1 files changed, 53 insertions, 0 deletions

diff --git a/doc/examples/tlsproxy/README.md b/doc/examples/tlsproxy/README.md
new file mode 100644
index 0000000..3c7a17f
--- /dev/null
+++ b/doc/examples/tlsproxy/README.md
@@ -0,0 +1,53 @@
+tlsproxy
+========
+
+`tlsproxy` is a TLS proxy written with GnuTLS. It is mostly designed as an
+example of how to use asynchronous (non-blocking) I/O with GnuTLS. More
+accurately, it was designed so I could learn how to do it. I think I've
+got it right.
+
+To that end, it's been divided up as follows:
+
+* `crypto.c` does all the crypto, and `tlssession_mainloop()` does the hard work.
+* `buffer.c` provides ring buffer support.
+* `tlsproxy.c` deals with command line options and connecting sockets.
+
+It can be used in two modes:
+
+* Client mode (default). Listens on an unencrypted port, connects to
+  an encrypted port.
+* Server mode (run with `-s`). Listens on an encrypted port, connects to
+  an unencrypted port.
+
+Usage
+=====
+
+```
+tlsproxy
+
+Usage:
+     tlsproxy [OPTIONS]
+
+A TLS client or server proxy
+
+Options:
+     -c, --connect ADDRESS     Connect to ADDRESS
+     -l, --listen ADDRESS      Listen on ADDRESS
+     -K, --key FILE            Use FILE as private key
+     -C, --cert FILE           Use FILE as public key
+     -A, --cacert FILE         Use FILE as public CA cert file
+     -H, --hostname HOSTNAME   Use HOSTNAME to validate the CN of the peer
+                               rather than hostname extracted from -C option
+     -s, --server              Run the listen port encrypted rather than the
+                               connect port
+     -i, --insecure            Do not validate certificates
+     -n, --nofork              Do not fork off (aids debugging); specify twice
+                               to stop forking on accept as well
+     -d, --debug               Turn on debugging
+     -h, --help                Show this usage message
+```
+
+License
+=======
+
+MIT