third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-15 08:30:34 +03:00
Code Issues Packages Projects Releases Wiki Activity
341 Commits 3 Branches 42 Tags
Commit Graph

58 Commits

Author SHA1 Message Date
yrutschle
891bcf9966 fix error message upon regex syntax error 2019-09-06 21:05:46 +02:00
Niobos
0380a4309f Change process name to indicate task of process 2019-09-05 16:40:59 +02:00
yrutschle
7baf7f724c Move config dump to stderr and verbose > 4 2019-02-08 22:45:16 +01:00
yrutschle
530acc7c72 Moved command line parsing to conf2struct 2019-01-12 21:33:44 +01:00
yrutschle
ad0adfb0e1 re-integrate command line support 2018-12-07 08:32:36 +01:00
yrutschle
33ab9d535d code cleanup and adaptation of regex probe 2018-12-04 23:11:04 +01:00
yrutschle
d3d4fd657a moved config parse to c2s code 2018-12-03 11:02:20 +01:00
yrutschle
e7ce929020 config file now read to struct with c2s; command line no longer works 2018-11-29 11:56:33 +01:00
yrutschle
aa77922ffd turn ssl setting from command line to tls (ssl no longer exists) 2018-09-30 21:34:22 +02:00
yrutschle
2ee0088c5f turn ssl setting from configuration file to tls (ssl no longer exists) 2018-09-30 20:20:06 +02:00
yrutschle
0003680137 remove old tls and ssl targets, only use alpn/sni probe also for TLS with no extensions 2018-09-23 12:07:06 +02:00
yrutschle
108a9780d8
Merge pull request #187 from msantos/segfault 
Fix potential segfaults (unverified malloc() returns) and other robustness issues
 2018-06-18 16:45:51 +02:00
Michael Santos
9228171eb0 config: exit if list element is invalid 2018-06-18 10:35:28 -04:00
Michael Santos
8ce2b2ea05 Check memory allocations succeed 2018-06-18 10:35:28 -04:00
Michael Santos
4c132e3c8d config: segfault parsing invalid sni/alpn 
Check return value of config_setting_get_string_elem() for error
before passing the result to strlen():

~~~ segfault.conf
protocols:
(
 { name: "tls"; host: "localhost"; port: "8443";  sni_hostnames:  [ 0 ];
}
);
~~~
 2018-06-18 10:35:28 -04:00
Roman
0ada00474b
Fixed a typo 
Just a typo in usage text.
 2018-06-14 14:31:50 +02:00
Mike Frysinger
0fb4c6b2ad add chroot support 
This allows people to chroot sslh into a path to further harden it.

We have to rework the user logic a bit because we need to look up
the user details *before* we chroot (as we need to read /etc/passwd
files), but do the actual priv dropping *after* we chroot (so we
have permission to make the actual chroot call).

Similarly, we need to open the syslog before we drop privs because
/dev/log won't be available inside the chroot.
 2018-01-03 10:19:59 -05:00
yrutschle
d26eab728c
Merge pull request #143 from astiob/select-fork 
sslh-select: support forking for particular protocols
 2018-01-02 22:26:58 +01:00
Yves Rutschle
a7f0c456ab die if target cannot be resolved (otherwise, we segfault when printing the settings or later) 2017-12-17 14:55:51 +01:00
Robert de Bath
4e790e074f Move hexdump to verbose level 2 
From the command line you use two "-v" options or in the configuration
file you replace the boolean "verbose:true" with an integer "verbose:2".
 2017-11-27 21:05:07 +00:00
Robert de Bath
338daafe87 Use REG_EXTENDED for regex matching 
The "7 regex" manual page called 'Basic' regular expressions "Obsolete".

