update to sslsplit-0.5.3
remove libressl patch no longer needed
This commit is contained in:
parent
7e02a6b211
commit
7fe229f663
@ -1,8 +1,8 @@
|
||||
# $OpenBSD: Makefile,v 1.13 2018/02/14 18:06:29 sthen Exp $
|
||||
# $OpenBSD: Makefile,v 1.14 2018/08/28 21:44:48 sthen Exp $
|
||||
|
||||
COMMENT= transparent and scalable SSL/TLS interception
|
||||
|
||||
DISTNAME= sslsplit-0.5.2
|
||||
DISTNAME= sslsplit-0.5.3
|
||||
EXTRACT_SUFX= .tar.bz2
|
||||
|
||||
CATEGORIES= security
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (sslsplit-0.5.2.tar.bz2) = 8yx/12CkW7UhrbjZbIGRc/yu0ZZL8RTmZvzXz3/wQ6g=
|
||||
SIZE (sslsplit-0.5.2.tar.bz2) = 453797
|
||||
SHA256 (sslsplit-0.5.3.tar.bz2) = bEy8Qs1/sCP+11uCpDbYwcS+rrMXou9BwAQDaE4Ihd0=
|
||||
SIZE (sslsplit-0.5.3.tar.bz2) = 457248
|
||||
|
@ -1,45 +0,0 @@
|
||||
$OpenBSD: patch-ssl_c,v 1.8 2018/02/14 18:06:29 sthen Exp $
|
||||
|
||||
- Don't print "connect/accept socket", ssl->type is also internal-only
|
||||
but doesn't have an accessor. This is currently only used in a debug
|
||||
printf anyway.
|
||||
|
||||
Index: ssl.c
|
||||
--- ssl.c.orig
|
||||
+++ ssl.c
|
||||
@@ -89,7 +89,7 @@ ssl_ssl_cert_get(SSL *s)
|
||||
}
|
||||
#endif /* OpenSSL 0.9.8y, 1.0.0k or 1.0.1e */
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
int
|
||||
DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
|
||||
{
|
||||
@@ -533,7 +533,7 @@ ssl_ssl_state_to_str(SSL *ssl)
|
||||
SSL_get_state(ssl) & SSL_ST_MASK,
|
||||
SSL_state_string(ssl),
|
||||
SSL_state_string_long(ssl),
|
||||
- SSL_is_server(ssl) ? "accept socket" : "connect socket");
|
||||
+ "");
|
||||
|
||||
return (rv < 0) ? NULL : str;
|
||||
}
|
||||
@@ -553,7 +553,7 @@ ssl_ssl_masterkey_to_str(SSL *ssl)
|
||||
char *str = NULL;
|
||||
int rv;
|
||||
unsigned char *k, *r;
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && ! defined(LIBRESSL_VERSION_NUMBER)
|
||||
unsigned char kbuf[48], rbuf[32];
|
||||
k = &kbuf[0];
|
||||
r = &rbuf[0];
|
||||
@@ -1434,7 +1434,7 @@ ssl_dh_refcount_inc(DH *dh)
|
||||
void
|
||||
ssl_key_refcount_inc(EVP_PKEY *key)
|
||||
{
|
||||
-#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if defined(OPENSSL_THREADS) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
|
||||
CRYPTO_add(&key->references, 1, CRYPTO_LOCK_EVP_PKEY);
|
||||
#else /* !OPENSSL_THREADS */
|
||||
EVP_PKEY_up_ref(key);
|
@ -1,8 +1,8 @@
|
||||
$OpenBSD: patch-sslsplit_1,v 1.6 2018/02/14 18:06:29 sthen Exp $
|
||||
$OpenBSD: patch-sslsplit_1,v 1.7 2018/08/28 21:44:48 sthen Exp $
|
||||
Index: sslsplit.1
|
||||
--- sslsplit.1.orig
|
||||
+++ sslsplit.1
|
||||
@@ -318,7 +318,7 @@ Drop privileges after opening sockets and files by set
|
||||
@@ -326,7 +326,7 @@ Drop privileges after opening sockets and files by set
|
||||
effective and stored user IDs to \fIuser\fP and loading the appropriate
|
||||
primary and ancillary groups. If \fB-u\fP is not given, SSLsplit will drop
|
||||
privileges to the stored UID if EUID != UID (setuid bit scenario), or to
|
||||
@ -11,7 +11,7 @@ Index: sslsplit.1
|
||||
Due to an Apple bug, \fB-u\fP cannot be used with \fBpf\fP proxyspecs on
|
||||
Mac OS X.
|
||||
.TP
|
||||
@@ -530,6 +530,19 @@ First in IPFW, then in pf \fBdivert-to\fP syntax:
|
||||
@@ -538,6 +538,19 @@ First in IPFW, then in pf \fBdivert-to\fP syntax:
|
||||
\fBipfw add fwd ::1,10443 tcp from 2001:db8::/64 to any 443\fP
|
||||
\fBipfw add fwd 127.0.0.1,10080 tcp from 192.0.2.0/24 to any 80\fP
|
||||
\fBipfw add fwd 127.0.0.1,10443 tcp from 192.0.2.0/24 to any 443\fP
|
||||
|
Loading…
Reference in New Issue
Block a user