mirror of
https://github.com/moparisthebest/sslh
synced 2024-11-21 16:45:03 -05:00
f842e2e081
Corrected OpenVPN probe to support pre-shared secret mode (OpenVPN port-sharing code is... wrong). Thanks to Kai Ellinger for help in investigating and testing. Added an actual TLS/SSL probe. Added configurable --on-timeout protocol specification. Added a --anyprot protocol probe (equivalent to what --ssl was). Makefile respects the user's compiler and CFLAG choices (falling back to the current values if undefined), as well as LDFLAGS. (Michael Palimaka) Added "After" and "KillMode" to systemd.sslh.service (Thomas Weißschuh). Added LSB tags to etc.init.d.sslh (Thomas Varis).
221 lines
5.6 KiB
Plaintext
221 lines
5.6 KiB
Plaintext
v1.14: 21DEC2012
|
|
Corrected OpenVPN probe to support pre-shared secret
|
|
mode (OpenVPN port-sharing code is... wrong). Thanks
|
|
to Kai Ellinger for help in investigating and
|
|
testing.
|
|
|
|
Added an actual TLS/SSL probe.
|
|
|
|
Added configurable --on-timeout protocol
|
|
specification.
|
|
|
|
Added a --anyprot protocol probe (equivalent to what
|
|
--ssl was).
|
|
|
|
Makefile respects the user's compiler and CFLAG
|
|
choices (falling back to the current values if
|
|
undefined), as well as LDFLAGS.
|
|
(Michael Palimaka)
|
|
|
|
Added "After" and "KillMode" to systemd.sslh.service
|
|
(Thomas Weißschuh).
|
|
|
|
Added LSB tags to etc.init.d.sslh
|
|
(Thomas Varis).
|
|
|
|
v1.13: 18MAY2012
|
|
Write PID file before dropping privileges.
|
|
|
|
Added --background, which overrides 'foreground'
|
|
configuration file setting.
|
|
|
|
Added example systemd service file from Archlinux in
|
|
scripts/
|
|
https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh
|
|
(Sébastien Luttringer)
|
|
|
|
v1.12: 08MAY2012
|
|
Added support for configuration file.
|
|
|
|
New protocol probes can be defined using regular
|
|
expressions that match the first packet sent by the
|
|
client.
|
|
|
|
sslh now connects timed out connections to the first
|
|
configured protocol instead of 'ssh' (just make sure
|
|
ssh is the first defined protocol).
|
|
|
|
sslh now tries protocols in the order in which they
|
|
are defined (just make sure sslh is the last defined
|
|
protocol).
|
|
|
|
v1.11: 21APR2012
|
|
WARNING: defaults have been removed for --user and
|
|
--pidfile options, update your start-up scripts!
|
|
|
|
No longer stop sslh when reverse DNS requests fail
|
|
for logging.
|
|
|
|
Added HTTP probe.
|
|
|
|
No longer create new session if running in
|
|
foreground.
|
|
|
|
No longer default to changing user to 'nobody'. If
|
|
--user isn't specified, just run as current user.
|
|
|
|
No longer create PID file by default, it should be
|
|
explicitely set with --pidfile.
|
|
|
|
No longer log to syslog if in foreground. Logs are
|
|
instead output to stderr.
|
|
|
|
The four changes above make it straightforward to
|
|
integrate sslh with systemd, and should help with
|
|
launchd.
|
|
|
|
v1.10: 27NOV2011
|
|
Fixed calls referring to sockaddr length so they work
|
|
with FreeBSD.
|
|
|
|
Try target addresses in turn until one works if
|
|
there are several (e.g. "localhost:22" resolves to
|
|
an IPv6 address and an IPv4 address and sshd does
|
|
not listen on IPv6).
|
|
|
|
Fixed sslh-fork so killing the head process kills
|
|
the listener processes.
|
|
|
|
Heavily cleaned up test suite. Added stress test
|
|
t_load script. Added coverage (requires lcov).
|
|
|
|
Support for XMPP (Arnaud Gendre).
|
|
|
|
Updated README.MacOSX (Aaron Madlon-Kay).
|
|
|
|
v1.9: 02AUG2011
|
|
WARNING: This version does not work with FreeBSD and
|
|
derivatives!
