third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-15 16:40:34 +03:00
Code Issues Packages Projects Releases Wiki Activity
446 Commits 3 Branches 42 Tags
Commit Graph

446 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yrutschle
d2b64c7f38
Merge pull request #211 from licaon-kter/patch-1 
Update verbose option in examples
 2019-01-19 08:22:10 +01:00
Licaon_Kter
d647b4eb55
And here 2019-01-19 00:27:11 +00:00
Licaon_Kter
a584348a55
Update verbose option in examples 2019-01-19 00:26:06 +00:00
yrutschle
530acc7c72 Moved command line parsing to conf2struct 2019-01-12 21:33:44 +01:00
yrutschle
dbc0667ad3 removed obsolete declarations 2018-12-08 22:55:03 +01:00
yrutschle
e8654da78c Moved configuration file parsing to conf2struct, which 
abstract all the tedious bits of reading the settings from
the file into a structure.
 2018-12-07 08:41:40 +01:00
yrutschle
343b0a0fbf reactivate tests 2018-12-07 08:40:30 +01:00
yrutschle
ad0adfb0e1 re-integrate command line support 2018-12-07 08:32:36 +01:00
yrutschle
33ab9d535d code cleanup and adaptation of regex probe 2018-12-04 23:11:04 +01:00
yrutschle
d3d4fd657a moved config parse to c2s code 2018-12-03 11:02:20 +01:00
yrutschle
e2fddf17fc updated description to better match our maturity 2018-11-29 18:31:55 +01:00
yrutschle
e7ce929020 config file now read to struct with c2s; command line no longer works 2018-11-29 11:56:33 +01:00
yrutschle
7af31c45c9 fix tests so that fragmented tests actually work 2018-11-29 11:52:25 +01:00
Yves Rutschle
4ae2e62d25 v1.20 v1.20 2018-11-20 22:58:41 +01:00
yrutschle
8ec9799ca0 fix ssl tests 2018-11-04 22:59:01 +01:00
yrutschle
80ad31aec0 refactoring: replace magic constants with symbols 2018-11-04 22:25:16 +01:00
yrutschle
d6c714166a only try to parse TLS extensions if settings are actually set 2018-09-30 21:35:45 +02:00
yrutschle
aa77922ffd turn ssl setting from command line to tls (ssl no longer exists) 2018-09-30 21:34:22 +02:00
yrutschle
2ee0088c5f turn ssl setting from configuration file to tls (ssl no longer exists) 2018-09-30 20:20:06 +02:00
yrutschle
f480eb6c7d refactoring: simpler TLS extension parsing algorithm 2018-09-28 13:58:33 +02:00
yrutschle
6431bb7e35 refactoring: changed magic numbers for use_alpn to named bitfields 2018-09-23 22:29:25 +02:00
yrutschle
6d6ea50066 Merge branch 'master' of https://github.com/yrutschle/sslh 2018-09-23 21:57:16 +02:00
yrutschle
71265a8477
Merge pull request #201 from astiob/probe-strlen 
Fix incorrect strncmp length in HTTP method probing
 2018-09-23 21:56:51 +02:00
yrutschle
0003680137 remove old tls and ssl targets, only use alpn/sni probe also for TLS with no extensions 2018-09-23 12:07:06 +02:00
Oleg Oshmyan
e8f0d3ea53 Fix HTTP method probing 2018-09-22 15:50:40 +03:00
yrutschle
a5d00568b5
Merge pull request #199 from rom1dep/sni_alpn_errmatching 
tls: proposed fix for incorrect SNI/ALPN matching
 2018-08-30 23:16:28 +02:00
yrutschle
ffe9971624 test suite for SNI/ALPN with multiple targets and all combinations covered 2018-08-30 19:50:53 +02:00
Yves Rutschle
1693436cc3 automatic test for SNI/ALPN (single target) 2018-08-29 19:18:23 +02:00
Romain DEP.
e42f670112 tls: proposed fix for incorrect SNI/ALPN matching 2018-08-21 22:36:01 +02:00
Yves Rutschle
60df92c2b2 prevent repeated reads on broken sockets 2018-08-14 23:05:49 +02:00
Yves Rutschle
