tlsproxy/tlsproxy.git
7 years agoDisable RC4. master
Simon Ruderich [Mon, 6 Jan 2014 00:50:42 +0000 (01:50 +0100)]
Disable RC4.

7 years agotests/client.c: Clarify usage message.
Simon Ruderich [Thu, 2 Jan 2014 15:10:29 +0000 (16:10 +0100)]
tests/client.c: Clarify usage message.

7 years agoconnection.c: Fix minor documentation typo.
Simon Ruderich [Thu, 2 Jan 2014 15:06:10 +0000 (16:06 +0100)]
connection.c: Fix minor documentation typo.

7 years agoUpdate copyright year.
Simon Ruderich [Thu, 2 Jan 2014 15:05:57 +0000 (16:05 +0100)]
Update copyright year.

7 years agotests: Log output of gnutls-serv during the tests.
Simon Ruderich [Thu, 2 Jan 2014 15:00:00 +0000 (16:00 +0100)]
tests: Log output of gnutls-serv during the tests.

Also increase the debug level.

7 years agotests: Minor cleanup of shell scripts.
Simon Ruderich [Thu, 2 Jan 2014 14:57:19 +0000 (15:57 +0100)]
tests: Minor cleanup of shell scripts.

7 years agotests/client.c: Sync with connection.c.
Simon Ruderich [Thu, 2 Jan 2014 14:54:37 +0000 (15:54 +0100)]
tests/client.c: Sync with connection.c.

7 years agoMerge branch 'tlsproxyhelper'
Simon Ruderich [Fri, 27 Dec 2013 16:34:55 +0000 (17:34 +0100)]
Merge branch 'tlsproxyhelper'

7 years agoman/tlsproxy-add.txt: Add warning about hostname matching.
Simon Ruderich [Thu, 12 Dec 2013 13:34:52 +0000 (14:34 +0100)]
man/tlsproxy-add.txt: Add warning about hostname matching.

7 years agoMinor source documentation updates.
Simon Ruderich [Tue, 10 Dec 2013 13:17:11 +0000 (14:17 +0100)]
Minor source documentation updates.

7 years agotlsproxy-setup: Prevent accidental overwrites.
Simon Ruderich [Tue, 10 Dec 2013 13:16:13 +0000 (14:16 +0100)]
tlsproxy-setup: Prevent accidental overwrites.

7 years agoREADME: Describe another issue of -u.
Simon Ruderich [Mon, 9 Dec 2013 20:45:49 +0000 (21:45 +0100)]
README: Describe another issue of -u.

7 years agoNEWS: Minor improvements.
Simon Ruderich [Thu, 19 Sep 2013 01:20:31 +0000 (03:20 +0200)]
NEWS: Minor improvements.

7 years agotests: Test that hostnames must be matched exactly.
Simon Ruderich [Thu, 19 Sep 2013 01:12:07 +0000 (03:12 +0200)]
tests: Test that hostnames must be matched exactly.

7 years agotlsproxyhelper.c: Minor style fix.
Simon Ruderich [Sun, 3 Nov 2013 05:51:47 +0000 (06:51 +0100)]
tlsproxyhelper.c: Minor style fix.

7 years agotlsproxyhelper.c: Split POLLERR and POLLHUP check.
Simon Ruderich [Sun, 3 Nov 2013 05:51:18 +0000 (06:51 +0100)]
tlsproxyhelper.c: Split POLLERR and POLLHUP check.

7 years agotlsproxyhelper.c: Add missing "\n" in error message.
Simon Ruderich [Sun, 3 Nov 2013 05:50:56 +0000 (06:50 +0100)]
tlsproxyhelper.c: Add missing "\n" in error message.

7 years agotlsproxyhelper.c: Add description.
Simon Ruderich [Sat, 10 Aug 2013 14:58:46 +0000 (16:58 +0200)]
tlsproxyhelper.c: Add description.

