agwa / titus Goto Github PK

View Code? Open in Web Editor NEW

111.0 111.0 7.0 131 KB

Totally Isolated TLS Unwrapping Server

License: Other

Makefile 0.56% C++ 89.83% Roff 9.61%

titus's People

Contributors

Stargazers

Watchers

Forkers

hotelzululima no-problemo mbgrydeland rubicae orquestracd saran-saran007

titus's Issues

FreeBSD: Invalid value for ai_flags

FreeBSD does not support AI_V4MAPPED. Titus compiles, but cannot bind to a socket.

config file trouble

Hmm, maybe i can't see somethng special, but output is here ....

niemi@ndeb7:/STUDex# titus --config /home/niemi/STUDex/titus.conf
titus: Configuration error: Unable to read TLS key file: /etc/ssl/private/localhost.key : No such file or directory
niemi@ndeb7:/STUDex# ls -l /etc/ssl/private/
total 8
-rw-r--r-- 1 root root 2484 Jan 6 14:06 localhost.key

Is this abandonware?

No updates in years, clearly it has never been tested on platforms with OpenSSL 1.1.0+ as it requires at least 07a65ec which came out after the 0.3 tag.

problem after upgrade from 0.2 to 0.3

Hello,
I'm running titus 0.2 under linux Debian Jessie AMD64 (with no problems).
After upgrade to 0.3, titus fails:
System error in child: read: backend_sock: Transport endpoint is not connected
Child 20969 exited with status 3
System error in child: read: backend_sock: Transport endpoint is not connected
Child 20970 exited with status 3
System error in child: read: backend_sock: Transport endpoint is not connected
Child 20971 exited with status 3

Titus raises an exception here:
https://github.com/AGWA/titus/blob/master/child.cpp#L453

Configuration file (sligthly modified configuration file from /usr/share/doc/titus/examples/titus.conf):

Which port to listen on

port 443

Run in transparent proxy mode (see titus(8) man page)?

transparent no

Address of backend application

backend 127.0.0.1
backend-port 443

Minimum number of children to keep running waiting for connections

min-spare-children 3

Maximum number of children (i.e. connections) at once

max-children 100

Maximum time (in seconds) that TLS handshake may take

max-handshake-time 10

TLS key and certificate

key /etc/ssl/private/example.com.key
cert /etc/ssl/certs/example.com.crt

TLS settings (see titus(8) man page)

ciphers ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA

dhgroup 14

ecdhcurve secp521r1

compression no

sslv3 no

tlsv1 yes

tlsv1.1 yes

tlsv1.2 yes

honor-client-cipher-order no

boringssl compatibility

Hello,
are You planing to make it compatible with boringssl?
Currently compilation fails:
c++ -Wall -Wextra -pedantic -O2 -std=c++11 -I../include -c -o child.o child.cpp
c++ -Wall -Wextra -pedantic -O2 -std=c++11 -I../include -c -o common.o common.cpp
c++ -Wall -Wextra -pedantic -O2 -std=c++11 -I../include -c -o util.o util.cpp
c++ -Wall -Wextra -pedantic -O2 -std=c++11 -I../include -c -o dh.o dh.cpp
c++ -Wall -Wextra -pedantic -O2 -std=c++11 -I../include -c -o keyserver.o keyserver.cpp
c++ -Wall -Wextra -pedantic -O2 -std=c++11 -I../include -c -o rsa_client.o rsa_client.cpp
rsa_client.cpp: In function ‘int {anonymous}::rsa_client_private_decrypt(int, const unsigned char_, unsigned char_, RSA_, int)’:
rsa_client.cpp:55:70: error: ‘RSA_get_app_data’ was not declared in this scope
uintptr_t key_id = reinterpret_cast<uintptr_t>(RSA_get_app_data(rsa));
^
rsa_client.cpp: In function ‘int {anonymous}::rsa_client_private_encrypt(int, const unsigned char_, unsigned char_, RSA_, int)’:
rsa_client.cpp:75:70: error: ‘RSA_get_app_data’ was not declared in this scope
uintptr_t key_id = reinterpret_cast<uintptr_t>(RSA_get_app_data(rsa));
^
rsa_client.cpp: In function ‘RSA_METHOD* {anonymous}::get_rsa_client_method()’:
rsa_client.cpp:95:12: error: ‘RSA_METHOD’ has no member named ‘rsa_priv_enc’
if (!ops.rsa_priv_enc) {
^
rsa_client.cpp:96:34: error: ‘RSA_get_default_method’ was not declared in this scope
ops = RSA_get_default_method();
^
rsa_client.cpp:97:8: error: ‘RSA_METHOD’ has no member named ‘rsa_priv_enc’
ops.rsa_priv_enc = rsa_client_private_encrypt;
^
rsa_client.cpp:98:8: error: ‘RSA_METHOD’ has no member named ‘rsa_priv_dec’
ops.rsa_priv_dec = rsa_client_private_decrypt;
^
rsa_client.cpp: In function ‘openssl_unique_ptr<evp_pkey_st> rsa_client_load_private_key(uintptr_t, RSA)’:
rsa_client.cpp:125:51: error: ‘RSA_set_method’ was not declared in this scope
RSA_set_method(rsa.get(), get_rsa_client_method());
^
rsa_client.cpp:126:66: error: ‘RSA_set_app_data’ was not declared in this scope
if (!RSA_set_app_data(rsa.get(), reinterpret_cast<void*>(key_id))) {
^
: recipe for target 'rsa_client.o' failed
make: *** [rsa_client.o] Error 1

Script used for compilation attached (titus.sh.txt)

titus.sh.txt