Adapting proxo 4.5 to the latest OpenSSL DLLs
|
Jan. 01, 2015, 08:40 PM
Post: #31
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
noted...
i've reloaded all the patches (basically everything except the multiple-instances)... i'm now running Henk's 3.6 and everything is functioning as expected... |
|||
Jan. 03, 2015, 05:05 PM
(This post was last modified: Jan. 03, 2015 05:06 PM by amy.)
Post: #32
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
These are now done in the patch I'm currently testing:
- SubjectAltName extension - Wildcard certificates checking No more "hostname doesn't match the site" warnings from that, and it's better than bypassing the check completely. I managed to squeeze the code for doing it in the same space taken up by the original certificate check function, which didn't actually check much. Proxomitron was originally not doing multithreaded SSL correctly so, on a multicore machine, it occasionally crashed with many simultaneous SSL requests. I've fixed that too along with not checking return value of SSL_connect() function (caused another crash if the connection somehow failed.) This is going to be a pretty big patch - there's almost 1.5KB changed - so I'm going to test it for a little while more and then release it when I feel it's stable enough. |
|||
Jan. 06, 2015, 03:39 AM
Post: #33
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs | |||
Jan. 09, 2015, 02:08 PM
Post: #34
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
What I've done so far
- Compatible with OpenSSL 1.0.1j (1.0.1k just came out, I think it'd be compatible too) - Configurable cipher list - SNI extension - SubjectAltName extension - Wildcard certificate support - Fixed multithreading crash/hang - Fixed crash on connection failure Yesterday fixed memory leak in the certificate name checking... and I still have 7 bytes left there. I'm just fixing things when I have the time, hence the sparse updates, and mostly using in the meantime to test its stability. It starts up using around 8.5MB and now it's at 12.5MB; if it doesn't grow much more than that (or crash) after a week of use then I'll probably release it then. The leak I fixed yesterday caused it to grow to over 45MB after a few days of use! |
|||
Jan. 16, 2015, 03:24 PM
(This post was last modified: Feb. 24, 2015 01:31 AM by JJoe.)
Post: #35
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
After a week of rather heavy use with no problems, I think it's ready to release the big patch
Proxomitron 4.5 now working with OpenSSL 1.0.1l Summary of things added/fixed by this patch: - No more random crashes/"could not connect" even if site is up - Certificate verification error messages should be correct now - Adds SNI, needed to access many sites now - Checking wildcard certificates correctly - Checking SubjectAltName extension correctly - Cipher list is configured to avoid weak/insecure ciphers, and to use strongest encryption level available It comes in 10(!) parts, which all have to be applied to your Proxomitron (original) exe to work correctly. 1. Update section headers to add space for code (offset, old, new) Code: 00000118: 00 98 2. Allocate more critical sections, fixing multithreading crashes Code: 00005A81: D8 B0 3. SslInit: jump to additional SSL initialisation code Code: 0000E649: 6A E9 4. Update offsets of error and error_depth fields in SSL_CTX structure (so the error messages are actually correct) Code: 0000E913: 4C 64 5. Jump to additional code for adding SNI Old: Code: 0000EACC: 8B 4E 04 51 8B 15 BC C4 42 00 Code: 0000EACC: E9 6A 68 01 00 90 90 90 90 90 6. Replaced certificate name checking function (SAN and wildcard support) Old: Code: 0000EBF0: Code: 0000EBF0: 7. Fix crash when no certificate available or connection failed Old: Code: 0000F370: Code: 0000F370: 8. Added "SSL_ctrl" function, SNI, multithreaded locking Old: Code: 000252F0: Code: 00252F0: 9. Cipher list. Old bytes there were all zeros. Code: 00026E20: 10. Updated OpenSSL function names list. Old: Code: 00028690: New: Code: 00028690: Then you will need to use OpenSSL DLLs version 1.0.1l which I attached. These are compiled from the official source and should not need any patching to work on Win9x nor the VC redistributable package; the DLLs here should work too, but I haven't tested them. I started testing this patch with 1.0.1j, which should also work as should all the versions going back to 1.0.1a, but the latest version fixes a few bugs so it would be better to use them. You can see differences between the versions here: http://upstream.rosalinux.ru/versions/openssl.html With the patch applied, Proxomitron.exe should have the following hashes: MD5: 0a1e3b087dd35facb4ffcbcac2ddbebb SHA1: 9442ed2d4a82b40b1b5af08efd2f8045232456a6 Edits: Jan. 18, 2015 08:47 PM by amy. Feb. 23, 2015 by JJoe. Changed hashes to reflect bugfix as reported, herbalist, and verified. Old values were: MD5: 03259b46fc5eac833830a684c47dc64b SHA1: 7ee76261088f86957f02fe9590b8b71b08b1025b |
|||
The following 5 users say Thank You to amy for this post: eclipse, defconnect, usr, whenever, herbalist |
Jan. 16, 2015, 07:37 PM
Post: #36
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
Thanks for your great work amy! A nice weekend to all.
