Commit graph

13 commits

Author SHA1 Message Date
Luka Krajger
d0d8c58882 Issue #384: compatibility with OpenSSL 1.1.0
* Direct usage of BIO struct members is removed for new versions of
  OpenSSL.
* Workaround for double BIO free in SSL_free() was updated to work
  with new and old OpenSSL versions.
* Note that this patch only fixes compatibilty when building with
  configure option "--disable-runtime-loading" (like it is done
  for Debia package.).
2016-10-08 16:10:53 +02:00
KLuka
4aa0eb97e4 Disable HTTP fallback via "/plain" URL (CVE-2015-8400)
* Disabled all methods of HTTP fallback when HTTPS is enabled. This
  is enforced on server side so that even modified client code (JS)
  can not redirect client from HTTPS to HTTP, like it was possible
  before (issue #355).
* Current solution unfortunately also disables automatic upgrade from
  HTTP to HTTPS (when available), since all non-SSL connections are
  droped immediately.
2015-12-03 17:47:26 +01:00
KLuka
eacb2fcb81 Disable secure client-initiated renegotiation
* In case that this SSL feature is abused it is possible to overload the
  server. Other web servers disable this feature by default, but users
  are able to change it with configuration. This is not possible with
  shellinabox as this feature is not needed.
* Solution was implemented similary as in Lighttpd web server.
2015-08-06 18:06:11 +02:00
KLuka
f0437832d3 Added support for Perfect Forward Secrecy (#331)
* Support for PFS is enabled with help of chiper suits that use ECDHE
  key exchange. OpenSSL added support for eliptic curve operations (EC)
  in version 0.9.8. Note that there are also some library distributions
  which don't support EC operations.
* Added precompiler guards for builds with OpenSSL older than 0.9.8 and
  builds with '--enable-runtime-loading' configure script option.
* Cleaned up some SSL related code.
2015-08-05 17:57:05 +02:00
Jonathan G Rennison
490781d998 Add dynamic linking for functions required by SSL v2/3 disabling patch. 2015-03-05 18:02:09 +01:00
zodiac
3bacdb002b - Make the code actually do, what the comments say (i.e. skip PAM account
management, if we don't have the privileges to do so, anyway)
- Make ssl.h compile again, even if OpenSSL is not found at compile time.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@115 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-04-16 20:54:08 +00:00
zodiac
1ea698ad72 Add support for chained SSL certificates.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@90 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-03-29 21:52:18 +00:00
zodiac
84dcc33650 Allow "configure" to explicitly disable OpenSSL and PAM support. Also, allow
OpenSSL and PAM libraries to be optionally linked as regular shared libraries
instead of being searched for and loaded at run-time.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@65 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-02-17 04:13:47 +00:00
zodiac
1e27276feb Use a config.h file, instead of passing configuration options on the compiler's
command line.

Fix fatal compilation warning when building without SSL support.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@59 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-02-11 23:25:15 +00:00
zodiac
949d763498 Unexport sslGenerateCertificate() which is only needed by ssl.c internally.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@47 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-01-21 23:35:20 +00:00
zodiac
e40a555cbf Allow SSL certificate and key to be passed in through a file handle.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@46 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-01-17 03:37:20 +00:00
zodiac
046a9305c9 Updated copyright notice.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@25 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-01-02 06:09:13 +00:00
zodiac
aab20f5ed0 First public release of the version 2.0 rewrite. This is the
first release of ShellInABox that supports an AJAX interface
instead of the original Java applet.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@2 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2008-12-29 23:57:07 +00:00