Giter Club home page Giter Club logo

tlsproxy's Introduction

tlsproxy

tlsproxy is a TLS proxy written with GnuTLS. It is mostly designed as an example of how to use asynchronous (non-blocking) I/O with GnuTLS. More accurately, it was designed so I could learn how to do it. I think I've got it right.

To that end, it's been divided up as follows:

  • crypto.c does all the crypto, and tlssession_mainloop() does the hard work.
  • buffer.c provides ring buffer support.
  • tlsproxy.c deals with command line options and connecting sockets.

It can be used in two modes:

  • Client mode (default). Listens on an unencrypted port, connects to an encrypted port.
  • Server mode (run with -s). Listens on an encrypted port, connects to an unencrypted port.

Usage

tlsproxy

Usage:
     tlsproxy [OPTIONS]

A TLS client or server proxy

Options:
     -c, --connect ADDRRESS    Connect to ADDRESS
     -l, --listen ADDRESS      Listen on ADDRESS
     -K, --key FILE            Use FILE as private key
     -C, --cert FILE           Use FILE as public key
     -A, --cacert FILE         Use FILE as public CA cert file
     -H, --hostname HOSTNAME   Use HOSTNAME to validate the CN of the peer
                               rather than hostname extracted from -C option
     -s, --server              Run the listen port encrypted rather than the
                               connect port
     -i, --insecure            Do not validate certificates
     -n, --nofork              Do not fork off (aids debugging); specify twice
                               to stop forking on accept as well
     -d, --debug               Turn on debugging
     -h, --help                Show this usage message

License

MIT

tlsproxy's People

Contributors

abligh avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

nmav

tlsproxy's Issues

Error with gnutls_record_send() and GNUTLS_E_AGAIN

Instead of using len to mark part of the buffer as "sent" you are using negative value of ret at https://github.com/abligh/tlsproxy/blob/master/crypto-gnutls.c#L607.
Code can be simplified:

          do
            {
              ret = gnutls_record_send (s->session, addr, len);
            }
          while (ret == GNUTLS_E_INTERRUPTED && !quit (s));
          if (quit (s))
            break;
          if (ret < 0)
            {
              if (ret != GNUTLS_E_AGAIN)
                {
                  errout (s, "Error on write to crypto socket: %s\n",
                      gnutls_strerror (ret));
                  goto error;
                }
            }
          else
            bufDoneRead (plainToCrypt, ret);  /* mark ret bytes as read from the buffer */

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.