Commit 5602dc12 authored by Hilko Bengen's avatar Hilko Bengen

New upstream version 0.5.5

parent b72ac3ad
......@@ -27,6 +27,7 @@ patches or pull requests, in chronological order of their first contribution:
- Levente Polyak ([anthraxx](https://github.com/anthraxx))
- Nick French ([naf419](https://github.com/naf419))
- Cihan Kömeçoğlu ([cihankom](https://github.com/cihankom))
- Sergey Pinaev (n/a)
Many more individuals have contributed by reporting bugs or feature requests.
See [issue tracker on Github][1], `NEWS.md` and `git log` for details.
......
......@@ -5,38 +5,40 @@
#
# Dependencies and features are auto-detected, but can be overridden:
#
# OPENSSL_BASE Prefix of OpenSSL library and headers to build against
# LIBEVENT_BASE Prefix of libevent library and headers to build against
# LIBPCAP_BASE Prefix of libpcap library and headers to build against
# LIBNET_BASE Prefix of libnet library and headers to build against
# CHECK_BASE Prefix of check library and headers to build against (optional)
# PKGCONFIG Name/path of pkg-config program to use for auto-detection
# PCFLAGS Additional pkg-config flags
# XNU_VERSION Version of included XNU headers to build against (OS X only)
# FEATURES Enable optional or force-enable undetected features (see below)
# OPENSSL_BASE Prefix of OpenSSL library and headers to build against
# LIBEVENT_BASE Prefix of libevent library and headers to build against
# LIBPCAP_BASE Prefix of libpcap library and headers to build against
# LIBNET_BASE Prefix of libnet library and headers to build against
# CHECK_BASE Prefix of check library and headers to build against (optional)
# PKGCONFIG Name/path of pkg-config program to use for auto-detection
# PCFLAGS Additional pkg-config flags
# XNU_VERSION Version of included XNU headers to build against (OS X only)
# FEATURES Enable optional or force-enable undetected features (see below)
#
# Where and how to install to:
#
# PREFIX Prefix to install under (default /usr/local)
# DESTDIR Destination root under which prefix is located (default /)
# MANDIR Subdir of PREFIX that contains man section dirs
# INSTALLUID UID to use for installed files if installing as root
# INSTALLGID GID to use for installed files if installing as root
# PREFIX Prefix to install under (default /usr/local)
# DESTDIR Destination root under which prefix is located (default /)
# BINDIR Path to user executables (default $(PREFIX)/bin)
# MANDIR Path to man section dirs (default $(PREFIX)/share/man)
# SYSCONFDIR Path to system configuration (default $(PREFIX)/etc)
# INSTALLUID UID to use for installed files if installing as root
# INSTALLGID GID to use for installed files if installing as root
#
# Standard compiler variables are respected, e.g.:
#
# CC Compiler, e.g. for cross-compiling, ccache or ccc-analyzer
# CFLAGS Additional compiler flags, e.g. optimization flags
# CPPFLAGS Additional pre-processor flags
# LDFLAGS Additional linker flags
# LIBS Additional libraries to link against
# SOURCE_DATE_EPOCH Set to epoch time to make the build reproducible
# CC Compiler, e.g. for cross-compiling, ccache or ccc-analyzer
# CFLAGS Additional compiler flags, e.g. optimization flags
# CPPFLAGS Additional pre-processor flags
# LDFLAGS Additional linker flags
# LIBS Additional libraries to link against
# SOURCE_DATE_EPOCH Set to epoch time to make the build reproducible
#
# On macOS, the following build environment variables are respected:
#
# DEVELOPER_DIR Override Xcode Command Line Developer Tools directory
# MACOSX_VERSION_MIN Minimal version of macOS to target, e.g. 10.11
# SDK SDK name to build against, e.g. macosx, macosx10.11
# DEVELOPER_DIR Override Xcode Command Line Developer Tools directory
# MACOSX_VERSION_MIN Minimal version of macOS to target, e.g. 10.11
# SDK SDK name to build against, e.g. macosx, macosx10.11
#
# Examples:
#
......@@ -46,6 +48,9 @@
