-28 23:13:28 +03:00
Thilo Molitor
d243d36add Fix ipv6 config copy-paste errors 2017-10-10 07:36:09 +02:00
Thilo Molitor
74767cb781 Some cleanup 2017-10-10 07:22:44 +02:00
Thilo Molitor
2a76b520d5 Add better documentation of transparent proxy support. 
This allows for some more generalized configs.
You don't need to specify ports anymore and still can
connect directly to the running services if you want.

It also allows you to use "localhost" as destination in your sslh config,
something that wasn't possible with the old scheme.
 2017-10-10 07:07:28 +02:00
Yves Rutschlé
0929d39a34 move Let's encrypt config before TLS catchall 2017-09-24 19:55:38 +00:00
Yves Rutschle
f4d2a8d2ad fix logging to specified facility 2017-07-22 17:20:45 +02:00
Yves Rutschle
aa06261d70 added syslog_facility option 2017-07-21 22:46:24 +02:00
Yves Rutschle
dd900ebf3e fail gracefully if target protocol decription is incomplete 2017-07-09 20:51:53 +02:00
Yves Rutschlé
21f524f711 Add support for wildcard ALPN/SNI values 2017-06-12 21:05:12 +00:00
Jonathan McCrohan
1e65088b7e example.cfg: Add Let's Encrypt support to config 
Provides a sample config for Let's Encrypt using the tls-sni-*
challenges. Requires wildcard support added in 6cc3382.

Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
 2017-06-06 01:37:07 +01:00
Jonathan McCrohan
6cc33820d1 tls: permit wildcard ALPN/SNI values 
Use fnmatch(3) to provide support for glob style wildcard values in the
ALPN and SNI parameters of the TLS probe.

Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
 2017-06-06 01:11:29 +01:00
Yves Rutschle
00d5872aa1 ignore brackets in hostname in config files 2017-04-21 22:33:02 +02:00
Yves Rutschle
7d561af423 allocate listen[] before writing to it... 2017-04-18 21:04:30 +02:00
Yves Rutschle
cce42c6882 re-indent 2017-04-18 20:53:19 +02:00
Yves Rutschle
b0f4e24ce0 IP_FREEBIND: real fix, ignore catastrophic previous checkin 2017-04-06 17:13:11 +02:00
Yves Rutschle
078827ad3f Some systems define IP_FREEBIND but don't implement it which result in setsockopt() failing. No need to die in that case, just ignore the error. 2017-04-06 16:26:27 +02:00
yrutschle
4413284420 Merge pull request #120 from yann-morin-1998/yem/parallel-make 
Makefile: fix parallel build
 2017-02-23 22:54:55 +01:00
Yann E. MORIN
70a2ea926e Makefile: fix parallel build 
version.h is included by some .o files, but it is generated. As such, it
must be a dependency of those .o files.

Rather than filter exactly which .o file needs it, just add a generic
dependency for all .o files on version.h.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
 2017-02-23 22:49:31 +01:00
Yves Rutschle
e4a4e04bf8 Clarify no space after -F (Issue 108, take 2) 2017-01-08 13:00:19 +01:00
Yves Rutschle
067f5d7646 Revert "clarify no space after -F (issue 108)" 
This reverts commit f02ce3821c018719536971dbb1bc1ed1517530a2.

That commit accidently imported code that broke transparent
proxying.
 2017-01-08 12:54:34 +01:00
yrutschle
718fe0e2e9 Merge pull request #106 from nckx/man-trivialities 
Fix a few typos in the man page
 2016-12-19 21:55:03 +01:00
yrutschle
864b7badd2 Merge pull request #115 from jimt/patch-1 
Fix README typos.
 2016-12-19 21:39:09 +01:00
Jim Tittsler
234c088324 Fix README typos. 2016-12-19 10:24:31 +09:00
Yves Rutschlé
f02ce3821c clarify no space after -F (issue 108) 2016-11-06 19:44:47 +00:00
Tobias Geerinckx-Rice
e492c2808c
Fix a few typos in the man page 2016-10-19 02:41:12 +02:00
Craig Andrews
a4d2a53a47 Build systemd-sslh-generator if USESYSTEMD is set 2016-06-24 20:30:15 -04:00
Craig Andrews
efba558967 make sure the files using version.h depend on it being generated first 2016-06-24 20:11:13 -04:00
yrutschle
b4cb910438 Merge pull request #92 from mscherer/complete_man 
Add more options in the synopsis
 2016-06-05 18:37:22 +02:00
Michael Scherer
975560aa4a Add more options in the synopsis 2016-06-04 11:57:08 +02:00
Yves Rutschlé
63a83cf041 fix SNI/ALPN option parsing (issue 90) 2016-05-20 07:52:24 +00:00
Yves Rutschlé
245fd26459 fix compiler warnings 2016-05-03 08:37:23 +00:00
yrutschle
9cc47a157d Merge pull request #69 from ViKingIX/fix_local_conn 
Fix the connection problem in transparent mode.
 2016-04-28 11:55:56 +02:00
yrutschle
09b5c84d34 Merge pull request #86 from hogarthj/fix_readme 
Merge error in README.md mixing sections
 2016-03-31 16:28:32 +02:00
James Hogarth
e6cb3596d1 Merge error in README.md mixing sections 2016-03-30 11:48:45 +01:00
Yves Rutschle
38447c8158 v1.18 v1.18 2016-03-29 21:19:05 +02:00
yrutschle
8f39c106e1 Merge pull request #56 from hogarthj/master 
Initial addition of systemd socket based activiation
 2016-02-05 16:46:47 +01:00
Yves Rutschle
414ed7de11 Support keepalive for connections on the connecting side 2016-02-04 09:19:54 +01:00
Yves Rutschle
1b9937b293 Support keepalive for connections on the listening side 2016-02-02 21:07:47 +01:00
Yves Rutschle
1814bcb43c Fixed typo in example configuration files 2016-02-02 20:53:10 +01:00
James Hogarth
b3f48d9876 Add systemd capabilities to sslh, rebased on current master 2016-01-29 16:20:54 +00:00
Yves Rutschle
555005f455 Complies to DCL37-C (Issue 59) 2016-01-26 18:49:57 +01:00
Yves Rutschle
e511534b57 Make USELIBPCRE not the default 2016-01-22 17:09:02 +01:00