as libpcre has to better binary support.
Note, just linking libpcre only has no effect, the posix functions are
provided by libpcreposix.
Use "make USELIBPCRE=" to turn libpcre off and link POSIX library.
6cc3382 introduced a potential buffer overflow. Ensure that hostname is
always null-terminated. (Issue #135)
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
The existing TLS probe is documented to ignore SSL 2.0, citing RFC 6176 as a reason.
RFC 6176 does prohibit the usage of SSL 2.0, but does allow for ClientHello messages
in the version 2 CLIENT-HELLO format (as long as those are used to negotiate the use
of a higher protocol).
This commit extends the TLS probe, by making it accept SSL v2 ClientHello messages
that negotiate a version of SSL/TLS 1.0 or higher (which is the same version range
as the original code).
Previously, if some data was still deferred after the connect_queue
call, the server side of the connection would never start being
monitored for reads, while the client side kept being monitored
and new data from the client could be sent to the server before
the previously deferred data.
This allows for some more generalized configs.
You don't need to specify ports anymore and still can
connect directly to the running services if you want.
It also allows you to use "localhost" as destination in your sslh config,
something that wasn't possible with the old scheme.
Provides a sample config for Let's Encrypt using the tls-sni-*
challenges. Requires wildcard support added in 6cc3382.
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
Use fnmatch(3) to provide support for glob style wildcard values in the
ALPN and SNI parameters of the TLS probe.
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
version.h is included by some .o files, but it is generated. As such, it
must be a dependency of those .o files.
Rather than filter exactly which .o file needs it, just add a generic
dependency for all .o files on version.h.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
