Closed hillu closed 5 years ago
In the current develop
branch, we have added session.pem
to the repo and distributed files. We are no longer generating session.pem
for each test invocation. Instead, we are overriding the session timestamp when loading the session into the unit test case. We do not have an OpenSSL 1.1.1 TravisCI build yet and there has been no TLS 1.3 testing or code changes yet (see #220), but the specific failure you raised in this issue should be already resolved.
Can you check with latest develop
and confirm that this is not an issue anymore?
I've added a TravisCI target for OpenSSL 1.1.1, it builds and unit tests fine. I'm closing this issue as already fixed.
Note that this we have not done much testing with OpenSSL 1.1.1. In particular, there will still be significant work required to properly support TLS 1.3.
I see somewhat similar problem at Arch Linux with OpenSSL-1.1.1.c:
sending incremental file list
./
PKGBUILD
build.log
sent 859 bytes received 57 bytes 610.67 bytes/sec
total size is 1,044 speedup is 1.14
:: Synchronizing package databases...
staging 0.0 B 0.00B/s 00:00 [----------------------] 0%
staging 5.2 KiB 0.00B/s 00:00 [######################] 100%
testing is up to date
core is up to date
extra is up to date
community-staging is up to date
community-testing is up to date
community is up to date
:: Starting full system upgrade...
there is nothing to do
==> Building in chroot for [staging] (x86_64)...
==> Synchronizing chroot copy [/var/lib/archbuild/staging-x86_64/root] -> [foutrelis]...done
==> Making package: sslsplit 0.5.2-2 (Tue Aug 6 04:11:00 2019)
==> Retrieving sources...
-> Downloading sslsplit-0.5.2.tar.bz2...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 443k 100 443k 0 0 739k 0 --:--:-- --:--:-- --:--:-- 739k
-> Downloading sslsplit-0.5.2.tar.bz2.asc...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 195 100 195 0 0 2600 0 --:--:-- --:--:-- --:--:-- 2600
==> Validating source files with sha512sums...
sslsplit-0.5.2.tar.bz2 ... Passed
sslsplit-0.5.2.tar.bz2.asc ... Skipped
==> Verifying source file signatures with gpg...
sslsplit-0.5.2.tar.bz2 ... Passed
[1m[32m==>[0m[1m Making package: sslsplit 0.5.2-2 (Tue 06 Aug 2019 04:11:02 AM UTC)[0m
[1m[32m==>[0m[1m Checking runtime dependencies...[0m
[1m[32m==>[0m[1m Installing missing dependencies...[0m
resolving dependencies...
looking for conflicting packages...
Packages (1) libevent-2.1.11-1
Total Installed Size: 1.20 MiB
:: Proceed with installation? [Y/n]
(0/1) checking keys in keyring [----------------------] 0%
(1/1) checking keys in keyring [######################] 100%
(0/1) checking package integrity [----------------------] 0%
(1/1) checking package integrity [######################] 100%
(0/1) loading package files [----------------------] 0%
(1/1) loading package files [######################] 100%
(0/1) checking for file conflicts [----------------------] 0%
(1/1) checking for file conflicts [######################] 100%
:: Processing package changes...
(1/1) installing libevent [----------------------] 0%
(1/1) installing libevent [######################] 100%
Optional dependencies for libevent
python2: to use event_rpcgen.py
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...
[1m[32m==>[0m[1m Checking buildtime dependencies...[0m
[1m[32m==>[0m[1m Installing missing dependencies...[0m
resolving dependencies...
looking for conflicting packages...
Packages (1) check-0.12.0-1
Total Installed Size: 0.24 MiB
:: Proceed with installation? [Y/n]
(0/1) checking keys in keyring [----------------------] 0%
(1/1) checking keys in keyring [######################] 100%
(0/1) checking package integrity [----------------------] 0%
(1/1) checking package integrity [######################] 100%
(0/1) loading package files [----------------------] 0%
(1/1) loading package files [######################] 100%
(0/1) checking for file conflicts [----------------------] 0%
(1/1) checking for file conflicts [######################] 100%
:: Processing package changes...
(1/1) installing check [----------------------] 0%
(1/1) installing check [######################] 100%
:: Running post-transaction hooks...
(1/2) Arming ConditionNeedsUpdate...
