diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
| commit | 36082a2fe36ecd800d784ae44c14f1f18c66a7e9 (patch) | |
| tree | 6c68e0c0097987aff85a01dabddd34b862309a7c /doc/examples/tlsproxy/README.md | |
| parent | Initial commit. (diff) | |
| download | gnutls28-upstream.tar.xz gnutls28-upstream.zip | |
Adding upstream version 3.7.9.upstream/3.7.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
| -rw-r--r-- | doc/examples/tlsproxy/README.md | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/doc/examples/tlsproxy/README.md b/doc/examples/tlsproxy/README.md new file mode 100644 index 0000000..3c7a17f --- /dev/null +++ b/doc/examples/tlsproxy/README.md @@ -0,0 +1,53 @@ +tlsproxy +======== + +`tlsproxy` is a TLS proxy written with GnuTLS. It is mostly designed as an +example of how to use asynchronous (non-blocking) I/O with GnuTLS. More +accurately, it was designed so I could learn how to do it. I think I've +got it right. + +To that end, it's been divided up as follows: + +* `crypto.c` does all the crypto, and `tlssession_mainloop()` does the hard work. +* `buffer.c` provides ring buffer support. +* `tlsproxy.c` deals with command line options and connecting sockets. + +It can be used in two modes: + +* Client mode (default). Listens on an unencrypted port, connects to + an encrypted port. +* Server mode (run with `-s`). Listens on an encrypted port, connects to + an unencrypted port. + +Usage +===== + +``` +tlsproxy + +Usage: + tlsproxy [OPTIONS] + +A TLS client or server proxy + +Options: + -c, --connect ADDRESS Connect to ADDRESS + -l, --listen ADDRESS Listen on ADDRESS + -K, --key FILE Use FILE as private key + -C, --cert FILE Use FILE as public key + -A, --cacert FILE Use FILE as public CA cert file + -H, --hostname HOSTNAME Use HOSTNAME to validate the CN of the peer + rather than hostname extracted from -C option + -s, --server Run the listen port encrypted rather than the + connect port + -i, --insecure Do not validate certificates + -n, --nofork Do not fork off (aids debugging); specify twice + to stop forking on accept as well + -d, --debug Turn on debugging + -h, --help Show this usage message +``` + +License +======= + +MIT |