|
|
|
|
WARNING: Options changed, you'll need to update your
|
|
start-up scripts! Log format changed, you'll need to
|
|
update log processing scripts!
|
|
|
|
Now supports IPv6 throughout (both on listening and
|
|
forwarding)
|
|
|
|
Logs now contain IPv6 addresses, local forwarding
|
|
address, and resolves names (unless --numeric is
|
|
specified).
|
|
|
|
Introduced long options.
|
|
|
|
Options -l, -s and -o replaced by their long
|
|
counterparts.
|
|
|
|
Defaults for SSL and SSH options suppressed (it's
|
|
legitimate to want to use sslh to mux OpenVPN and
|
|
tinc while not caring about SSH nor SSL).
|
|
|
|
Bind to multiple addresses with multiple -p options.
|
|
|
|
Support for tinc VPN (experimental).
|
|
|
|
Numeric logging option.
|
|
|
|
v1.8: 15JUL2011
|
|
Changed log format to make it possible to link
|
|
connections to subsequent logs from other services.
|
|
|
|
Updated CentOS init.d script (Andre Krajnik).
|
|
|
|
Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
|
|
propagated to the child process, so we set up signals after
|
|
the fork.) (François FRITZ)
|
|
|
|
Added -o "OpenVPN" and OpenVPN probing and support.
|
|
|
|
Added single-threaded, select(2)-based version.
|
|
|
|
Added support for "Bold" SSH clients (clients that speak first)
|
|
Thanks to Guillaume Ricaud for spotting a regression
|
|
bug.
|
|
|
|
Added -f "foreground" option.
|
|
|
|
Added test suite. (only tests connexions. No test for libwrap,
|
|
setsid, setuid and so on) and corresponding 'make
|
|
test' target.
|
|
|
|
Added README.MacOSX (thanks Aaron Madlon-Kay)
|
|
|
|
Documented use with proxytunnel and corkscrew in
|
|
README.
|
|
|
|
|
|
v1.7: 01FEB2010
|
|
Added CentOS init.d script (Andre Krajnik).
|
|
|
|
Fixed default ssl address inconsistancy, now
|
|
defaults to "localhost:443" and fixed documentation
|
|
accordingly (pointed by Markus Schalke).
|
|
|
|
Children no longer bind to the listen socket, so
|
|
parent server can be stopped without killing an
|
|
active child (pointed by Matthias Buecher).
|
|
|
|
Inetd support (Dima Barsky).
|
|
|
|
v1.6: 25APR2009
|
|
Added -V, version option.
|
|
|
|
Install target directory configurable in Makefile
|
|
|
|
Changed syslog prefix in auth.log to "sslh[%pid]"
|
|
|
|
Man page
|
|
|
|
new 'make install' and 'make install-debian' targets
|
|
|
|
PID file now specified using -P command line option
|
|
|
|
Actually fixed zombie generation (the v1.5 patch got
|
|
lost, doh!)
|
|
|
|
|
|
v1.5: 10DEC2008
|
|
Fixed zombie generation.
|
|
|
|
Added support scripts (), Makefile.
|
|
|
|
Changed all 'connexions' to 'connections' to please
|
|
pesky users. Damn users.
|
|
|
|
v1.4: 13JUL2008
|
|
Added libwrap support for ssh service (Christian Weinberger)
|
|
Only SSH is libwraped, not SSL.
|
|
|
|
v1.3: 14MAY2008
|
|
Added parsing for local interface to listen on
|
|
|
|
Changed default SSL connection to port 442 (443 doesn't make
|
|
sense as a default as we're already listening on 443)
|
|
|
|
Syslog incoming connections
|
|
|
|
v1.2: 12MAY2008
|
|
Fixed compilation warning for AMD64 (Thx Daniel Lange)
|
|
|
|
v1.1: 21MAY2007
|
|
Making sslhc more like a real daemon:
|
|
* If $PIDFILE is defined, write first PID to it upon startup
|
|
* Fork at startup (detach from terminal)
|
|
(thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
|
|
* Less memory usage (?)
|
|
|
|
v1.0:
|
|
Basic functionality: privilege dropping, target hostnames and ports
|
|
configurable.
|
|
|
|
|