Soner Tari

Good to hear that it works with SSL_CTX_load_verify_locations(). But it is strange because you had already tried SSL_CTX_set_default_verify_paths() and added that CA to the default store, which was supposed to...

Yes, I can confirm this issue on Kali Linux 2019.3, which uses gcc 9.2.1 on kernel 5.2 too (I assume this issue is due to gcc). Removing the packed attribute...

Btw, adding `aligned(2)` attribute along with `packed` also silences this warning. But I don't think that's the correct fix either. The discussion [here](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=51628) explains the issue.

We haven't talked about this with Daniel, so I don't know what he has in mind exactly. But I use connection ids and file descriptors to track connections among connection...

Yes, you could analyze such traffic with a custom program you say you have written in Java. The first sanity check would be: Are you sure you are using SSL/TLS?...

See the [UTMFW](https://github.com/sonertari/UTMFW) project for at least 3x UTM services (4x different programs) running behind the SSLproxy. You can download its source code, but you can also download its iso...

Just for the record, there is a sample listening program under the `extra/lp` folder in the sources.

It's under [`tests/testproxy/lp`](https://github.com/sonertari/SSLproxy/tree/master/tests/testproxy/lp) since v0.8.0.

If you want SSLproxy to listen on multiple ports, you should repeat the same proxyspec for each port, e.g.: ``` sslproxy -e ipfw -k ca.key -c ca.crt ssl 127.0.0.1 8080...

Since I don't have your test environment, I cannot test it myself. But you can enable DEBUG_PROXY (and DEBUG_OPTIONS) switches in Mk/main.mk, recompile, and then start sslproxy with the `-D4`...