7 years agoAdd libtlsproxyhelper.so.
Simon Ruderich [Sat, 10 Aug 2013 14:46:20 +0000 (16:46 +0200)]
Add libtlsproxyhelper.so.

libtlsproxyhelper is a simple LD_PRELOAD wrapper for connect() which
uses tlsproxy as proxy for programs which don't support setting a TLS
proxy.

7 years agotlsproxy.c: Use strdup() instead of malloc()/perror().
Simon Ruderich [Sat, 7 Dec 2013 21:34:37 +0000 (22:34 +0100)]
tlsproxy.c: Use strdup() instead of malloc()/perror().

7 years agoFix tests on OpenBSD.
Simon Ruderich [Sat, 7 Dec 2013 21:33:52 +0000 (22:33 +0100)]
Fix tests on OpenBSD.

7 years agoconfigure.ac: Drop -Werror.
Simon Ruderich [Sat, 7 Dec 2013 21:32:11 +0000 (22:32 +0100)]
configure.ac: Drop -Werror.

7 years agoFix compile on OpenBSD.
Simon Ruderich [Sat, 7 Dec 2013 21:31:58 +0000 (22:31 +0100)]
Fix compile on OpenBSD.

7 years agoFix compile on FreeBSD.
Simon Ruderich [Mon, 2 Dec 2013 04:54:00 +0000 (05:54 +0100)]
Fix compile on FreeBSD.

-D_XOPEN_SOURCE=600 is necessary for struct sockaddr_in6.

7 years agoReplace PF_* with AF_*.
Simon Ruderich [Mon, 2 Dec 2013 04:27:06 +0000 (05:27 +0100)]
Replace PF_* with AF_*.

PF_* is no longer specified in POSIX.

7 years agoDon't use AI_V4MAPPED in getaddrinfo().
Simon Ruderich [Mon, 2 Dec 2013 04:25:41 +0000 (05:25 +0100)]
Don't use AI_V4MAPPED in getaddrinfo().

It shouldn't be necessary anymore and fails on FreeBSD 8/9.

7 years agoFix make distcheck on FreeBSD.
Simon Ruderich [Mon, 2 Dec 2013 04:22:10 +0000 (05:22 +0100)]
Fix make distcheck on FreeBSD.

Not sure why this worked on GNU/Linux.

8 years agotests: Rename tlsproxy() and server() to *_background().
Simon Ruderich [Sun, 18 Aug 2013 13:33:57 +0000 (15:33 +0200)]
tests: Rename tlsproxy() and server() to *_background().

8 years agoDisplay priority string when starting with debug level >= 1.
Simon Ruderich [Sun, 18 Aug 2013 12:35:59 +0000 (14:35 +0200)]
Display priority string when starting with debug level >= 1.

8 years agoLog if the server requested a rehandshake.
Simon Ruderich [Sun, 18 Aug 2013 12:34:01 +0000 (14:34 +0200)]
Log if the server requested a rehandshake.

8 years agoAllow rehandshakes for server connections.
Simon Ruderich [Sun, 18 Aug 2013 12:27:14 +0000 (14:27 +0200)]
Allow rehandshakes for server connections.

8 years agoNEWS: Update.
Simon Ruderich [Sun, 18 Aug 2013 12:02:46 +0000 (14:02 +0200)]
NEWS: Update.

8 years agoNEWS: Update.
Simon Ruderich [Sun, 18 Aug 2013 11:50:53 +0000 (13:50 +0200)]
NEWS: Update.

8 years agoCheck return value in tls_send_invalid_cert_message().
Simon Ruderich [Sat, 17 Aug 2013 14:10:31 +0000 (16:10 +0200)]
Check return value in tls_send_invalid_cert_message().

8 years agoUse "SECURE:-SHA1:+SHA1" as GnuTLS priority string.
Simon Ruderich [Wed, 14 Aug 2013 12:18:40 +0000 (14:18 +0200)]
Use "SECURE:-SHA1:+SHA1" as GnuTLS priority string.

