Releases: sonertari/SSLproxy
Releases · sonertari/SSLproxy
SSLproxy 0.9.10
Contributors
5u623l20
Assets 2
SSLproxy 0.9.9
- Fix fd leak, do not setup dst again in autossl, issue #88 reported by @victorjulien
- Fix memory leak in config load, reported by valgrind
- Disable r/w cbs and clear all cbs before all bufferevent_free() calls
- Also, disable the events first, then clear the callbacks, for conventional pattern
- Check fd usage before content logging, issue #88 reported by @victorjulien
- This change is expected to prevent sslproxy to crash if it runs out of fds while content logging
- Make sure the other conn end not closed before using it
- Increase sizes of bufs used in ClientHello parsing as a defensive measure against modern TLS handshake sizes, suggested by @dpward
- Use unused retvals from functions in autossl
- Remove unused return value
- Fix recursive expansion in main.mk, thanks to @dpward
- Improve error handling and memory leak prevention in filter.c, for correctness, suggested and mostly implemented by Copilot
- Simplify platform check in main.mk for UserAuth feature
- Print version after unit tests in GitHub Actions
Contributors
dpward and victorjulien
Assets 2
SSLproxy 0.9.8
- Force SSL/TLS configuration in SSL proxyspecs
SSL proxyspecs should always have a complete SSL/TLS configuration, even if their filter rules have complete SSL/TLS configuration, because it is very difficult, if not impossible, to check the coverage of filter rules to make sure we have complete SSL/TLS configuration if no filter rule matches, in which case sslproxy may crash - Fix crash if no global ca crt/key specified, issue #80 reported by @pranavbhalerao
- Fix ClientHello parser for TLS 1.3, issue #84 reported by @GhostNaix
- Fix unit tests on arm64 macOS, issue #81 reported by @jmayer
- Suppress deprecation warnings for engines in unit tests with OpenSSL 3.x
Contributors
jmayer, GhostNaix, and pranavbhalerao
Assets 2
SSLproxy 0.9.7
- Fix deprecation warnings with OpenSSL 3.x for
- DH_free()
- DH config
- ECDH config
- RSA functions
- Engines
- Remove unused ssl_dh_refcount_inc()
- Fix memleak, develop proto_free functions for pop3 and smtp, fixes issue #72 reported by @applehxb
- Fix possible memleak and use after free for srchost_clean
- Use strdup instead of strlen+malloc+memcpy in sys_sockaddr_str(), thanks to @disaykin
- Use CLOCK_REALTIME to fix pcap timestamp, issue #78 thanks to @mdulaney
Contributors
disaykin, mdulaney, and applehxb
Assets 2
SSLproxy 0.9.6
Contributors
disaykin
Assets 2
SSLproxy 0.9.5
- Fix possible double free of host and serv variables, thanks to @disaykin
- Fix possible integer overflow, thanks to @disaykin
- Close fds only once, thanks to @disaykin
- Fix memory leak, thanks to @disaykin
- Handle ftell error, thanks to @disaykin
- Fix mismatched call arguments, thanks to @disaykin
- Fix memory leak in case of cert key mismatch, thanks to @disaykin
- Fix file descriptor leak, thanks to @disaykin
- Handle partial write, thanks to @disaykin
- Handle return value of gmtime(), thanks to @disaykin
- Fix double free bugs, thanks to @disaykin
- Bugs found by Svace static analyzer
- Fix possible segfault in proto smtp in split mode
- Fix retval of privsep_server_opensock_verify(), thanks to @Qbog
- Fix header-size calculation in IPv6 packet mirroring, thanks to @matoro
- Fix e2e tests with openssl 3
- Replace deprecated fail_unless() with ck_assert_msg() in unit tests
Contributors
disaykin, matoro, and Qbog
Assets 2
SSLproxy 0.9.4
- Fix byte order for ports in mirror trafic, thanks to @piolug93.
- Fix unit tests with opaque x509 struct.
- Update testproxy version to 0.0.5.
- Fix warning for array subscript outside array bounds in function declaration.
Contributors
piolug93
Assets 2
SSLproxy 0.9.3
- Implement a generic upgrade mechanism with autossl, without STARTTLS.
- Refactor and improve autossl and split mode.
- Fix watermarking for underlying buffers in autossl.
- Fix macOS header selection, update XNU headers for macOS, and re-enable osx on Travis CI.
- Fix the natengine option passed in proxyspecs on command line.
- Fix enabling of pcap and mirror logging.
- Fix build errors with OpenSSL 3.x.
SSLproxy 0.9.2
- Update with the license change of the Aho Corasick library to the LGPL.
- Migrate to travis-ci.com.
- Various fixes and improvements.
SSLproxy 0.9.1
-
Add structured filtering rules:
FilterRule { Action (Divert|Split|Pass|Block|Match) # From User (username[*]|$macro|*) # inline Desc (desc[*]|$macro|*) # comments SrcIp (clientip[*]|$macro|*) # allowed # To SNI (servername[*]|$macro|*) CN (commonname[*]|$macro|*) Host (host[*]|$macro|*) URI (uri[*]|$macro|*) DstIp (serverip[*]|$macro|*) DstPort (serverport[*]|$macro|*) # Multiple Log lines allowed Log ([!]connect|[!]master|[!]cert|[!]content|[!]pcap|[!]mirror|$macro|[!]*) ReconnectSSL (yes|no) # Connection options DenyOCSP (yes|no) Passthrough (yes|no) CACert ca.crt CAKey ca.key ClientCert client.crt ClientKey client.key CAChain chain.crt LeafCRLURL http://example.com/example.crl DHGroupParams dh.pem ECDHCurve prime256v1 SSLCompression (yes|no) ForceSSLProto (ssl2|ssl3|tls10|tls11|tls12|tls13) DisableSSLProto (ssl2|ssl3|tls10|tls11|tls12|tls13) EnableSSLProto (ssl2|ssl3|tls10|tls11|tls12|tls13) MinSSLProto (ssl2|ssl3|tls10|tls11|tls12|tls13) MaxSSLProto (ssl2|ssl3|tls10|tls11|tls12|tls13) Ciphers MEDIUM:HIGH CipherSuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 RemoveHTTPAcceptEncoding (yes|no) RemoveHTTPReferer (yes|no) VerifyPeer (yes|no) AllowWrongHost (yes|no) UserAuth (yes|no) UserTimeout 300 UserAuthURL https://192.168.0.1/userdblogin.php ValidateProto (yes|no) MaxHTTPHeaderSize 8192 }Structured filtering rules can be used to specify all possible connection
options to be selectively applied to matching connections, not just
per-proxyspec or globally. One line filtering rules cannot specify
connection options. -
Add -B EnableSSLProto config option.