tlsproxy is a TLS proxy written with GnuTLS. It is mostly designed as an
example of how to use asynchronous (non-blocking) I/O with GnuTLS. More
accurately, it was designed so I could learn how to do it. I think I've
got it right.
To that end, it's been divided up as follows:
crypto.cdoes all the crypto, andtlssession_mainloop()does the hard work.buffer.cprovides ring buffer support.tlsproxy.cdeals with command line options and connecting sockets.
It can be used in two modes:
- Client mode (default). Listens on an unencrypted port, connects to an encrypted port.
- Server mode (run with
-s). Listens on an encrypted port, connects to an unencrypted port.
tlsproxy
Usage:
tlsproxy [OPTIONS]
A TLS client or server proxy
Options:
-c, --connect ADDRRESS Connect to ADDRESS
-l, --listen ADDRESS Listen on ADDRESS
-K, --key FILE Use FILE as private key
-C, --cert FILE Use FILE as public key
-A, --cacert FILE Use FILE as public CA cert file
-H, --hostname HOSTNAME Use HOSTNAME to validate the CN of the peer
rather than hostname extracted from -C option
-s, --server Run the listen port encrypted rather than the
connect port
-i, --insecure Do not validate certificates
-n, --nofork Do not fork off (aids debugging); specify twice
to stop forking on accept as well
-d, --debug Turn on debugging
-h, --help Show this usage message
MIT