libsslwrap

What is libsslwrap?

The libsslwrap library is a wrapper for transparently using SSL in the network communication between client and server programs that do not aware of SSL. The users do not need to modify, recompile, or relink their programs.

The libsslwrap library uses the preload facility of the ELF binary. This library is preloaded by setting its path to the LD_PRELOAD environment variable. It intercepts the connect, accept, write, read, send, recv, and other function calls.

The sslwrap program is a shell script for using the libsslwrap library. It sets LD_PRELOAD to an appropriate libsslwrap shared library and executes a specified program.

Limitations

A target program must be dynamically linked ELF binary.
A program passing sockets to a child process by execve(2) like inetd is not supported.
A target program must not issue system calls like write and read directly with a software trap.

Requirements

OpenSSL
Pthread with kernel thread (optional)

Tested environment

openssl 0.9.5
linux 2.2.16
glibc 2.1.3
glibc-linuxthreads 2.1.3

Tested applications

telnet/telnetd

server# sslwrap /usr/sbin/in.telnetd -debug 10023
client% sslwrap /usr/bin/telnet server 10023

ftp/ftpd

server# sslwrap /usr/sbin/in.ftpd -s -p 10021 -P 10020
client% sslwrap /usr/bin/ftp server 10021

pftp/ftpd

server# sslwrap /usr/sbin/in.ftpd -s -p 10021 -P 10020
client% sslwrap /usr/bin/pftp server 10021

Links

The followings are SSL proxy servers:

kourai@csg.is.titech.ac.jp