-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
69 lines (56 loc) · 2.72 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
islandhack
----------
This is a little perl script designed for running obstinate
installation scripts that insist on downloading stuff from the Web, in
situations where you can't or don't want to download anything from the
Web.
It works by running an HTTP proxy server which serves everything from
a local cache directory. You can populate this cache directory ahead
of time using 'wget', or you can use 'islandhack --update' to populate
it automatically.
For weird clients like git, you can also provide CGI scripts to handle
specific requests.
When the client tries to connect to an HTTPS server, islandhack does
various things to try to persuade the program that its insecure
connection is in fact secure. This should work for most programs
using OpenSSL or GnuTLS on Debian, Fedora, and derived systems, and
for Java programs using the standard library. It may or may not work
with other libraries and on other distributions.
(If you find a program/library that doesn't work, and there's an easy
way to kludge around it - setting environment variables, overriding
library functions - please let me know.)
If facing a really stubborn program that insists on using secure
connections (the horror!), you might consider creating a fake CA and
installing it system-wide, and making its private key available to
islandhack. This of course wrecks the security of your entire system,
but you could do so safely inside a container or VM. That's beyond
the scope of this program.
History
-------
0.5 (2019-12-05):
- An error message is displayed when islandhack exits, if the cache
has been updated or one or more requests could not be satisfied.
- New option '--verbose' to print the log to standard error when
islandhack exits.
- The server includes the fake CA in its certificate chain.
- Fake server keys are now 2048 bits.
- The 'keytool' command will work correctly with JDK 9 or newer.
- Added a simple test suite, which works by running islandhack
recursively.
0.4 (2019-02-12):
- If 'faketime' is installed, fake certificates are backdated by
one hour (in case the system clocks are not perfectly
synchronized between the client and server.)
- New option '--remember-404' to permit caching of 404 errors.
0.3 (2018-12-06):
- Fake certificates now include a subjectAltName.
- 'openssl genrsa' command line is compatible with newer openssl
versions.
0.2 (2018-04-04):
- HTTPS connections are closed properly, and avoid the 'close() on
unopened filehandle' error.
- Higher error status values take precedence over lower ones.
- The preload library is renamed to libislandhack.so.0, and can be
installed for multiple architectures in parallel.
0.1 (2017-02-17):
- Initial release.