8 years agom4/README: Add.
Simon Ruderich [Tue, 13 Aug 2013 08:40:10 +0000 (10:40 +0200)]
m4/README: Add.

8 years agoconfigure.ac: Use AX_PTHREAD to check for pthread.
Simon Ruderich [Tue, 13 Aug 2013 08:32:29 +0000 (10:32 +0200)]
configure.ac: Use AX_PTHREAD to check for pthread.

8 years agoSet GnuTLS priority string with new constant PROXY_TLS_PRIORITIES.
Simon Ruderich [Mon, 12 Aug 2013 13:17:02 +0000 (15:17 +0200)]
Set GnuTLS priority string with new constant PROXY_TLS_PRIORITIES.

Same behaviour, "NORMAL" is still used.

8 years agoUse %zu to print size_t and ssize_t.
Simon Ruderich [Sat, 10 Aug 2013 23:26:47 +0000 (01:26 +0200)]
Use %zu to print size_t and ssize_t.

8 years agoMinor source documentation updates.
Simon Ruderich [Sat, 10 Aug 2013 23:23:50 +0000 (01:23 +0200)]
Minor source documentation updates.

8 years agoAdd missing default to switch in log_session_information().
Simon Ruderich [Sat, 10 Aug 2013 14:56:08 +0000 (16:56 +0200)]
Add missing default to switch in log_session_information().

8 years agoFix padding for line numbers > 1000 in log_message().
Simon Ruderich [Sat, 10 Aug 2013 14:48:15 +0000 (16:48 +0200)]
Fix padding for line numbers > 1000 in log_message().

8 years ago.gitignore: Simplify.
Simon Ruderich [Sat, 10 Aug 2013 14:28:31 +0000 (16:28 +0200)]
.gitignore: Simplify.

8 years agoDisplay TLS session information in level DEBUG2.
Simon Ruderich [Sat, 10 Aug 2013 13:51:39 +0000 (15:51 +0200)]
Display TLS session information in level DEBUG2.

8 years agoRemove unnecessary function calls to free x509 credentials.
Simon Ruderich [Sat, 10 Aug 2013 13:46:49 +0000 (15:46 +0200)]
Remove unnecessary function calls to free x509 credentials.

gnutls_certificate_free_credentials() is enough to free all credentials.

8 years agoman/Makefile.am: Wrap variables.
Simon Ruderich [Sat, 10 Aug 2013 11:02:41 +0000 (13:02 +0200)]
man/Makefile.am: Wrap variables.

8 years agoUse >%s< when logging bad proxy responses.
Simon Ruderich [Sat, 10 Aug 2013 10:59:54 +0000 (12:59 +0200)]
Use >%s< when logging bad proxy responses.

8 years agoFix log level for proxy authentication failure.
Simon Ruderich [Sat, 10 Aug 2013 10:59:20 +0000 (12:59 +0200)]
Fix log level for proxy authentication failure.

8 years agoSplit log level DEBUG1 into DEBUG1 and DEBUG2.
Simon Ruderich [Sat, 10 Aug 2013 10:56:12 +0000 (12:56 +0200)]
Split log level DEBUG1 into DEBUG1 and DEBUG2.

8 years agolog.c: Simplify #ifdef DEBUG in log_message().
Simon Ruderich [Fri, 9 Aug 2013 19:03:33 +0000 (21:03 +0200)]
log.c: Simplify #ifdef DEBUG in log_message().

As we use flockfile() multiple fprintf() don't create a race-condition.

This also prevents a warning with clang which uses a macro for
fprintf(). #ifdefs within macro arguments is not portable.

8 years agoCheck for EOF while reading the HTTP request.
Simon Ruderich [Fri, 9 Aug 2013 18:49:19 +0000 (20:49 +0200)]
Check for EOF while reading the HTTP request.