# Create a statically linked binary:
# % PCFLAGS='--static' CFLAGS='-static' LDFLAGS='-static' make
#
# Build against musl libc that needs an additional library for fts(3):
# % LIBS='-lfts' make
#
# Build a macOS binary for El Capitan using the default SDK from Xcode 7.3.1:
# % MACOSX_VERSION_MIN=10.11 DEVELOPER_DIR=/Applications/Xcode-7.3.1.app/Contents/Developer make
......@@ -177,7 +182,9 @@ endif
### Variables you might need to override
PREFIX?= /usr/local
MANDIR?= share/man
BINDIR?= $(PREFIX)/bin
SYSCONFDIR?= $(PREFIX)/etc
MANDIR?= $(PREFIX)/share/man
INSTALLUID?= 0
INSTALLGID?= 0
......@@ -504,7 +511,7 @@ clean:
$(RM) -f $(TARGET).conf
$(RM) -rf *.dSYM
SUBSTITUTIONS:= -e 's,/usr/local,$(PREFIX),' \
SUBSTITUTIONS:= -e 's,/usr/local/etc/sslsplit,$(SYSCONFDIR)/$(TARGET),' \
-e 's,@@VERSION@@,$(VERSION),' \
-e 's,@@DATE@@,$(BUILD_DATE),'
......@@ -518,30 +525,28 @@ $(TARGET).conf.5: $(TARGET).conf.5.in $(MKFS) FORCE
$(SED) $(SUBSTITUTIONS) <$< >$@
install: $(TARGET) $(TARGET).conf $(TARGET).1 $(TARGET).conf.5
test -d $(DESTDIR)$(PREFIX)/bin || $(MKDIR) -p $(DESTDIR)$(PREFIX)/bin
test -d $(DESTDIR)$(PREFIX)/$(TARGET) || \
$(MKDIR) -p $(DESTDIR)$(PREFIX)/sslsplit
test -d $(DESTDIR)$(PREFIX)/$(MANDIR)/man1 || \
$(MKDIR) -p $(DESTDIR)$(PREFIX)/$(MANDIR)/man1
test -d $(DESTDIR)$(PREFIX)/$(MANDIR)/man5 || \
$(MKDIR) -p $(DESTDIR)$(PREFIX)/$(MANDIR)/man5
test -d $(DESTDIR)/var/log/$(TARGET) || \
$(MKDIR) -p $(DESTDIR)/var/log/$(TARGET)
test -d $(DESTDIR)/var/run/$(TARGET) || \
$(MKDIR) -p $(DESTDIR)/var/run/$(TARGET)
test -d $(DESTDIR)$(BINDIR) || $(MKDIR) -p $(DESTDIR)$(BINDIR)
test -d $(DESTDIR)$(SYSCONFDIR)/$(TARGET) || \
$(MKDIR) -p $(DESTDIR)$(SYSCONFDIR)/$(TARGET)
test -d $(DESTDIR)$(MANDIR)/man1 || \
$(MKDIR) -p $(DESTDIR)$(MANDIR)/man1
test -d $(DESTDIR)$(MANDIR)/man5 || \
$(MKDIR) -p $(DESTDIR)$(MANDIR)/man5
$(INSTALL) $(BINOWNERFLAGS) -m $(BINMODE) \
$(TARGET) $(DESTDIR)$(PREFIX)/bin/
$(TARGET) $(DESTDIR)$(BINDIR)/
$(INSTALL) $(CNFOWNERFLAGS) -m $(CNFMODE) \
$(TARGET).conf \
$(DESTDIR)$(PREFIX)/$(TARGET)/$(TARGET).conf.sample
$(DESTDIR)$(SYSCONFDIR)/$(TARGET)/$(TARGET).conf.sample
$(INSTALL) $(MANOWNERFLAGS) -m $(MANMODE) \
$(TARGET).1 $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/
$(TARGET).1 $(DESTDIR)$(MANDIR)/man1/
$(INSTALL) $(MANOWNERFLAGS) -m $(MANMODE) \
$(TARGET).conf.5 $(DESTDIR)$(PREFIX)/$(MANDIR)/man5/
$(TARGET).conf.5 $(DESTDIR)$(MANDIR)/man5/
deinstall:
$(RM) -f $(DESTDIR)$(PREFIX)/bin/$(TARGET) $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/$(TARGET).1 \
$(DESTDIR)$(PREFIX)/$(MANDIR)/man5/$(TARGET).conf.5
$(RM) -f $(DESTDIR)$(BINDIR)/$(TARGET) \
$(DESTDIR)$(MANDIR)/man1/$(TARGET).1 \
$(DESTDIR)$(MANDIR)/man5/$(TARGET).conf.5
$(RM) -rf $(DESTDIR)$(SYSCONFDIR)/$(TARGET)/
ifdef GITDIR
lint:
......@@ -558,7 +563,7 @@ mantest: $(TARGET).1 $(TARGET).conf.5
$(MAN) -M . 5 $(TARGET).conf
$(RM) man1 man5
copyright: *.c *.h *.1 *.5 extra/*/*.c
copyright: *.c *.h *.1.in *.5.in extra/*/*.c
Mk/bin/copyright.py $^
$(PKGNAME)-$(VERSION).1.txt: $(TARGET).1
......
