git ssb

MakefileView
		@@ -66,8 +66,10 @@
66	66	./genver.sh >version.h
67	67
68	68	sslh: sslh-fork sslh-select
69	69
	70	+$(OBJS): version.h
	71	+
70	72	sslh-fork: version.h $(OBJS) sslh-fork.o Makefile common.h
71	73	$(CC) $(CFLAGS) $(LDFLAGS) -o sslh-fork sslh-fork.o $(OBJS) $(LIBS)
72	74	#strip sslh-fork
73	75

common.cView
		@@ -36,8 +36,9 @@
36	36	int probing_timeout = 2;
37	37	int inetd = 0;
38	38	int foreground = 0;
39	39	int background = 0;
	40	+int transparent = 0;
40	41	int numeric = 0;
41	42	const char user_name, pid_file;
42	43
43	44	struct addrinfo addr_listen = NULL; / what addresses do we listen to? */
		@@ -46,19 +47,26 @@
46	47	#include <tcpd.h>
47	48	int allow_severity =0, deny_severity = 0;
48	49	#endif
49	50
	51	+typedef enum {
	52	+ CR_DIE,
	53	+ CR_WARN
	54	+} CR_ACTION;
	55	+
50	56	/* check result and die, printing the offending address and error */
51		-void check_res_dumpdie(int res, struct addrinfo addr, char syscall)
	57	+void check_res_dump(CR_ACTION act, int res, struct addrinfo addr, char syscall)
52	58	{
53	59	char buf[NI_MAXHOST];
54	60
55	61	if (res == -1) {
56	62	fprintf(stderr, "%s:%s: %s\n",
57	63	sprintaddr(buf, sizeof(buf), addr),
58	64	syscall,
59	65	strerror(errno));
60		- exit(1);
	66	+
	67	+ if (act == CR_DIE)
	68	+ exit(1);
61	69	}
62	70	}
63	71
64	72	int get_fd_sockets(int *sockfd[])
		@@ -117,30 +125,30 @@
117	125	}
118	126	saddr = (struct sockaddr_storage*)addr->ai_addr;
119	127
120	128	(*sockfd)[i] = socket(saddr->ss_family, SOCK_STREAM, 0);
121		- check_res_dumpdie((*sockfd)[i], addr, "socket");
	129	+ check_res_dump(CR_DIE, (*sockfd)[i], addr, "socket");
122	130
123	131	one = 1;
124	132	res = setsockopt((sockfd)[i], SOL_SOCKET, SO_REUSEADDR, (char)&one, sizeof(one));
125		- check_res_dumpdie(res, addr, "setsockopt(SO_REUSEADDR)");
	133	+ check_res_dump(CR_DIE, res, addr, "setsockopt(SO_REUSEADDR)");
126	134
127	135	if (addr->ai_flags & SO_KEEPALIVE) {
128	136	res = setsockopt((sockfd)[i], SOL_SOCKET, SO_KEEPALIVE, (char)&one, sizeof(one));
129		- check_res_dumpdie(res, addr, "setsockopt(SO_KEEPALIVE)");
	137	+ check_res_dump(CR_DIE, res, addr, "setsockopt(SO_KEEPALIVE)");
130	138	printf("set up keepalive\n");
131	139	}
132	140
133	141	if (IP_FREEBIND) {
134	142	res = setsockopt((sockfd)[i], IPPROTO_IP, IP_FREEBIND, (char)&one, sizeof(one));
135		- check_res_dumpdie(res, addr, "setsockopt(IP_FREEBIND)");
136		- }
	143	+ check_res_dump(CR_WARN, res, addr, "setsockopt(IP_FREEBIND)");
	144	+ }
137	145
138	146	res = bind((*sockfd)[i], addr->ai_addr, addr->ai_addrlen);
139		- check_res_dumpdie(res, addr, "bind");
	147	+ check_res_dump(CR_DIE, res, addr, "bind");
140	148
141	149	res = listen ((*sockfd)[i], 50);
142		- check_res_dumpdie(res, addr, "listen");
	150	+ check_res_dump(CR_DIE, res, addr, "listen");
143	151
144	152	}
145	153
146	154	return num_addr;
		@@ -235,9 +243,9 @@
235	243	CHECK_RES_RETURN(res, "getpeername");