8 years agotlsproxy-add: Fix minor typo in usage description.
Simon Ruderich [Fri, 9 Aug 2013 18:43:58 +0000 (20:43 +0200)]
tlsproxy-add: Fix minor typo in usage description.

8 years ago.gitignore: Ignore more test files.
Simon Ruderich [Fri, 9 Aug 2013 15:46:51 +0000 (17:46 +0200)]
.gitignore: Ignore more test files.

8 years agoEnsure proxy-ca.pem contains only one CA.
Simon Ruderich [Fri, 9 Aug 2013 15:44:24 +0000 (17:44 +0200)]
Ensure proxy-ca.pem contains only one CA.

8 years agotlsproxy-add,tlsproxy-setup: Check for invalid argument count.
Simon Ruderich [Fri, 9 Aug 2013 16:06:17 +0000 (18:06 +0200)]
tlsproxy-add,tlsproxy-setup: Check for invalid argument count.

8 years agoRename *_SERVER_CERT_FORMAT to *_SERVER_CERT_FILE_FORMAT.
Simon Ruderich [Thu, 8 Aug 2013 20:56:56 +0000 (22:56 +0200)]
Rename *_SERVER_CERT_FORMAT to *_SERVER_CERT_FILE_FORMAT.

8 years agotests/Makefile.am: Enable parallel and colored test runs.
Simon Ruderich [Thu, 8 Aug 2013 20:38:39 +0000 (22:38 +0200)]
tests/Makefile.am: Enable parallel and colored test runs.

Necessary for automake < 1.13.

We can't run the tests in parallel and disable that, but this way all
automake versions behave in the same way.

8 years ago.gitignore: Ignore test files from automakes' new test harness.
Simon Ruderich [Thu, 8 Aug 2013 20:31:11 +0000 (22:31 +0200)]
.gitignore: Ignore test files from automakes' new test harness.

8 years agoman/Makefile.am: Use rm directly without a variable.
Simon Ruderich [Thu, 8 Aug 2013 20:30:50 +0000 (22:30 +0200)]
man/Makefile.am: Use rm directly without a variable.

8 years agoAdd missing cast.
Simon Ruderich [Thu, 8 Aug 2013 20:13:57 +0000 (22:13 +0200)]
Add missing cast.

8 years agoFix flags parameter type of initialize_tls_session_both().
Simon Ruderich [Thu, 8 Aug 2013 20:13:15 +0000 (22:13 +0200)]
Fix flags parameter type of initialize_tls_session_both().

8 years agoMinor documentation update.
Simon Ruderich [Thu, 8 Aug 2013 19:33:18 +0000 (21:33 +0200)]
Minor documentation update.

8 years agoverify.c: Perform additional checks on server certificate.
Simon Ruderich [Thu, 8 Aug 2013 19:32:41 +0000 (21:32 +0200)]
verify.c: Perform additional checks on server certificate.

8 years agoverify.c: Reorder validation checks.
Simon Ruderich [Thu, 8 Aug 2013 19:22:59 +0000 (21:22 +0200)]
verify.c: Reorder validation checks.

8 years agoReduce duplication in initialize_tls_session_both().
Simon Ruderich [Thu, 8 Aug 2013 19:18:39 +0000 (21:18 +0200)]
Reduce duplication in initialize_tls_session_both().

8 years agoCheck library version with gnutls_check_version().
Simon Ruderich [Thu, 8 Aug 2013 19:08:47 +0000 (21:08 +0200)]
Check library version with gnutls_check_version().

8 years agoUse >%s< when logging bad requests.
Simon Ruderich [Thu, 8 Aug 2013 19:07:40 +0000 (21:07 +0200)]
Use >%s< when logging bad requests.

8 years agoRename http_digest_authorization to global_http_digest_authorization.
Simon Ruderich [Thu, 8 Aug 2013 19:07:03 +0000 (21:07 +0200)]
Rename http_digest_authorization to global_http_digest_authorization.

