./net/sslh, Multiplex ssl, ssh, and other connections on the same port

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.20, Package name: sslh-1.20, Maintainer: nils

Sslh accepts connections on specified ports, and forwards
them further based on tests performed on the first data
packet sent by the remote client.

Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are
implemented, and any other protocol that can be tested using
a regular expression, can be recognised. A typical use case
is to allow serving several services on port 443 (e.g. to
connect to ssh from inside a corporate firewall, which
almost never block port 443) while still serving HTTPS on
that port.

Hence sslh acts as a protocol demultiplexer, or a
switchboard. Its name comes from its original function to
serve SSH and HTTPS on the same port.

Required to run:
[devel/pcre] [devel/libconfig]

Required to build:

Master sites:

SHA1: d39b68a537ed1385f1c801a1e10ccdb7b31e555a
RMD160: 3745768e1de8c5a154cfd98ea6f215ac349a3b17
Filesize: 59.049 KB

Version history: (Expand)

CVS history: (Expand)

   2018-12-05 22:20:32 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
sslh: update to 1.20.

v1.20: 20NOV2018
	Added support for socks5 protocol (Eugene Protozanov)

	New probing method:
	Before, probes were tried in order, repeating on the
	same probe as long it returned PROBE_AGAIN before
	moving to the next one. This means a probe which
	requires a lot of data (i.e. returne PROBE_AGAIN for
	a long time) could prevent sucessful matches from
	subsequent probes. The configuration file needed to
	take that into account.

	Now, all probes are tried each time new data is
	found. If any probe matches, use it. If at least one
	probe requires more data, wait for more. If all
	probes failed, connect to the last one. So the only
	thing to know when writing the configuration file is
	that 'anyprot' needs to be last.

	Test suite heavily refactored; `t` uses `test.cfg`
	to decide which probes to test and all setup is
	automatic; probes get tested with 'fast' (entire
	first message in one packet) and 'slow' (one byte at
	a time); when SNI/ALPN are defined, all combinations
	are tested.

	Old 'tls' probe removed, 'sni_alpn' probe renamed as 'tls'.
	You'll need to change 'sni_alpn' to 'tls' in
	your configuration file, if ever you used it.
   2018-04-29 11:41:16 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
sslh: update to 1.19c.

v1.19: 20JAN2018
	Added 'syslog_facility' configuration option to
	specify where to log.

	TLS now supports SNI and ALPN (Travis Burtrum),
	including support for Let's Encrypt challenges
	(Jonathan McCrohan)

	ADB probe. (Mike Frysinger)

	Added per-protocol 'fork' option. (Oleg Oshmyan)

	Added chroot option. (Mike Frysinger)

	A truckload of bug fixes and documentation
	improvements (Various contributors)
   2017-08-15 16:23:50 by Jonathan Perkin | Files touched by this commit (3) | Package updated
Log message:
Support documented command line options.  Bump PKGREVISION.
   2017-08-15 15:13:37 by Jonathan Perkin | Files touched by this commit (5)
Log message:
Fix build on SunOS and add SMF manifest.  Based on patches provided by
Jorge Schrauwen in joyent/pkgsrc#14.
   2016-08-07 15:19:25 by Nils Ratusznik | Files touched by this commit (3) | Package updated
Log message:
Updated net/sslh to version 1.18.
Pkgsrc changes :
- taking over maintainership ;
- updated patch for getopt_long because of the update.

Upstream changes :
- Added USELIBPCRE to make use of regex engine optional ;
- Added support for RFC4366 SNI and RFC7301 ALPN (Travis Burtrum) ;
- Changed connection log to include the name of the probe that triggered ;
- Changed configuration file format: 'probe' field is no longer required,
  'name' field can now contain 'tls' or 'regex',
  with corresponding options (see example.cfg) ;
- Added 'log_level' option to each protocol,
  which allows to turn off generation of log at each connection ;
- Added 'keepalive' option.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-07-19 18:49:41 by Nils Ratusznik | Files touched by this commit (1)
Log message:
Since sslh-1.17, argument to -F can no longer be separated from
the option by a space, e.g. must be -Ffoo.cfg.
Otherwise, /etc/rc.d/sslh start|stop|... will do nothing.
   2015-06-10 11:15:48 by Thomas Klausner | Files touched by this commit (1)
Log message:
TODO: I argue that PKGREVISION_NOREV should be the default PKGREVISION...