|
|||
Jan. 18, 2015, 06:37 AM
Post: #37
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 16, 2015 03:24 PM)amy Wrote: After a week of rather heavy use with no problems, I think it's ready to release the big patch Yes! Well done. Thank you, thank you, thank you. A few issues noted on Win7 64. 1. Hate to ask for more but always crashes at https://www.ssllabs.com/ssltest/viewMyClient.html . I suspect this is due to https://www.ssllabs.com:10200/1x1-transparent.png which is used to test for unsupported SSL2. Ideally SSL2 will not be seen but is a more graceful exit possible? 2. Use ProxHTTPSProxyMII's "cacert.pem" renamed "certs.pem". I had problems while using the original "certs.pem" and the one that I created specifically for the Proxomitron. 3. Using the Proxomitron's "Abort" while files are downloading may crash it. Hope Santa was very good to amy, whenever, Stone-D, mas, Kye-U, sidki, and all. Have fun |
|||
Jan. 19, 2015, 12:56 AM
(This post was last modified: Jan. 19, 2015 12:57 AM by amy.)
Post: #38
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
1. Yes, this is a bug! Thanks for finding and reporting it! The fix is (old, new):
Code: 0000EC15: 74 97 2. I don't use ProxHTTPSProxyMII so can't give any explanation for this... but the original certs.pem is wildly out-of-date. I've extracted a list of CAs from the other browsers to use in my certs.pem; I'll probably post that one later (along with the tools to do the extraction) somewhere else. 3. I rarely use the Abort button but I've just tried aborting a few (large) HTTP and HTTPS downloads and it didn't happen. I don't think I've experienced any crashes with aborts before that were not HTTPS-related. Is this on HTTPS downloads only? |
|||
Jan. 19, 2015, 05:18 AM
Post: #39
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
HTTPS only. I experienced crashes while loading cfgs that required closing existing connections. To test, I opened yahoo mail and 'aborted' till crash. Seems to be fixed by the bug fix.
I mentioned the ProxHTTPSProxyMII certs file for the others because it is easily available and was working for me. I assumed you had another. My guess is a failed or bad request was responsible for each crash. I think or hope the fix fixes 1, 2, and 3. Happy to help! Thanks again! |
|||
Jan. 23, 2015, 09:53 AM
Post: #40
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
i'm curious, acknowledging that my views are less "mainstream" than most, but also knowing that this *IS* becoming an INCREASINGLY more "accepted" protocol -
(ie, chrome/chromium enable this via command line switches, QupZilla has an option to enable this right in the GUI) what about a patch for Proxo that enables the end-user to FULLY DISABLE SSL cert-check "crap"? basically a GUI "check box" similar to that used to freeze GIFs throw in a "warning" dialog box if you feel it appropriate (i personally don't, the Proxo user is generally MUCH smarter than the 'average' web user) |
|||
Jan. 23, 2015, 10:10 PM
(This post was last modified: Jan. 23, 2015 10:11 PM by herbalist.)
Post: #41
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
What hex editor are you people using here? I tried to copy and paste the changes shown using HxD. It won't allow it due to the 3 columns of hyphens in the code. I'm new to hex editing. Is there an easy work-around that I'm missing?
|
|||
Jan. 24, 2015, 12:29 AM
(This post was last modified: Jan. 25, 2015 03:29 PM by JJoe.)
Post: #42
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 23, 2015 10:10 PM)herbalist Wrote: What hex editor are you people using here? I tried to copy and paste the changes shown using HxD. It won't allow it due to the 3 columns of hyphens in the code. I'm new to hex editing. Is there an easy work-around that I'm missing? I used HxD and a text editor. Use the text editor to change all "-" to spaces, " ". Patching exes are coming, tho. |
|||
Jan. 24, 2015, 04:39 PM
Post: #43
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 24, 2015 12:29 AM)JJoe Wrote: ...Patching exes are coming, tho. md5: d675477025d6af758f10ed1b87a366e6 Can you please confirm the above md5 for the patched proxomitron.exe (using your patcher)? Thanks. soccerfan |
|||
Jan. 24, 2015, 04:48 PM
Post: #44
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs | |||
Jan. 24, 2015, 04:59 PM
Post: #45
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Jan. 24, 2015 04:48 PM)JJoe Wrote: Problems? The checksums match. Some guidance in how to use/test the patched version: For example: should I use it with ProxHTTPSProxyMII or by itself (with ssl enabled) soccerfan |
|||
« Next Oldest | Next Newest »
|