03241b07aa0107e355f8d2acd0aa62d5a717594b *attrib.h
43c49ce68f25fcdd7fa88d4fad7de04422546bc0 *base64.c
c44965f9427e056884646b0f402da05acfd9cdf2 *base64.h
e1e4cfd752c10a19cd27595076bd7d38fa3baf02 *base64.t.c
62ee8c280298f4d3aa9279bfb6290f4df0d07d21 *build.c
9dd41d0f935f3ac6b32d093006437819eb2d241a *build.h
90d4099c5d59a883fc13e1c7973c3d9093a7c451 *cache.c
4043f3c26bb5671ac1a072afff40a57f383cfb4a *cache.h
a3c99dc46f4de2f5a90bc2e6e1a7641b6fca9a26 *cachedsess.c
9e96ba6dd78b5e2a77dbcde464811bef914b5e6d *cachedsess.h
65b18ac4f192eef52175c86b458b33766299afd1 *cachedsess.t.c
efb2ee4651c49dae780d18edf1a365d668643ec7 *cachefkcrt.c
58b9173a8b5dcc7559c3c1c35fec069206ec4691 *cachefkcrt.h
e7bc608c06892aad7868be4371e7dc4767c9cbf8 *cachefkcrt.t.c
60c4ca7e06414a5da6d5f9ee5c2eb76a19e61fd0 *cachemgr.c
ef4128dc5505239c2d66ee2b62fb6edf576b121c *cachemgr.h
1aeee7b70e3996669174389b340a6586dd8ccbde *cachemgr.t.c
d8424fc53a0d2c276589b64006be30925ef6928d *cachessess.c
d3b146ace5abeab8eb8003b91e3627520ced5933 *cachessess.h
18df10bb5b080f1bdef09f94ba4a4f4b267d9afa *cachessess.t.c
f53c400b429ae3b1ece40671964638c56e710a60 *cachetgcrt.c
6c3351f925c8b360e4da3a8d4d70d685321b0281 *cachetgcrt.h
2fe4c50226f9231f4667dead63a69963c7fd621a *cachetgcrt.t.c
40dcae4b10bdde922d6cd37c9b3fe436eddc61ae *cert.c
d1a6e0a1d47dc4a2d0a689b4e0760b7b5a5a34a1 *cert.h
d513672c844418224cfde104d497c3c648bcb515 *cert.t.c
b5a710d76e3f0f365c6f89c90de4e2150ebc9e8e *defaults.h
d1a1cba7109da63c0ceec53a19ba1e0f6ca5db90 *defaults.t.c
b07faf6eaf93c84fc470aaf79c98b57c40a2e855 *dynbuf.c
dc609e1aa0024e18f2ce926a72bbe4640b44243b *dynbuf.h
41483fcb558729fd17bf4d8eaaa00562424ac2d4 *dynbuf.t.c
0e05a574925069e21704c8713b81c029e31a834a *attrib.h
6666dc46af47e7e154f82b0eddd82965776faa63 *base64.c
6a2f705e603adde74cdd56b9e3fcc023fb98fbdc *base64.h
b9b7b69d3768ff6413ca0707eb79ce6002073e84 *base64.t.c
64a7e880bd53e741e91ea50e1d18751698cb1645 *build.c
d998f3f92384223e7692e4b3bda7ef22cfe63e2b *build.h
27a7572e8490d4c61dead9f3cdbe71cab8ea6be1 *cache.c
09021971fbcafed7db78653e8ccd6c9eb7e61408 *cache.h
d1bd8f41cd77a954a17c9b13ceebf8d7ce42c057 *cachedsess.c
fec1f214d16278c98575deb7da3c817af2db321b *cachedsess.h
264e9070731ce536b2e722b61c4d170fca1f3aea *cachedsess.t.c
5c44566a10aaf7959cdebc5e1a315b15ab593cef *cachefkcrt.c
d922e710665ecb8bad9c98ceb17cdf9c87f6556a *cachefkcrt.h
adc999fb5b6b44bd05106805a2619bb4d3ba3ad6 *cachefkcrt.t.c
ebfa090d2e50cf352165e87b1c10a6b0a8f8cc7e *cachemgr.c
d3befe03746737e4273ca24250b5f81bf7ba50fb *cachemgr.h
a87afbfc62f38f49fb4e795ca9bcfb4e26f3f527 *cachemgr.t.c