236	244
237	245	for (a = cnx->proto->saddr; a; a = a->ai_next) {
238	246	/* When transparent, make sure both connections use the same address family */
239		- if (cnx->proto->transparent && a->ai_family != from.ai_addr->sa_family)
	247	+ if (transparent && a->ai_family != from.ai_addr->sa_family)
240	248	continue;
241	249	if (verbose)
242	250	fprintf(stderr, "connecting to %s family %d len %d\n",
243	251	sprintaddr(buf, sizeof(buf), a),
		@@ -248,9 +256,9 @@
248	256	if (fd == -1) {
249	257	log_message(LOG_ERR, "forward to %s failed:socket: %s\n",
250	258	cnx->proto->description, strerror(errno));
251	259	} else {
252		- if (cnx->proto->transparent) {
	260	+ if (transparent) {
253	261	res = bind_peer(fd, fd_from);
254	262	CHECK_RES_RETURN(res, "bind_peer");
255	263	}
256	264	res = connect(fd, a->ai_addr, a->ai_addrlen);
		@@ -433,18 +441,33 @@
433	441	}
434	442
435	443	/* Turns a hostname and port (or service) into a list of struct addrinfo
436	444	* returns 0 on success, -1 otherwise and logs error
	445	+ *
	446	+ * *host gets modified
437	447	**/
438		-int resolve_split_name(struct addrinfo *out, const char host, const char* serv)
	448	+int resolve_split_name(struct addrinfo *out, char host, const char* serv)
439	449	{
440	450	struct addrinfo hint;
	451	+ char *end;
441	452	int res;
442	453
443	454	memset(&hint, 0, sizeof(hint));
444	455	hint.ai_family = PF_UNSPEC;
445	456	hint.ai_socktype = SOCK_STREAM;
446	457
	458	+ /* If it is a RFC-Compliant IPv6 address ("[1234::12]:443"), remove brackets
	459	+ * around IP address */
	460	+ if (host[0] == '[') {
	461	+ end = strrchr(host, ']');
	462	+ if (!end) {
	463	+ fprintf(stderr, "%s: no closing bracket in IPv6 address?\n", host);
	464	+ }
	465	+ host++; /* skip first bracket */
	466	+ end = 0; / remove last bracket */
	467	+ }
	468	+
	469	+
447	470	res = getaddrinfo(host, serv, &hint, out);
448	471	if (res)
449	472	log_message(LOG_ERR, "%s `%s:%s'\n", gai_strerror(res), host, serv);
450	473	return res;
		@@ -455,9 +478,9 @@
455	478	fullname: input string -- it gets clobbered
456	479	*/
457	480	void resolve_name(struct addrinfo *out, char fullname)
458	481	{
459		- char serv, host, *end;
	482	+ char serv, host;
460	483	int res;
461	484
462	485	/* Find port */
463	486	char *sep = strrchr(fullname, ':');
		@@ -469,19 +492,8 @@
469	492	*sep = 0;
470	493
471	494	host = fullname;
472	495
473		- /* If it is a RFC-Compliant IPv6 address ("[1234::12]:443"), remove brackets
474		- * around IP address */
475		- if (host[0] == '[') {
476		- end = strrchr(host, ']');
477		- if (!end) {
478		- fprintf(stderr, "%s: no closing bracket in IPv6 address?\n", host);
479		- }
480		- host++; /* skip first bracket */
481		- end = 0; / remove last bracket */
482		- }
483		-
484	496	res = resolve_split_name(out, host, serv);
485	497	if (res) {
486	498	fprintf(stderr, "%s `%s'\n", gai_strerror(res), fullname);
487	499	if (res == EAI_SERVICE)