8ad32816a6 last_p might be used uninitialised if last probe has no probe set (which I don't think might happen, but anyhow...) 2018-08-14 22:52:52 +02:00
Yves Rutschle
677e385fec new probing algorithm 2018-08-13 22:29:09 +02:00
Yves Rutschle
b6db83a701 also test probes when no fragmentation occurs 2018-08-12 21:45:42 +02:00
Yves Rutschle
3a17bd6832 removed obsolete tests 2018-08-12 21:35:42 +02:00
Yves Rutschle
94911c1c2a cleaner framework to test all probes methodically (not all tests work as the probe code needs to be reworked) 2018-08-11 23:13:24 +02:00
Yves Rutschle
d7889588da Merge branch 'master' of https://www.github.com/yrutschle/sslh 2018-08-04 22:34:20 +02:00
Yves Rutschle
ad2b595280 Test suite: some cleanup and use config file instead of command-line parameters 2018-08-04 22:33:02 +02:00
Yves Rutschle
9df1ab8404 fix man page on timeout default protocol 2018-07-31 19:54:46 +00:00
yrutschle
10fb0bce6f
Merge pull request #192 from candrews/patch-5 
Include common.h in systemd-sslh-generator.c
 2018-07-11 13:18:50 +02:00
Craig Andrews
eb53c45351
Include common.h in systemd-sslh-generator.c 
Fixes https://github.com/yrutschle/sslh/issues/188
 2018-07-06 12:30:28 -04:00
Yves Rutschle
a1cc399ae5 fix syslog facility name check 2018-07-03 12:22:03 +02:00
yrutschle
108a9780d8
Merge pull request #187 from msantos/segfault 
Fix potential segfaults (unverified malloc() returns) and other robustness issues
 2018-06-18 16:45:51 +02:00
Michael Santos
9228171eb0 config: exit if list element is invalid 2018-06-18 10:35:28 -04:00
Michael Santos
8ce2b2ea05 Check memory allocations succeed 2018-06-18 10:35:28 -04:00
Michael Santos
4c132e3c8d config: segfault parsing invalid sni/alpn 
Check return value of config_setting_get_string_elem() for error
before passing the result to strlen():

~~~ segfault.conf
protocols:
(
 { name: "tls"; host: "localhost"; port: "8443";  sni_hostnames:  [ 0 ];
}
);
~~~
 2018-06-18 10:35:28 -04:00
Michael Santos
cfd0163a5b main_loop: initialize in_socket 
in_socket may be used uninitialized if no addresses are available.

~~~
sslh-select.c:415:8: warning: Function call argument is an uninitialized value
                            check_access_rights(in_socket, cnx[i].proto->service)) {
                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
 2018-06-18 10:35:28 -04:00
Michael Santos
5cf591a254 Avoid segfault with malformed IPv6 address 
A literal IPv6 address without a trailing bracket will result in a write
past the end of the address buffer:

~~~ segfault.conf
protocols:
(
 { name: "tls"; host: "["; port: "8443"; }
);
~~~

~~~
$ sslh-select -p 127.0.0.1:443 --foreground -F./segfault.conf
[: no closing bracket in IPv6 address?
Segmentation fault (core dumped)
~~~
 2018-06-18 10:35:28 -04:00
Michael Santos
c179d9a57b start_listen_sockets: exit if no addresses 
Do not allocate a 0 byte buffer if no addresses are available:

    common.c:122:14: warning: Call to 'malloc' has an allocation size of 0 bytes
       *sockfd = malloc(num_addr * sizeof(*sockfd[0]));
		 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 2018-06-18 10:35:28 -04:00
yrutschle
336e8bb9d1
Merge pull request #186 from Revertron/patch-1 
Fixed a typo
 2018-06-14 16:36:13 +02:00
Roman
0ada00474b
Fixed a typo 
Just a typo in usage text.
 2018-06-14 14:31:50 +02:00