3da07cdba2029aabfe64cab1af4d3487541334bb *cachessess.c
c4b7fc82ffce9256e913c3141603772266037758 *cachessess.h
2acfc7cd603e5f82f706b2bd6de691e7ccd73b26 *cachessess.t.c
ad066fae763e1f943996bcbf6a3d0ec19e3922ba *cachetgcrt.c
d54bc3289e9ae680626adf0e1ca77648c749eb37 *cachetgcrt.h
0c552b8b7410e39d9cab7358fe0da4468b1bdad8 *cachetgcrt.t.c
0504408135e45902077966de9faa0835cc853845 *cert.c
4451697e414de9fe01ef245003829569e72ab5d1 *cert.h
1a8b90f2b4b64da4bb308ce4c4e13ff6bdf09e98 *cert.t.c
40d92defc7b1051cd09903f87f6d84fc973982e7 *defaults.h
315d92914c6f2c9e16bee1975373bb7ebfe75500 *defaults.t.c
6fea993fcb9ecfeaf89293b99cd40af93316fc1a *dynbuf.c
5536442e60df198f9b36c97ef88f9348fef3a473 *dynbuf.h
5d3c686134b5ce58fa4ff6f21c441d62ad631fe0 *dynbuf.t.c
8d39d77399439e53466d1e6c559ac73b449f2831 *khash.h
b202d29cb5bb26a95181edb98fcc3f60000782df *log.c
0c1fd577572c5394fe27a505ac4cd91ae5cbdd28 *log.h
84d39b5892e97a52043df3b320db80f11253a493 *logbuf.c
4455a586c77a71bae630fdc8fc86f1b04a23757d *logbuf.h
88cb6b043c30d5980b9b6cddf6d3a2fa17c53fb4 *logbuf.t.c
b82f759c40e7cdad40557d46e7ba52ca7d99258b *logger.c
71e8424463ff28e5ab7fb03fe9427a06782418fc *logger.h
9dac3d4a80784fcb5b3f1e4347e90a0a01cd122f *logpkt.c
3770aeb8b48506741f787b3488efb5ede02d5726 *logpkt.h
de33817a10deb2293169d993005bab8e11f6b4c9 *main.c
b67542e40d234fca7a28798de792160608e79a27 *main.t.c
a41f56de157b21b751d3f553d3aa6aa0e8492bb8 *nat.c
0b810ce0ff0211f3414dedadbc41677356c308e5 *nat.h
1a7fa593184ddbe7db5859063aa14eb5e28caae7 *opts.c
d8ec45ad1f93daeec008107b20c83d1902ee23cf *opts.h
d2fb35f68146b937968f5d9bce4952ef6b41f394 *opts.t.c
b5fd89400f882b09b52b650a321b7550efaf2fdf *privsep.c
ae815a3c98460a9bc87006bdc85b0426ac838772 *privsep.h
5c3357f2df969c7f4c6783ff9657ec56908816a9 *proc.c
05e9efa6c2cd14b9664218087d289a560a9e7030 *proc.h
e78dff78a0c80bd964c6efeb05d4967cafcd5ae8 *proxy.c
e230abfc59b7f89f726ce31bf0f347f8a5cd3589 *proxy.h
2ad5526aab976b2c783fe0f7686899dabd8bafd3 *pxyconn.c
7b13bd7712e5c6e106cf8622018e36eb53cc6446 *pxyconn.h
8dd6d1512dc9058f9ed429d25b09e07d0ce617a9 *pxysslshut.c
31a238d9c35d4cd3f000b0e5f4203f24f1d11cbe *pxysslshut.h
f212cef02f14c6e057c7de95e1662cafc97278c8 *pxythrmgr.c
13fdf17c8c74480bbaae9f33720f1a75c92be1b2 *pxythrmgr.h
28aeb5e6bc99641644b4cc5698b68a159280251d *pxythrmgr.t.c
ad1b356de5faa05aae17b8164d759818e93e160e *ssl.c
73278b86eacebbc40d568be16a009c09ed3bf1d7 *ssl.h
3d153e28a3a1f39aff5c1286fad12d24c59b3579 *ssl.t.c
477033dcc49652f395f69d2d6ce2dd25f61b648e *sys.c
e705f9abfda4bc0015c08b3be8b941c478cac166 *sys.h
3715e4c33c614c2284be03f10a5d25da82ab411e *sys.t.c