(2/2) Updating the info directory file...
[1m[32m==>[0m[1m Retrieving sources...[0m
[1m[34m ->[0m[1m Found sslsplit-0.5.2.tar.bz2[0m
[1m[34m ->[0m[1m Found sslsplit-0.5.2.tar.bz2.asc[0m
[1m[33m==> WARNING:[0m[1m Skipping all source file integrity checks.[0m
[1m[32m==>[0m[1m Extracting sources...[0m
[1m[34m ->[0m[1m Extracting sslsplit-0.5.2.tar.bz2 with bsdtar[0m
[1m[32m==>[0m[1m Starting build()...[0m
------------------------------------------------------------------------------
SSLsplit 0.5.2
------------------------------------------------------------------------------
Report bugs at https://github.com/droe/sslsplit/issues/new
Please supply this header for diagnostics when reporting build issues
Before reporting bugs, make sure to try the latest develop branch first:
% git clone -b develop https://github.com/droe/sslsplit.git
------------------------------------------------------------------------------
Via pkg-config: openssl libevent libevent_openssl libevent_pthreads check
Build options: -DHAVE_NETFILTER
uname -a: Linux foutrelis 5.2.5-arch1-1-ARCH #1 SMP PREEMPT Wed Jul 31 08:30:34 UTC 2019 x86_64 GNU/Linux
------------------------------------------------------------------------------
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o cachemgr.o cachemgr.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o logbuf.o logbuf.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o url.o url.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o cert.o cert.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o cachefkcrt.o cachefkcrt.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o pxysslshut.o pxysslshut.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o opts.o opts.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o sys.o sys.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o thrqueue.o thrqueue.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o proc.o proc.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o cachetgcrt.o cachetgcrt.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o log.o log.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o privsep.o privsep.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o nat.o nat.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o base64.o base64.c
opts.c: In function ‘opts_proto_force’:
opts.c:184:3: warning: ‘TLSv1_method’ is deprecated [-Wdeprecated-declarations]
184 | opts->sslmethod = TLSv1_method;
| ^~~~
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:15,
from ssl.h:35,
from opts.h:34,
from opts.c:29:
/usr/include/openssl/ssl.h:1877:1: note: declared here
1877 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
| ^~~~~~~~~~~~~~~~~~
opts.c:189:3: warning: ‘TLSv1_1_method’ is deprecated [-Wdeprecated-declarations]
189 | opts->sslmethod = TLSv1_1_method;
| ^~~~
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o version.o version.c
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:15,
from ssl.h:35,
from opts.h:34,
from opts.c:29:
/usr/include/openssl/ssl.h:1883:1: note: declared here
1883 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
| ^~~~~~~~~~~~~~~~~~
opts.c:194:3: warning: ‘TLSv1_2_method’ is deprecated [-Wdeprecated-declarations]
194 | opts->sslmethod = TLSv1_2_method;
| ^~~~
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:15,
from ssl.h:35,
from opts.h:34,
from opts.c:29:
/usr/include/openssl/ssl.h:1889:1: note: declared here
1889 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
| ^~~~~~~~~~~~~~~~~~
opts.c: In function ‘opts_proto_dbg_dump’:
opts.c:257:17: warning: ‘TLSv1_method’ is deprecated [-Wdeprecated-declarations]
257 | (opts->sslmethod == TLSv1_method) ? "tls10" :
| ^
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:15,
from ssl.h:35,
from opts.h:34,
from opts.c:29:
/usr/include/openssl/ssl.h:1877:1: note: declared here
1877 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
| ^~~~~~~~~~~~~~~~~~
opts.c:260:17: warning: ‘TLSv1_1_method’ is deprecated [-Wdeprecated-declarations]
260 | (opts->sslmethod == TLSv1_1_method) ? "tls11" :
| ^
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:15,
from ssl.h:35,
from opts.h:34,
from opts.c:29:
/usr/include/openssl/ssl.h:1883:1: note: declared here
1883 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
| ^~~~~~~~~~~~~~~~~~
