Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id 54217A654B for ; Sun, 1 Mar 2015 09:59:50 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id D888614A248; Sun, 1 Mar 2015 09:59:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 664FF14A23F for ; Sun, 1 Mar 2015 09:59:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id RtOMIgCOUNUP for ; Sun, 1 Mar 2015 09:59:45 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 4540314A191 for ; Sun, 1 Mar 2015 09:59:45 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 3983898; Sun, 1 Mar 2015 09:59:45 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Sun, 1 Mar 2015 09:59:45 +0000 From: "Thomas Klausner" Subject: CVS commit: pkgsrc/security/sslsplit To: pkgsrc-changes@NetBSD.org Reply-To: wiz@netbsd.org X-Mailer: log_accum Message-Id: <20150301095945.3983898@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: wiz Date: Sun Mar 1 09:59:45 UTC 2015 Added Files: pkgsrc/security/sslsplit: DESCR Makefile PLIST distinfo Log Message: Import sslsplit-0.4.10 as security/sslsplit. SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing. SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. Depending on the version of OpenSSL, SSLsplit supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. For HTTP and HTTPS connections, SSLsplit removes response headers for HPKP in order to prevent public key pinning, for HSTS to allow the user to accept untrusted certificates, and Alternate Protocols to prevent switching to QUIC/SPDY. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 pkgsrc/security/sslsplit/DESCR \ pkgsrc/security/sslsplit/Makefile pkgsrc/security/sslsplit/PLIST \ pkgsrc/security/sslsplit/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.