common.hView
		@@ -105,16 +105,17 @@
105	105	void drop_privileges(const char* user_name);
106	106	void write_pid_file(const char* pidfile);
107	107	void log_message(int type, char* msg, ...);
108	108	void dump_connection(struct connection *cnx);
109		-int resolve_split_name(struct addrinfo *out, const char hostname, const char* port);
	109	+int resolve_split_name(struct addrinfo *out, char hostname, const char* port);
110	110
111	111	int start_listen_sockets(int sockfd[], struct addrinfo addr_list);
112	112
113	113	int defer_write(struct queue q, void data, int data_size);
114	114	int flush_deferred(struct queue *q);
115	115
116		-extern int probing_timeout, verbose, inetd, foreground, background, numeric;
	116	+extern int probing_timeout, verbose, inetd, foreground,
	117	+ background, transparent, numeric;
117	118	extern struct sockaddr_storage addr_ssl, addr_ssh, addr_openvpn;
118	119	extern struct addrinfo *addr_listen;
119	120	extern const char* USAGE_STRING;
120	121	extern const char* user_name, *pid_file;

example.cfgView
		@@ -73,8 +73,11 @@
73	73	# OpenVPN
74	74	{ name: "regex"; host: "localhost"; port: "1194"; regex_patterns: [ "^\x00[\x0D-\xFF]$", "^\x00[\x0D-\xFF]\x38" ]; },
75	75	# Jabber
76	76	{ name: "regex"; host: "localhost"; port: "5222"; regex_patterns: [ "jabber" ]; },
	77	+
	78	+# Let's Encrypt (tls-sni-* challenges)
	79	+ { name: "tls"; host: "localhost"; port: "letsencrypt-client"; sni_hostnames: [ "..acme.invalid" ]; log_level: 0;},
77	80
78	81	# Catch-all
79	82	{ name: "regex"; host: "localhost"; port: "443"; regex_patterns: [ "" ]; },
80	83

probe.cView
		@@ -44,18 +44,18 @@
44	44
45	45	/* Table of protocols that have a built-in probe
46	46	*/
47	47	static struct proto builtins[] = {
48		- /* description service saddr log_level keepalive transparent probe */
49		- { "ssh", "sshd", NULL, 1, 0, 0, is_ssh_protocol},
50		- { "openvpn", NULL, NULL, 1, 0, 0, is_openvpn_protocol },
51		- { "tinc", NULL, NULL, 1, 0, 0, is_tinc_protocol },
52		- { "xmpp", NULL, NULL, 1, 0, 0, is_xmpp_protocol },
53		- { "http", NULL, NULL, 1, 0, 0, is_http_protocol },
54		- { "ssl", NULL, NULL, 1, 0, 0, is_tls_protocol },
55		- { "tls", NULL, NULL, 1, 0, 0, is_tls_protocol },
56		- { "adb", NULL, NULL, 1, 0, 0, is_adb_protocol },
57		- { "anyprot", NULL, NULL, 1, 0, 0, is_true }
	48	+ /* description service saddr log_level keepalive probe */
	49	+ { "ssh", "sshd", NULL, 1, 0, is_ssh_protocol},
	50	+ { "openvpn", NULL, NULL, 1, 0, is_openvpn_protocol },
	51	+ { "tinc", NULL, NULL, 1, 0, is_tinc_protocol },
	52	+ { "xmpp", NULL, NULL, 1, 0, is_xmpp_protocol },
	53	+ { "http", NULL, NULL, 1, 0, is_http_protocol },
	54	+ { "ssl", NULL, NULL, 1, 0, is_tls_protocol },
	55	+ { "tls", NULL, NULL, 1, 0, is_tls_protocol },
	56	+ { "adb", NULL, NULL, 1, 0, is_adb_protocol },
	57	+ { "anyprot", NULL, NULL, 1, 0, is_true }
58	58	};
59	59
60	60	static struct proto *protocols;
61	61	static char* on_timeout = "ssh";

probe.hView
		@@ -23,9 +23,8 @@
23	23	int log_level; /* 0: No logging of connection
24	24	* 1: Log incoming connection
25	25	*/
26	26	int keepalive; /* 0: No keepalive ; 1: Set Keepalive for this connection */
27		- int transparent; /* 0: opaque proxy ; 1: transparent proxy */
28	27
29	28	/* function to probe that protocol; parameters are buffer and length
30	29	* containing the data to probe, and a pointer to the protocol structure */
31	30	T_PROBE* probe;