opts.c:263:17: warning: ‘TLSv1_2_method’ is deprecated [-Wdeprecated-declarations]
263 | (opts->sslmethod == TLSv1_2_method) ? "tls12" :
| ^
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:15,
from ssl.h:35,
from opts.h:34,
from opts.c:29:
/usr/include/openssl/ssl.h:1889:1: note: declared here
1889 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
| ^~~~~~~~~~~~~~~~~~
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o cachedsess.o cachedsess.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o main.o main.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o util.o util.c
privsep.c: In function ‘privsep_server_handle_req’:
privsep.c:314:10: warning: this statement may fall through [-Wimplicit-fallthrough=]
314 | mkpath = 1;
| ~~~~~~~^~~
privsep.c:315:2: note: here
315 | case PRIVSEP_REQ_OPENFILE: {
| ^~~~
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o cache.o cache.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o pxyconn.o pxyconn.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o proxy.o proxy.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o logger.o logger.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o dynbuf.o dynbuf.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o ssl.o ssl.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o pxythrmgr.o pxythrmgr.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o cachessess.o cachessess.c
cc -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -pthread -o sslsplit cachemgr.o logbuf.o url.o cert.o cachefkcrt.o pxysslshut.o opts.o sys.o thrqueue.o proc.o cachetgcrt.o log.o privsep.o nat.o base64.o version.o cachedsess.o main.o util.o cache.o pxyconn.o proxy.o logger.o dynbuf.o ssl.o pxythrmgr.o cachessess.o -lssl -lcrypto -levent_openssl -levent_pthreads -levent
[1m[32m==>[0m[1m Starting check()...[0m
------------------------------------------------------------------------------
SSLsplit 0.5.2
------------------------------------------------------------------------------
Report bugs at https://github.com/droe/sslsplit/issues/new
Please supply this header for diagnostics when reporting build issues
Before reporting bugs, make sure to try the latest develop branch first:
% git clone -b develop https://github.com/droe/sslsplit.git
------------------------------------------------------------------------------
Via pkg-config: openssl libevent libevent_openssl libevent_pthreads check
Build options: -DHAVE_NETFILTER
uname -a: Linux foutrelis 5.2.5-arch1-1-ARCH #1 SMP PREEMPT Wed Jul 31 08:30:34 UTC 2019 x86_64 GNU/Linux
------------------------------------------------------------------------------
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o base64.t.o \
-x c base64.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o sys.t.o \
-x c sys.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o cachessess.t.o \
-x c cachessess.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o dynbuf.t.o \
-x c dynbuf.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o ssl.t.o \
-x c ssl.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o cert.t.o \
-x c cert.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o cachefkcrt.t.o \
-x c cachefkcrt.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o opts.t.o \
-x c opts.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o cachetgcrt.t.o \
-x c cachetgcrt.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o cachemgr.t.o \
-x c cachemgr.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o pxythrmgr.t.o \
-x c pxythrmgr.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o cachedsess.t.o \
-x c cachedsess.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o main.t.o \
-x c main.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o url.t.o \
-x c url.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -D"TEST_ZEROUSR=\"root\"" -D"TEST_ZEROGRP=\"root\"" -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -pthread -o util.t.o \
-x c util.t.c
cc -c -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D"BNAME=\"sslsplit\"" -D"PNAME=\"SSLsplit\"" -D"VERSION=\"0.5.2\"" -D"BUILD_DATE=\"2019-08-06\"" -D"FEATURES=\"-DHAVE_NETFILTER\"" -D"BUILD_INFO=\"V:FILE\"" -DHAVE_NETFILTER -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o version.o version.c