8 years agoAdd missing free(http_digest_authorization).
Simon Ruderich [Thu, 8 Aug 2013 19:05:40 +0000 (21:05 +0200)]
Add missing free(http_digest_authorization).

8 years agoUse pre-generated Diffie-Hellman parameters.
Simon Ruderich [Thu, 8 Aug 2013 19:02:13 +0000 (21:02 +0200)]
Use pre-generated Diffie-Hellman parameters.

This is much faster than generation them on each start and allows us to
use larger parameter sizes.

8 years agoNEWS: Add a few empty lines.
Simon Ruderich [Thu, 8 Aug 2013 18:54:56 +0000 (20:54 +0200)]
NEWS: Add a few empty lines.

8 years ago.gitignore: Add tests/proxy-*.pem.
Simon Ruderich [Thu, 8 Aug 2013 16:46:49 +0000 (18:46 +0200)]
.gitignore: Add tests/proxy-*.pem.

Forgot in de03b92112c497bb5d1d468a240da12ea0605e60.

8 years agotests/Makefile.am: Wrap CLEANFILES list.
Simon Ruderich [Thu, 8 Aug 2013 16:45:13 +0000 (18:45 +0200)]
tests/Makefile.am: Wrap CLEANFILES list.

8 years agotests/common.sh: Don't remove proxy-*.pem after each test.
Simon Ruderich [Thu, 8 Aug 2013 16:42:27 +0000 (18:42 +0200)]
tests/common.sh: Don't remove proxy-*.pem after each test.

Running `tlsproxy-setup` takes quite some time. Don't rerun it on each
test run, just reuse the files from the first run.

8 years agotests/Makefile.am: Add proxy-invalid.pem to CLEANFILES.
Simon Ruderich [Thu, 8 Aug 2013 16:41:28 +0000 (18:41 +0200)]
tests/Makefile.am: Add proxy-invalid.pem to CLEANFILES.

8 years agoRename slurp_file() to slurp_text_file().
Simon Ruderich [Thu, 8 Aug 2013 16:13:34 +0000 (18:13 +0200)]
Rename slurp_file() to slurp_text_file().

It can only handle text files.

8 years agoUse gnutls_transport_set_int() if available.
Simon Ruderich [Thu, 8 Aug 2013 15:48:08 +0000 (17:48 +0200)]
Use gnutls_transport_set_int() if available.

Prevents an unnecessary warning (int to pointer cast).

8 years agoRename *_FILE constants to *_PATH.
Simon Ruderich [Thu, 8 Aug 2013 15:24:49 +0000 (17:24 +0200)]
Rename *_FILE constants to *_PATH.

8 years agoAdd initialize_tls_session_both() to reduce duplication.
Simon Ruderich [Thu, 8 Aug 2013 15:20:58 +0000 (17:20 +0200)]
Add initialize_tls_session_both() to reduce duplication.

8 years agoREADME: Stderr is now used for logging.
Simon Ruderich [Tue, 6 Aug 2013 21:03:47 +0000 (23:03 +0200)]
README: Stderr is now used for logging.

8 years agoAdd basic man pages.
Simon Ruderich [Tue, 6 Aug 2013 21:01:47 +0000 (23:01 +0200)]
Add basic man pages.

8 years agoREADME: Add author and license sections.
Simon Ruderich [Tue, 6 Aug 2013 20:43:52 +0000 (22:43 +0200)]
README: Add author and license sections.

8 years agoNEWS: Update.
Simon Ruderich [Tue, 6 Aug 2013 19:29:47 +0000 (21:29 +0200)]
NEWS: Update.

8 years agoAdd disabled debug functions for GnuTLS.
Simon Ruderich [Tue, 6 Aug 2013 04:16:15 +0000 (06:16 +0200)]
Add disabled debug functions for GnuTLS.