1f5064b6869176c9c3da1f0a02a9bd52ad3a0fbd *thrqueue.c
568f42b5fbe81ab62a6b3be3bf83f1ba20fbbfb8 *thrqueue.h
d944c2365f32a665970a7cfca36e3d9434ae9c97 *url.c
75a4d5ce8e1e985a30a8fa747b3f5fa42eb4286d *url.h
f3578cc43e2e4d98296990f962e5ed9d80fe38ae *url.t.c
35f9f85b5d018f8f99461cbefd22f4ac9679cf12 *util.c
3185668df88b536665a46d825ffebb45137ee676 *util.h
b1f9a5c549f8dc9da2f7ac33e4040d32113c70d6 *util.t.c
cd9e0137551578e033f1d4959d545359517324ca *log.c
e68217f617550ef1640a1a07db1497ee8d6c302e *log.h
09b1cf18da0721ccc4aca5433d8807eafb9e84b1 *logbuf.c
69da2d17df3cffc0253a4a0db92ad6717ee689db *logbuf.h
0608dfcc7151afa52c1c74230cba67d37d527f48 *logbuf.t.c
520af0dba817c34b7ef7dced8a8a62828905b5ba *logger.c
d33d8dc04f634d954ae274c9e1ce3fe1894b9be9 *logger.h
58a5a354ea55d34fc5cf69fc0b280a9d68a3a2e7 *logpkt.c
dc21d75aea1fc8c9579857b5c001b1d2e94d874c *logpkt.h
59f3929fc1450cd1059582ce125ca2b8a04b5523 *main.c
69f852b446dd56de6e6c15e7321037720b8aca5b *main.t.c
35c3806bfba278fa4b71fde4726e9363e9627848 *nat.c
427557b8daeb7fd38f2accc17eade30dab46bbce *nat.h
227d323ef77124729f4f77622fafcd8d3bee8283 *opts.c
a5a83c0bebe094c1b9c03f66f6a01f9424bce34b *opts.h
65c059e7cebf27d95bca443f508386a4f439ba92 *opts.t.c
8f310302cfe05d2a39c366a479fd0e4c7b252694 *privsep.c
6b84dab86c6a2038303512b0d72e35a8418b03dd *privsep.h
ae7030dcab1b9a0d345c4d6a453db6251898aafb *proc.c
c0b46c0c3fd002262e4623b02134958059eebb1b *proc.h
f14f039ff9e8fbcdfa2fa45ff73c55ef60c4e4e2 *proxy.c
7d50ddeef91740edce9c51768ae4315dbecdec2d *proxy.h
f744e3a3fb32701b91702e870aaa96202b3aaccc *pxyconn.c
b0a46e85d8524e7c758b2172596c1f6d7e8a8873 *pxyconn.h
f41898afda043472729d0c6970ae06b4d32891fd *pxythrmgr.c
8f3804e3d9139aa3e35957c245db9a98117c5ca6 *pxythrmgr.h
a0d391a6c62807836ef1b885056060caabee4422 *pxythrmgr.t.c
3513b8ce8dd4ccfc529815aa8b8f29563f131bc2 *ssl.c
9a4b3692d8833ebbc464c704b3b436fae716dbcc *ssl.h
6cb8c897cd6b0d5131190f1ce1865cc7d7ca7be9 *ssl.t.c
93ffa9f6b6f984b61e080fdcae44c5f5e7638003 *sys.c
2a3364a2cc936b2ff976eb8b6dcff93c3c948890 *sys.h
c57932e19ab55ff4dd69307bf0c0636daebddeda *sys.t.c
55b666be103a42cf050a75e807073874f63e881d *thrqueue.c
7716da358ccc21bfd1e9faf92c32bd09ba0fecaf *thrqueue.h
27f2e79f50bd9ee05015884669f3fa0fb1b739ff *url.c
cc8340ed84a809941e744950e049733b1069913f *url.h
fab4fa6bb29788410bf2f48b3decfc755ab3c390 *url.t.c
dbf65d54211bbe8ed8579178511275f56f625ffc *util.c
6a66a58ab1079e7a169a342ec6148d1ac698df0f *util.h
30b3ad31ae4a5edad14739425e0932a836359db6 *util.t.c
BSD 2-Clause License
Copyright (c) 2009-2018, Daniel Roethlisberger and contributors.