cc -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -pthread -o sslsplit.test base64.t.o sys.t.o cachessess.t.o dynbuf.t.o ssl.t.o cert.t.o cachefkcrt.t.o opts.t.o cachetgcrt.t.o cachemgr.t.o pxythrmgr.t.o cachedsess.t.o main.t.o url.t.o util.t.o cachemgr.o logbuf.o url.o cert.o cachefkcrt.o pxysslshut.o opts.o sys.o thrqueue.o proc.o cachetgcrt.o log.o privsep.o nat.o base64.o version.o cachedsess.o util.o cache.o pxyconn.o proxy.o logger.o dynbuf.o ssl.o pxythrmgr.o cachessess.o -lssl -lcrypto -levent_openssl -levent_pthreads -levent -lcheck
rm -f extra/pki/session.pem
make -C extra/pki testreqs session
make[1]: Entering directory '/build/sslsplit/src/sslsplit-0.5.2/extra/pki'
openssl genrsa -out rsa.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
............+++++
........................................+++++
e is 65537 (0x010001)
openssl req -new -nodes -x509 -sha256 -out rsa.crt -key rsa.key \
-config x509v3ca.cnf -extensions v3_ca \
-subj '/C=CH/O=SSLsplit Root CA/CN=SSLsplit Root CA/' \
-set_serial 1 -days 3650
cat rsa.crt rsa.key >rsa.pem
mkdir -p targets
openssl genrsa -out targets/daniel.roe.ch.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
....+++++
.............................................+++++
e is 65537 (0x010001)
openssl req -new -sha256 -subj '/C=CH/CN=daniel.roe.ch/' \
-key targets/daniel.roe.ch.key \
-out targets/daniel.roe.ch.csr
openssl x509 -req -sha256 -CAcreateserial -days 365 \
-CA rsa.crt -CAkey rsa.key \
-in targets/daniel.roe.ch.csr \
-out targets/daniel.roe.ch.crt
Signature ok
subject=C = CH, CN = daniel.roe.ch
Getting CA Private Key
cat targets/daniel.roe.ch.crt targets/daniel.roe.ch.key rsa.crt \
>targets/daniel.roe.ch.pem
rm -f targets/daniel.roe.ch.key targets/daniel.roe.ch.csr \
targets/daniel.roe.ch.crt
mkdir -p targets
openssl genrsa -out targets/wildcard.roe.ch.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
..............................................+++++
......................................................................................................................+++++
e is 65537 (0x010001)
openssl req -new -sha256 -subj '/C=CH/CN=*.roe.ch/' \
-key targets/wildcard.roe.ch.key \
-out targets/wildcard.roe.ch.csr
openssl x509 -req -sha256 -CAcreateserial -days 365 \
-CA rsa.crt -CAkey rsa.key \
-in targets/wildcard.roe.ch.csr \
-out targets/wildcard.roe.ch.crt
Signature ok
subject=C = CH, CN = *.roe.ch
Getting CA Private Key
cat targets/wildcard.roe.ch.crt targets/wildcard.roe.ch.key rsa.crt \
>targets/wildcard.roe.ch.pem
rm -f targets/wildcard.roe.ch.key targets/wildcard.roe.ch.csr \
targets/wildcard.roe.ch.crt
rm -f rsa.srl
openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................+++++
....................................................+++++
e is 65537 (0x010001)
openssl req -new -nodes -x509 -sha256 -out server.crt -key server.key \
-config x509v3ca.cnf -extensions v3_crt \
-subj '/C=CH/O=SSLsplit Test Certificate/CN=daniel.roe.ch/' \
-set_serial 42 -days 365
cat server.crt server.key >server.pem
openssl s_server -accept 46143 -cert server.pem -quiet & \
pid=$! ; \
sleep 1 ; \
echo q | openssl s_client -connect localhost:46143 \
-quiet -no_ign_eof -sess_out session.pem ; \
kill $pid
Can't use SSL_get_servername
depth=0 C = CH, O = SSLsplit Test Certificate, CN = daniel.roe.ch
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CH, O = SSLsplit Test Certificate, CN = daniel.roe.ch
verify return:1
DONE
test -r session.pem
make[1]: *** [GNUmakefile:117: session.pem] Error 1
make[1]: Leaving directory '/build/sslsplit/src/sslsplit-0.5.2/extra/pki'
make: *** [GNUmakefile:429: test] Error 2
[1m[31m==> ERROR:[0m[1m A failure occurred in check().[0m
[1m Aborting...[0m
==> ERROR: Build failed, check /var/lib/archbuild/staging-x86_64/foutrelis/build
This was fixed in 0.5.4, please ask your distribution to upgrade their port/package files to the latest release containing the fix, or build manually from source.
Hi,
as reported in Debian bug #912052, tests now fail. I have been able to reproduce them with a current sid-amd64 chroot which includes openssl 1.1.1-2. Downgrading the openssl, libssl1.1, libssl-dev packages to 1.1.0g-2 makes the problem go away.
The problem is that
s_client
no longer createssession.pem
via the-sess_out
parameter. My wild guess is that it has something to do with the failing verification.