Modified is_adb_protocol in patch.c to check if initial host->device
packet sends an empty message for reasons unknown. This was introduced
in ADB master in https://android-review.googlesource.com/c/342653.
The existing TLS probe is documented to ignore SSL 2.0, citing RFC 6176 as a reason.
RFC 6176 does prohibit the usage of SSL 2.0, but does allow for ClientHello messages
in the version 2 CLIENT-HELLO format (as long as those are used to negotiate the use
of a higher protocol).
This commit extends the TLS probe, by making it accept SSL v2 ClientHello messages
that negotiate a version of SSL/TLS 1.0 or higher (which is the same version range
as the original code).
This allows Android devices to run multiple services on one port. A
common use case involves muxing SSH for SCP / SFTP, and ADB for
sideloading packages or running CTS.
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
original wasn't catching the preamble from Adium or Pidgin XMPP clients, because of a newline after the initial <xml> line. Grew the length of the check string so it'd see the word 'jabber' faster.
The current asprintf usage triggers many warnings like:
sslh-main.c: In function 'print_usage':
sslh-main.c:86:17: warning: ignoring return value of 'asprintf',
declared with attribute warn_unused_result [-Wunused-result]
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Corrected OpenVPN probe to support pre-shared secret
mode (OpenVPN port-sharing code is... wrong). Thanks
to Kai Ellinger for help in investigating and
testing.
Added an actual TLS/SSL probe.
Added configurable --on-timeout protocol
specification.
Added a --anyprot protocol probe (equivalent to what
--ssl was).
Makefile respects the user's compiler and CFLAG
choices (falling back to the current values if
undefined), as well as LDFLAGS.
(Michael Palimaka)
Added "After" and "KillMode" to systemd.sslh.service
(Thomas Weischuh).
Added LSB tags to etc.init.d.sslh
(Thomas Varis).
Added support for configuration file.
New protocol probes can be defined using regular
expressions that match the first packet sent by the
client.
sslh now connects timed out connections to the first
configured protocol instead of 'ssh' (just make sure
ssh is the first defined protocol).
sslh now tries protocols in the order in which they
are defined (just make sure sslh is the last defined
protocol).