It also matches the pcre expressions slightly better.
 2017-11-23 20:51:57 +00:00
Oleg Oshmyan
2544f20bdf sslh-select: support forking for particular protocols 
To keep the code simple, use the same event loop in the child process
as in the parent process but close all irrelevant file descriptors.
 2017-10-28 23:27:06 +03:00
Yves Rutschle
aa06261d70 added syslog_facility option 2017-07-21 22:46:24 +02:00
Yves Rutschle
dd900ebf3e fail gracefully if target protocol decription is incomplete 2017-07-09 20:51:53 +02:00
Yves Rutschle
e4a4e04bf8 Clarify no space after -F (Issue 108, take 2) 2017-01-08 13:00:19 +01:00
Yves Rutschle
067f5d7646 Revert "clarify no space after -F (issue 108)" 
This reverts commit f02ce3821c018719536971dbb1bc1ed1517530a2.

That commit accidently imported code that broke transparent
proxying.
 2017-01-08 12:54:34 +01:00
Yves Rutschlé
f02ce3821c clarify no space after -F (issue 108) 2016-11-06 19:44:47 +00:00
Yves Rutschlé
63a83cf041 fix SNI/ALPN option parsing (issue 90) 2016-05-20 07:52:24 +00:00
yrutschle
8f39c106e1 Merge pull request #56 from hogarthj/master 
Initial addition of systemd socket based activiation
 2016-02-05 16:46:47 +01:00
Yves Rutschle
414ed7de11 Support keepalive for connections on the connecting side 2016-02-04 09:19:54 +01:00
Yves Rutschle
1b9937b293 Support keepalive for connections on the listening side 2016-02-02 21:07:47 +01:00
James Hogarth
b3f48d9876 Add systemd capabilities to sslh, rebased on current master 2016-01-29 16:20:54 +00:00
Yves Rutschle
e5cb33fcb7 Add PCRE support for musl 2016-01-22 16:41:36 +01:00
moparisthebest
8af039d3eb Add ALPN protocol based probe 2016-01-05 00:32:10 -05:00
Yves Rutschle
2cb424c646 Added log_level option to configuration file, which switches off log at each connection 2015-12-15 15:51:18 +01:00
John Regan
ab3324be47 Enable PCRE as RegEx Library 2015-08-13 14:28:17 -04:00
Yves Rutschle
4cbaf447b5 Print error message upon non-existent configuration file 2015-07-28 15:14:21 +02:00
Yves Rutschle
ca461ea077 Added support for RFC4366 SNI (Server Name Indication). Changed configuration file format accordingly. 2015-07-17 15:05:06 +02:00
Yves Rutschle
8fdaf6eb08 changed configuration file to accomodate SNI in a cleaner way 2015-07-17 15:04:04 +02:00
Yves Rutschle
5886bd2d43 Print error message upon non-existent configuration file 2015-07-16 17:43:05 +02:00
moparisthebest
b988540105 Add SNI hostname based probe 2015-07-12 23:10:53 -04:00
Yves Rutschle
3aefaf3004 Added Makefile option to build without libpcre 2015-07-09 15:31:42 +02:00
James Hogarth
2192b28303 Check line number of error so that this works with libconfig-1.3.2 in CentOS6 2015-04-17 23:40:57 +01:00
Yves Rutschle
bb4aeb446a Use default configuration filename 2014-12-27 11:57:27 +01:00
Yves Rutschle
48d4d81e0c minor corrections to usage string 2014-04-19 10:41:17 +02:00
Yves Rutschle
7d6cac73d4 added transparent option to man page and help 2014-03-30 18:25:03 +02:00
Yves Rutschle
6bcb5c83f2 libcap support: print out process capabilities at startup if verbose 2014-02-09 21:39:27 +01:00
Yves Rutschle
5998c9ec1a Do not require --listen when --inetd is specified 2014-01-06 22:21:44 +01:00
Ondrej Kuzník
025545aee3 Fix typos and type warnings 2013-09-28 20:49:46 +02:00
Mike Frysinger
2d23cdc9f4 check asprintf return value 
The current asprintf usage triggers many warnings like:

sslh-main.c: In function 'print_usage':
sslh-main.c:86:17: warning: ignoring return value of 'asprintf',
	declared with attribute warn_unused_result [-Wunused-result]

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
 2013-09-17 00:26:44 -04:00