8 years agoFix test-suite for recent gnutls-serv.
Simon Ruderich [Tue, 6 Aug 2013 04:15:47 +0000 (06:15 +0200)]
Fix test-suite for recent gnutls-serv.

8 years agoFix compile with --enable-debug.
Simon Ruderich [Tue, 6 Aug 2013 04:14:48 +0000 (06:14 +0200)]
Fix compile with --enable-debug.

8 years agoFix compile with current GnuTLS versions.
Simon Ruderich [Tue, 6 Aug 2013 02:24:14 +0000 (04:24 +0200)]
Fix compile with current GnuTLS versions.

8 years agoRename DEBUG log level to DEBUG1.
Simon Ruderich [Tue, 6 Aug 2013 02:21:22 +0000 (04:21 +0200)]
Rename DEBUG log level to DEBUG1.

Log level DEBUG conflicts with --enable-debug's DEBUG.

8 years agoReduce calls to LOG() in read_from_write_to() and read_from_write_to_tls().
Simon Ruderich [Sun, 4 Aug 2013 20:41:44 +0000 (22:41 +0200)]
Reduce calls to LOG() in read_from_write_to() and read_from_write_to_tls().

8 years agoFix indentation of LOG() calls.
Simon Ruderich [Sun, 4 Aug 2013 15:52:06 +0000 (17:52 +0200)]
Fix indentation of LOG() calls.

"Broken" in 8b2ed4a58229f9b377f3a4ae74af36c31c5db1c0.

8 years agotests: Wait at most 20 seconds in wait_for_ports().
Simon Ruderich [Wed, 31 Jul 2013 16:19:40 +0000 (18:19 +0200)]
tests: Wait at most 20 seconds in wait_for_ports().

Prevents endless loop if the server failed to start.

8 years agoAdd two assert()s.
Simon Ruderich [Mon, 29 Jul 2013 11:31:39 +0000 (13:31 +0200)]
Add two assert()s.

8 years agotests: Add disabled valgrind command.
Simon Ruderich [Mon, 29 Jul 2013 11:26:47 +0000 (13:26 +0200)]
tests: Add disabled valgrind command.

Makes it easy to run the tests with valgrind.

8 years agotests/client.c: Don't use fdopen(socket, "a+").
Simon Ruderich [Mon, 29 Jul 2013 11:22:01 +0000 (13:22 +0200)]
tests/client.c: Don't use fdopen(socket, "a+").

8 years agoDon't initialize static variables to 0.
Simon Ruderich [Mon, 29 Jul 2013 11:17:02 +0000 (13:17 +0200)]
Don't initialize static variables to 0.

8 years agoUse memset() to zero sigaction struct.
Simon Ruderich [Mon, 29 Jul 2013 11:15:58 +0000 (13:15 +0200)]
Use memset() to zero sigaction struct.

8 years agotests/Makefile.am: Remove unnecessary client_SOURCES.
Simon Ruderich [Mon, 29 Jul 2013 11:14:28 +0000 (13:14 +0200)]
tests/Makefile.am: Remove unnecessary client_SOURCES.

It defaults to $(check_PROGRAMS).c.

8 years agoCheck library functions for success values.
Simon Ruderich [Mon, 29 Jul 2013 11:13:33 +0000 (13:13 +0200)]
Check library functions for success values.

8 years agoAdd basic digest authentication (-a option).
Simon Ruderich [Mon, 29 Jul 2013 11:08:47 +0000 (13:08 +0200)]
Add basic digest authentication (-a option).

8 years agotests: Fix tlsproxy_add() for `make distcheck`.
Simon Ruderich [Mon, 29 Jul 2013 11:01:06 +0000 (13:01 +0200)]
tests: Fix tlsproxy_add() for `make distcheck`.

Running tlsproxy_add() twice with the same hostname failed with `make
distcheck`.