1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
tlsproxy
========
`tlsproxy` is a TLS proxy written with GnuTLS. It is mostly designed as an
example of how to use asynchronous (non-blocking) I/O with GnuTLS. More
accurately, it was designed so I could learn how to do it. I think I've
got it right.
To that end, it's been divided up as follows:
* `crypto.c` does all the crypto, and `tlssession_mainloop()` does the hard work.
* `buffer.c` provides ring buffer support.
* `tlsproxy.c` deals with command line options and connecting sockets.
It can be used in two modes:
* Client mode (default). Listens on an unencrypted port, connects to
an encrypted port.
* Server mode (run with `-s`). Listens on an encrypted port, connects to
an unencrypted port.
Usage
=====
```
tlsproxy
Usage:
tlsproxy [OPTIONS]
A TLS client or server proxy
Options:
-c, --connect ADDRESS Connect to ADDRESS
-l, --listen ADDRESS Listen on ADDRESS
-K, --key FILE Use FILE as private key
-C, --cert FILE Use FILE as public key
-A, --cacert FILE Use FILE as public CA cert file
-H, --hostname HOSTNAME Use HOSTNAME to validate the CN of the peer
rather than hostname extracted from -C option
-s, --server Run the listen port encrypted rather than the
connect port
-i, --insecure Do not validate certificates
-n, --nofork Do not fork off (aids debugging); specify twice
to stop forking on accept as well
-d, --debug Turn on debugging
-h, --help Show this usage message
```
License
=======
MIT
|