Copyright (c) 2009-2019, Daniel Roethlisberger and contributors.
All rights reserved.
Redistribution and use in source and binary forms, with or without
......
#!/usr/bin/env python3
# vim: set ft=python list et ts=8 sts=4 sw=4:
# Update the copyright headers in all source files passed on the command line.
# The copyright headers are comments at the beginning of lines that are
# marked by a dash immediately at the start of the comment.
# The entire copyright header is replaced by the copyright in LICENSE, with the
# exception of contributor's additional Copyright lines, which are kept intact
# as found in each source file.
import sys
import os
MAIN_NAME = 'Daniel Roethlisberger'
MAIN_EMAIL = 'daniel@roe.ch'
TITLE = ('SSLsplit - transparent SSL/TLS interception\n'
'https://www.roe.ch/SSLsplit\n\n')
class Language:
def __init__(self, begin, each, end):
self.begin = begin
self.each = each
self.end = end
def is_end(self, line):
if self.end != None:
return line.startswith(self.end)
else:
return not line.startswith(self.each)
languages = []
languages.append(Language('/*-', ' *', ' */')) # c
languages.append(Language('#-', '#', None)) # scripts and make files
languages.append(Language('.\\"-', '.\\"', None)) # troff
def split_before(s, delimiter):
s1, s2 = s.split(delimiter, 1)
return s1, delimiter + s2
def commentline(prefix, line):
if len(line) > 0:
return prefix + ' ' + line + '\n'
return prefix + '\n'
def license(outfile, filetype):
def license(outfile, language, contribrights=''):
with open('LICENSE', 'r') as f:
# skip title
f.readline()
f.readline()
text = f.read()
text = ('SSLsplit - transparent SSL/TLS interception\n'
'https://www.roe.ch/SSLsplit\n\n') + text.replace(
'and contributors', '<daniel@roe.ch>')
lines = text.splitlines()
if filetype == 'c':
outfile.write('/*-\n')
for line in lines:
outfile.write(commentline(' *', line))
elif filetype == 'script':
outfile.write('#-\n')
for line in lines:
outfile.write(commentline('#', line))
elif filetype == 'man':
outfile.write('.\\"-\n')
for line in lines:
outfile.write(commentline('.\\"', line))
else:
raise RuntimeError()
license = f.read()
header, rest = split_before(license, 'Copyright')
copyright, legalese = split_before(rest, 'All rights reserved')
copyright = copyright.replace('and contributors', '<%s>' % MAIN_EMAIL)
text = TITLE + copyright + contribrights + legalese
outfile.write('%s\n' % language.begin)
for line in text.splitlines():
outfile.write(commentline(language.each, line))
def mangle(outfile, infile):
contribs = []
language = None
have_first = False
have_header = False
for line in infile:
if have_header:
outfile.write(line)
elif have_first:
if (filetype == 'c' and line.startswith(' */')) or \
(filetype == 'script' and not line.startswith('#')) or \
(filetype == 'man' and not line.startswith('.\\"')):
if language.is_end(line):
license(outfile, language, ''.join(contribs))
outfile.write(line)
have_header = True
elif 'Copyright' in line and not MAIN_NAME in line:
prefix, copyright = split_before(line, 'Copyright')
contribs.append(copyright)
else:
if line.startswith('/*-'):
filetype = 'c'
elif line.startswith('#-'):
filetype = 'script'
elif line.startswith('.\\"-'):
filetype = 'man'
else:
for lang in languages:
if line.startswith(lang.begin):
language = lang
break
if language == None:
outfile.write(line)
continue
license(outfile, filetype)
have_first = True
for fn in sys.argv[1:]:
......