sslh-main.cView
		@@ -60,16 +60,13 @@
60	60
61	61	/* Constants for options that have no one-character shorthand */
62	62	#define OPT_ONTIMEOUT 257
63	63
64		-/* Global setting for transparent proxying */
65		-int g_transparent = 0;
66		-
67	64	static struct option const_options[] = {
68	65	{ "inetd", no_argument, &inetd, 1 },
69	66	{ "foreground", no_argument, &foreground, 1 },
70	67	{ "background", no_argument, &background, 1 },
71		- { "transparent", no_argument, &g_transparent, 1 },
	68	+ { "transparent", no_argument, &transparent, 1 },
72	69	{ "numeric", no_argument, &numeric, 1 },
73	70	{ "verbose", no_argument, &verbose, 1 },
74	71	{ "user", required_argument, 0, 'u' },
75	72	{ "config", optional_argument, 0, 'F' },
		@@ -125,18 +122,16 @@
125	122	struct proto *p;
126	123
127	124	for (p = get_first_protocol(); p; p = p->next) {
128	125	fprintf(stderr,
129		- "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s%s]\n",
	126	+ "%s addr: %s. libwrap service: %s log_level: %d family %d %d [%s]\n",
130	127	p->description,
131	128	sprintaddr(buf, sizeof(buf), p->saddr),
132	129	p->service,
133	130	p->log_level,
134	131	p->saddr->ai_family,
135	132	p->saddr->ai_addr->sa_family,
136		- p->keepalive ? "keepalive " : "",
137		- p->transparent ? "transparent" : ""
138		- );
	133	+ p->keepalive ? "keepalive" : "");
139	134	}
140	135	fprintf(stderr, "listening on:\n");
141	136	for (a = addr_listen; a; a = a->ai_next) {
142	137	fprintf(stderr,
		@@ -311,9 +306,8 @@
311	306	)) {
312	307	p->description = name;
313	308	config_setting_lookup_string(prot, "service", &(p->service));
314	309	config_setting_lookup_bool(prot, "keepalive", &p->keepalive);
315		- config_setting_lookup_bool(prot, "transparent", &p->transparent);
316	310
317	311	if (config_setting_lookup_int(prot, "log_level", &p->log_level) == CONFIG_FALSE) {
318	312	p->log_level = 1;
319	313	}
		@@ -381,9 +375,9 @@
381	375	config_lookup_bool(&config, "verbose", &verbose);
382	376	config_lookup_bool(&config, "inetd", &inetd);
383	377	config_lookup_bool(&config, "foreground", &foreground);
384	378	config_lookup_bool(&config, "numeric", &numeric);
385		- config_lookup_bool(&config, "transparent", &g_transparent);
	379	+ config_lookup_bool(&config, "transparent", &transparent);
386	380
387	381	if (config_lookup_int(&config, "timeout", (int *)&timeout) == CONFIG_TRUE) {
388	382	probing_timeout = timeout;
389	383	}

