Soner Tari
Soner Tari
No, Passthrough mode does not work like that, it passes the connection through on error (something like fail-open). Filter rules and proxyspecs are hard to reload without restarting sslproxy.
For example, it happens on SSL errors while connecting to server. Or on errors creating SSL context, e.g. while forging server cert. You can follow the links to sources for...
No, there is no ALPN support in SSLproxy or SSLsplit, but see [this pr to SSLsplit](https://github.com/droe/sslsplit/pull/143), a bit old though.
If the listening program does not return the packets to SSLproxy (the connection you crossed over in the diagram), it is effectively disabled. I don't think I can find where...
It's way more complicated than what you think. That would be a very different project.
Yes, I think you're right, that is expected to cause memory leaks. I'll check again to see if I'm missing something. If not, I should create proto_free functions for them...
Fixed now, thanks
IMAP has been in my todo list for more than 4 years now, but there are more important todo items in the list, so I wouldn't expect it any time...
Btw, you can use tcp and ssl proxyspecs for imap and imaps protocols. I've never tried myself, but if we don't have to do anything special for IMAP, it should...
The error message strongly suggests **resource exhaustion** (running out of available FDs) rather than a simple crash. We try to mitigate this specific type of crash during connection acceptance by...