......@@ -36,6 +36,10 @@ libevent-2.1.8)
EVENTPATCH=Mk/patches/libevent-2.1.8.diff
EVENTOPTS="$EVENTOPTS --disable-libevent-regress --disable-samples"
;;
libevent-2.1.11)
EVENTURL=https://github.com/libevent/libevent/releases/download/release-2.1.11-stable/libevent-2.1.11-stable.tar.gz
EVENTOPTS="$EVENTOPTS --disable-libevent-regress --disable-samples"
;;
libevent-2.0.22)
EVENTURL=https://github.com/libevent/libevent/releases/download/release-2.0.22-stable/libevent-2.0.22-stable.tar.gz
;;
......
### SSLsplit 0.5.5 2019-08-30
- Add -A option for specifying a default leaf certificate instead of
generating it on the fly (issue #139).
- Rename the following config file options for clarity and consistency:
- LeafCerts to LeafKey
- TargetCertDir to LeafCertDir
- CRL to LeafCRLURL
The old syntax is still accepted for backwards compatibility.
- Increase the default RSA leaf key size to 2048 bits and force an OpenSSL
security level of 0 in order to maximize interoperability in the default
configuration. OpenSSL with a security level of 2 or higher was rejecting
our old default leaf key size of 1024 bits (issue #248).
- Propagate the exit status of the privsep child process to the parent
process and use 128+signal convention (issue #252).
- Fix unexpected connection termination for certificates without a subject
common name.
- Fix TCP ports in packet mirroring mode (issue #247).
- Fix certificate loading with LibreSSL 2.9.2 and later.
- Fix MANDIR make variable semantics to GNU standards and introduce
BINDIR and SYSCONFDIR in order to allow better control over where files are
installed by the install target (pull request #255 by @arkamar and
follow-up work). Also fixes the sample config file to be installed to
$(SYSCONFDIR)/sslsplit/ instead of $(PREFIX)/sslsplit/ by default.
- No longer create /var/log/sslsplit and /var/run/sslsplit directories as
part of `make install` (issue #251).
- Add XNU headers for macOS Mojave 10.14.1 to 10.14.3.
- Minor bugfixes and improvements.
### SSLsplit 0.5.4 2018-10-29
This release includes work sponsored by HackerOne.
......@@ -75,9 +105,9 @@ This release includes work sponsored by HackerOne.
- Fix data processing when EOF is received before all incoming data has been
processed.
- Fix multiple signal handling issues in the privilege separation parent
which led to the parent process being killed ungracefully (SIGTERM) or
being stuck in wait() while still having signals (SIGQUIT etc) queued up
for forwarding to the child process (issue #137).
which led to the parent process being killed ungracefully or being stuck
in wait() while still having signals queued up for forwarding to the child
process (issue #137).
- No longer assume an out of memory condition when a certificate contains
neither a CN nor a subjectAltName extension.
- Fix parallel make build (-j) for the test target (issue #140).
......
# SSLsplit - transparent SSL/TLS interception
https://www.roe.ch/SSLsplit
[![Build Status](https://travis-ci.org/droe/sslsplit.svg)](https://travis-ci.org/droe/sslsplit)
[![Gitter chat](https://badges.gitter.im/droe/sslsplit.png)](https://gitter.im/droe/sslsplit)
## Overview
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted
......@@ -52,10 +55,10 @@ the various NAT engines.
## Requirements
SSLsplit depends on the OpenSSL, libevent 2.x, libpcap and libnet 1.1.x
libraries bydefault; libpcap and libnet are not needed if the mirroring feature
is omitted. The build depends on GNU make and a POSIX.2 environment in `PATH`.
If available, pkg-config is used to locate and configure the dependencies. The
optional unit tests depend on the check library.
libraries by default; libpcap and libnet are not needed if the mirroring
feature is omitted. The build depends on GNU make and a POSIX.2 environment in
`PATH`. If available, pkg-config is used to locate and configure the
dependencies. The optional unit tests depend on the check library.
SSLsplit currently supports the following operating systems and NAT mechanisms:
......
/*
/*-
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......
......@@ -2,7 +2,7 @@
* SSLsplit - transparent SSL/TLS interception
* https://www.roe.ch/SSLsplit
*
* Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
* Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
......