systemd-sslh-generator.cView
		@@ -4,11 +4,10 @@
4	4	#include <stdlib.h>
5	5
6	6
7	7	static char* resolve_listen(const char hostname, const char port) {
8		-
9		-/* Need room in the strcat for \0 and :
10		- * the format in the socket unit file is hostname:port */
	8	+ /* Need room in the strcat for \0 and :
	9	+ * the format in the socket unit file is hostname:port */
11	10	char conn = (char)malloc(strlen(hostname)+strlen(port)+2);
12	11	strcpy(conn, hostname);
13	12	strcat(conn, ":");
14	13	strcat(conn, port);
		@@ -17,137 +16,131 @@
17	16
18	17	}
19	18
20	19
21		-static int get_listen_from_conf(const char filename, char *listen) {
	20	+static int get_listen_from_conf(const char filename, char *listen[]) {
	21	+ config_t config;
	22	+ config_setting_t setting, addr;
	23	+ const char hostname, port;
	24	+ int len = 0;
22	25
23		- config_t config;
24		- config_setting_t setting, addr;
25		- const char hostname, port;
26		- int len = 0;
27		-
28		-/* look up the listen stanzas in the config file so these
29		- * can be used in the socket file generated */
30		-
31		- config_init(&config);
32		- if (config_read_file(&config, filename) == CONFIG_FALSE) {
33		- /* we don't care if file is missing, skip it */
34		- if (config_error_line(&config) != 0) {
35		- fprintf(stderr, "%s:%d:%s\n",
36		- filename,
37		- config_error_line(&config),
38		- config_error_text(&config));
39		- return -1;
40		- }
41		- } else {
42		- setting = config_lookup(&config, "listen");
43		- if (setting) {
44		- len = config_setting_length(setting);
45		- for (int i = 0; i < len; i++) {
46		- addr = config_setting_get_elem(setting, i);
47		- if (! (config_setting_lookup_string(addr, "host", &hostname) &&
48		- config_setting_lookup_string(addr, "port", &port))) {
49		- fprintf(stderr,
50		- "line %d:Incomplete specification (hostname and port required)\n",
51		- config_setting_source_line(addr));
	26	+ /* look up the listen stanzas in the config file so these
	27	+ * can be used in the socket file generated */
	28	+ config_init(&config);
	29	+ if (config_read_file(&config, filename) == CONFIG_FALSE) {
	30	+ /* we don't care if file is missing, skip it */
	31	+ if (config_error_line(&config) != 0) {
	32	+ fprintf(stderr, "%s:%d:%s\n",
	33	+ filename,
	34	+ config_error_line(&config),
	35	+ config_error_text(&config));
52	36	return -1;
53		- } else {
54		-
55		- listen[i] = malloc(strlen(resolve_listen(hostname, port)));
56		- strcpy(listen[i], resolve_listen(hostname, port));
57	37	}
58		- }
	38	+ } else {
	39	+ setting = config_lookup(&config, "listen");
	40	+ if (setting) {
	41	+ len = config_setting_length(setting);
	42	+ listen = malloc(len sizeof(**listen));
	43	+ for (int i = 0; i < len; i++) {
	44	+ addr = config_setting_get_elem(setting, i);
	45	+ if (! (config_setting_lookup_string(addr, "host", &hostname) &&
	46	+ config_setting_lookup_string(addr, "port", &port))) {
	47	+ fprintf(stderr,
	48	+ "line %d:Incomplete specification (hostname and port required)\n",
	49	+ config_setting_source_line(addr));
	50	+ return -1;
	51	+ } else {
	52	+ (*listen)[i] = malloc(strlen(resolve_listen(hostname, port)));
	53	+ strcpy((*listen)[i], resolve_listen(hostname, port));
	54	+ }
	55	+ }
	56	+ }
59	57	}
60		- }
61	58
62		- return len;
	59	+ return len;
63	60
64	61	}
65	62
66		-static int write_socket_unit(FILE socket, char listen, int num_addr, const char source) {
	63	+static int write_socket_unit(FILE socket, char listen[], int num_addr, const char *source) {
67	64
68		- fprintf(socket,
69		- "# Automatically generated by systemd-sslh-generator\n\n"
70		- "[Unit]\n"
71		- "Before=sslh.service\n"
72		- "SourcePath=%s\n"
73		- "Documentation=man:sslh(8) man:systemd-sslh-generator(8)\n\n"
74		- "[Socket]\n"
75		- "FreeBind=true\n",
76		- source);
	65	+ fprintf(socket,
	66	+ "# Automatically generated by systemd-sslh-generator\n\n"
	67	+ "[Unit]\n"
	68	+ "Before=sslh.service\n"
	69	+ "SourcePath=%s\n"
	70	+ "Documentation=man:sslh(8) man:systemd-sslh-generator(8)\n\n"
	71	+ "[Socket]\n"
	72	+ "FreeBind=true\n",
	73	+ source);
77	74
78		- for (int i = 0; i < num_addr; i++) {
79		- fprintf(socket, "ListenStream=%s\n", listen[i]);
80		- }
	75	+ for (int i = 0; i < num_addr; i++) {
	76	+ fprintf(socket, "ListenStream=%s\n", listen[i]);
	77	+ }
81	78
82		-return 0;
	79	+ return 0;
83	80	}
84	81
