Paul Schroeder
78bc954769
review
...
Signed-off-by: Paul Schroeder <milkpirate@users.noreply.github.com>
2022-03-19 23:18:29 +01:00
Paul Schroeder
87577ae5f6
add functionality
...
Signed-off-by: Paul Schroeder <milkpirate@users.noreply.github.com>
2022-03-18 17:59:54 +01:00
yrutschle
caa62875c1
remove --verbose option
2021-09-27 13:28:21 +02:00
yrutschle
c8fce0a02f
make sure no error will go to stderr if in inetd ( fix #303 )
2021-09-27 13:21:16 +02:00
yrutschle
098a55fd1d
new logging system: now with message classes
2021-09-19 15:14:38 +02:00
yrutschle
5e27806545
new logging system: now with message classes
2021-09-19 15:13:04 +02:00
yrutschle
4a6bbda60d
remove obsolete usage string and added lost version option
2021-08-24 14:10:14 +02:00
yrutschle
4b885b4a2c
remove obsolete variables
2021-07-31 23:34:43 +02:00
yrutschle
ce23f202b7
use pcre2 api directly
2021-07-31 23:12:55 +02:00
yrutschle
37d2756703
move to PCRE for conf file
2021-07-23 22:36:20 +02:00
yrutschle
adb27aa4a3
add a per-protocol transparent proxy option
2021-02-21 21:03:01 +01:00
yrutschle
c12f7a1ade
abstract listening sockets so we have protocol information alongside the socket
2020-11-07 22:31:49 +01:00
yrutschle
8a1dae8c22
refactor: move local address resolution into start_listen_socket
2020-11-07 18:55:04 +01:00
yrutschle
e67d6ff905
removed obsolete support for . Use instead
2020-07-30 09:45:50 +02:00
yrutschle
2c93a015ea
make libconfig optionnal again
2020-07-24 16:51:06 +02:00
yrutschle
8638199f13
test for command line parameters
2020-07-19 18:32:57 +02:00
yrutschle
46d9796bd6
fail as soon as a listen address cannot be resolved
2020-07-10 23:12:03 +02:00
yrutschle
219163ac27
dont keep going if config parse failed
2020-07-10 22:49:41 +02:00
Jonas Mueller
87aaa156e0
Add explicit casts to remove warnings
...
for incompatible-pointer-types-discards-qualifiers
2019-11-05 20:28:58 +01:00
Jonas Mueller
ef8233a839
Fix warnings for format-string-security
2019-11-05 20:11:44 +01:00
yrutschle
891bcf9966
fix error message upon regex syntax error
2019-09-06 21:05:46 +02:00
Niobos
0380a4309f
Change process name to indicate task of process
2019-09-05 16:40:59 +02:00
yrutschle
7baf7f724c
Move config dump to stderr and verbose > 4
2019-02-08 22:45:16 +01:00
yrutschle
530acc7c72
Moved command line parsing to conf2struct
2019-01-12 21:33:44 +01:00
yrutschle
ad0adfb0e1
re-integrate command line support
2018-12-07 08:32:36 +01:00
yrutschle
33ab9d535d
code cleanup and adaptation of regex probe
2018-12-04 23:11:04 +01:00
yrutschle
d3d4fd657a
moved config parse to c2s code
2018-12-03 11:02:20 +01:00
yrutschle
e7ce929020
config file now read to struct with c2s; command line no longer works
2018-11-29 11:56:33 +01:00
yrutschle
aa77922ffd
turn ssl setting from command line to tls (ssl no longer exists)
2018-09-30 21:34:22 +02:00
yrutschle
2ee0088c5f
turn ssl setting from configuration file to tls (ssl no longer exists)
2018-09-30 20:20:06 +02:00
yrutschle
0003680137
remove old tls and ssl targets, only use alpn/sni probe also for TLS with no extensions
2018-09-23 12:07:06 +02:00
yrutschle
108a9780d8
Merge pull request #187 from msantos/segfault
...
Fix potential segfaults (unverified malloc() returns) and other robustness issues
2018-06-18 16:45:51 +02:00
Michael Santos
9228171eb0
config: exit if list element is invalid
2018-06-18 10:35:28 -04:00
Michael Santos
8ce2b2ea05
Check memory allocations succeed
2018-06-18 10:35:28 -04:00
Michael Santos
4c132e3c8d
config: segfault parsing invalid sni/alpn
...
Check return value of config_setting_get_string_elem() for error
before passing the result to strlen():
~~~ segfault.conf
protocols:
(
{ name: "tls"; host: "localhost"; port: "8443"; sni_hostnames: [ 0 ];
}
);
~~~
2018-06-18 10:35:28 -04:00
Roman
0ada00474b
Fixed a typo
...
Just a typo in usage text.
2018-06-14 14:31:50 +02:00
Mike Frysinger
0fb4c6b2ad
add chroot support
...
This allows people to chroot sslh into a path to further harden it.
We have to rework the user logic a bit because we need to look up
the user details *before* we chroot (as we need to read /etc/passwd
files), but do the actual priv dropping *after* we chroot (so we
have permission to make the actual chroot call).
Similarly, we need to open the syslog before we drop privs because
/dev/log won't be available inside the chroot.
2018-01-03 10:19:59 -05:00
yrutschle
d26eab728c
Merge pull request #143 from astiob/select-fork
...
sslh-select: support forking for particular protocols
2018-01-02 22:26:58 +01:00
Yves Rutschle
a7f0c456ab
die if target cannot be resolved (otherwise, we segfault when printing the settings or later)
2017-12-17 14:55:51 +01:00
Robert de Bath
4e790e074f
Move hexdump to verbose level 2
...
From the command line you use two "-v" options or in the configuration
file you replace the boolean "verbose:true" with an integer "verbose:2".
2017-11-27 21:05:07 +00:00
Robert de Bath
338daafe87
Use REG_EXTENDED for regex matching
...
The "7 regex" manual page called 'Basic' regular expressions "Obsolete".
It also matches the pcre expressions slightly better.
2017-11-23 20:51:57 +00:00
Oleg Oshmyan
2544f20bdf
sslh-select: support forking for particular protocols
...
To keep the code simple, use the same event loop in the child process
as in the parent process but close all irrelevant file descriptors.
2017-10-28 23:27:06 +03:00
Yves Rutschle
aa06261d70
added syslog_facility option
2017-07-21 22:46:24 +02:00
Yves Rutschle
dd900ebf3e
fail gracefully if target protocol decription is incomplete
2017-07-09 20:51:53 +02:00
Yves Rutschle
e4a4e04bf8
Clarify no space after -F (Issue 108, take 2)
2017-01-08 13:00:19 +01:00
Yves Rutschle
067f5d7646
Revert "clarify no space after -F (issue 108)"
...
This reverts commit f02ce3821c018719536971dbb1bc1ed1517530a2.
That commit accidently imported code that broke transparent
proxying.
2017-01-08 12:54:34 +01:00
Yves Rutschlé
f02ce3821c
clarify no space after -F (issue 108)
2016-11-06 19:44:47 +00:00
Yves Rutschlé
63a83cf041
fix SNI/ALPN option parsing (issue 90)
2016-05-20 07:52:24 +00:00
yrutschle
8f39c106e1
Merge pull request #56 from hogarthj/master
...
Initial addition of systemd socket based activiation
2016-02-05 16:46:47 +01:00
Yves Rutschle
414ed7de11
Support keepalive for connections on the connecting side
2016-02-04 09:19:54 +01:00