85	82	static int gen_sslh_config(char *runtime_unit_dir) {
	83	+ char *sslh_conf;
	84	+ int num_addr;
	85	+ FILE *config;
	86	+ char **listen;
	87	+ FILE *runtime_conf_fd = stdout;
	88	+ const char *unit_file;
86	89
87		- char *sslh_conf;
88		- int num_addr;
89		- FILE *config;
90		- char **listen;
91		- FILE *runtime_conf_fd = stdout;
92		- const char *unit_file;
	90	+ /* There are two default locations so check both with first given preference */
	91	+ sslh_conf = "/etc/sslh.cfg";
93	92
94		-/* There are two default locations so check both with first given preference */
95		- sslh_conf = "/etc/sslh.cfg";
96		-
97		- config = fopen(sslh_conf, "r");
98		- if (config == NULL) {
99		- sslh_conf="/etc/sslh/sslh.cfg";
100		- config = fopen(sslh_conf, "r");
101		- if (config == NULL) {
102		- return -1;
	93	+ config = fopen(sslh_conf, "r");
	94	+ if (config == NULL) {
	95	+ sslh_conf="/etc/sslh/sslh.cfg";
	96	+ config = fopen(sslh_conf, "r");
	97	+ if (config == NULL) {
	98	+ return -1;
	99	+ }
103	100	}
104		- }
105	101
106		- fclose(config);
	102	+ fclose(config);
107	103
	104	+ num_addr = get_listen_from_conf(sslh_conf, &listen);
	105	+ if (num_addr < 0)
	106	+ return -1;
108	107
109		- num_addr = get_listen_from_conf(sslh_conf, listen);
110		- if (num_addr < 0)
111		- return -1;
	108	+ /* If this is run by systemd directly write to the location told to
	109	+ * otherwise write to standard out so that it's trivial to check what
	110	+ * will be written */
	111	+ if (runtime_unit_dir != "") {
	112	+ unit_file = "/sslh.socket";
	113	+ size_t uf_len = strlen(unit_file);
	114	+ size_t runtime_len = strlen(runtime_unit_dir) + uf_len + 1;
	115	+ char *runtime_conf = malloc(runtime_len);
	116	+ strcpy(runtime_conf, runtime_unit_dir);
	117	+ strcat(runtime_conf, unit_file);
	118	+ runtime_conf_fd = fopen(runtime_conf, "w");
	119	+ }
112	120
113		-/* If this is run by systemd directly write to the location told to
114		- * otherwise write to standard out so that it's trivial to check what
115		- * will be written */
116		- if (runtime_unit_dir != "") {
117		- unit_file = "/sslh.socket";
118		- size_t uf_len = strlen(unit_file);
119		- size_t runtime_len = strlen(runtime_unit_dir) + uf_len + 1;
120		- char *runtime_conf = malloc(runtime_len);
121		- strcpy(runtime_conf, runtime_unit_dir);
122		- strcat(runtime_conf, unit_file);
123		- runtime_conf_fd = fopen(runtime_conf, "w");
124		- }
125	121
	122	+ return write_socket_unit(runtime_conf_fd, listen, num_addr, sslh_conf);
	123	+}
126	124
127		- return write_socket_unit(runtime_conf_fd, listen, num_addr, sslh_conf);
128	125
129		-}
130		-
131	126	int main(int argc, char *argv[]){
	127	+ int r = 0;
	128	+ int k;
	129	+ char *runtime_unit_dest = "";
132	130
133		- int r = 0;
134		- int k;
135		- char *runtime_unit_dest = "";
	131	+ if (argc > 1 && (argc != 4) ) {
	132	+ printf("This program takes three or no arguments.\n");
	133	+ return -1;
	134	+ }
136	135
137		- if (argc > 1 && (argc != 4) ) {
138		- printf("This program takes three or no arguments.\n");
139		- return -1;
140		- }
	136	+ if (argc > 1)
	137	+ runtime_unit_dest = argv[1];
141	138
142		- if (argc > 1)
143		- runtime_unit_dest = argv[1];
	139	+ k = gen_sslh_config(runtime_unit_dest);
	140	+ if (k < 0)
	141	+ r = k;
144	142
145		- k = gen_sslh_config(runtime_unit_dest);
146		- if (k < 0)
147		- r = k;
148		-
149		- return r < 0 ? -1 : 0;
150		-
	143	+ return r < 0 ? -1 : 0;
151	144	}
152	145
153	146

tls.cView
		@@ -29,8 +29,9 @@
29	29	* TLS handshake and RFC4366.
30	30	*/
31	31	#include <stdio.h>
32	32	#include <stdlib.h> /* malloc() */
	33	+#include <fnmatch.h> /* fnmatch() */
33	34	#include "tls.h"
34	35
35	36	#define TLS_HEADER_LEN 5
36	37	#define TLS_HANDSHAKE_CONTENT_TYPE 0x16
		@@ -289,9 +290,9 @@
289	290	char **item;
290	291
291	292	for (item = list; *item; item++) {
292	293	if (verbose) fprintf(stderr, "matching [%.s] with [%s]\n", (int)name_len, name, item);
293		- if(!strncmp(*item, name, name_len)) {
	294	+ if(!fnmatch(*item, name, 0)) {
294	295	return 1;
295	296	}
296	297	}
297	298	return 0;

cel / sslh

Commit 21f524f71165538dcde9f8de32b9f69385ba0c87

Add support for wildcard ALPN/SNI values

Files changed

Makefile	changed
common.c	changed
common.h	changed
example.cfg	changed
probe.c	changed
probe.h	changed
sslh-main.c	changed
systemd-sslh-generator.c	changed
tls.c	changed