xref: /minix3/crypto/external/bsd/openssl/dist/demos/easy_tls/README (revision ebfedea0ce5bbe81e252ddf32d732e40fb633fae)
1*ebfedea0SLionel Sambuceasy_tls - generic SSL/TLS proxy
2*ebfedea0SLionel Sambuc========
3*ebfedea0SLionel Sambuc
4*ebfedea0SLionel Sambuc(... and example for non-blocking SSL/TLS I/O multiplexing.)
5*ebfedea0SLionel Sambuc
6*ebfedea0SLionel Sambuc
7*ebfedea0SLionel Sambuc  easy_tls.c, easy_tls.h:
8*ebfedea0SLionel Sambuc
9*ebfedea0SLionel Sambuc     Small generic SSL/TLS proxy library: With a few function calls,
10*ebfedea0SLionel Sambuc     an application socket will be replaced by a pipe handled by a
11*ebfedea0SLionel Sambuc     separate SSL/TLS proxy process.  This allows easily adding
12*ebfedea0SLionel Sambuc     SSL/TLS support to many programs not originally designed for it.
13*ebfedea0SLionel Sambuc
14*ebfedea0SLionel Sambuc     [Actually easy_tls.c is not a proper library: Customization
15*ebfedea0SLionel Sambuc     requires defining preprocessor macros while compiling it.
16*ebfedea0SLionel Sambuc     This is quite confusing, so I'll probably change it.]
17*ebfedea0SLionel Sambuc
18*ebfedea0SLionel Sambuc     These files may be used under the OpenSSL license.
19*ebfedea0SLionel Sambuc
20*ebfedea0SLionel Sambuc
21*ebfedea0SLionel Sambuc
22*ebfedea0SLionel Sambuc  test.c, test.h, Makefile, cert.pem, cacerts.pem:
23*ebfedea0SLionel Sambuc
24*ebfedea0SLionel Sambuc     Rudimentary example program using the easy_tls library, and
25*ebfedea0SLionel Sambuc     example key and certificates for it.  Usage examples:
26*ebfedea0SLionel Sambuc
27*ebfedea0SLionel Sambuc       $ ./test 8443     # create server listening at port 8443
28*ebfedea0SLionel Sambuc       $ ./test 127.0.0.1 8443  # create client, connect to port 8443
29*ebfedea0SLionel Sambuc                                # at IP address 127.0.0.1
30*ebfedea0SLionel Sambuc
31*ebfedea0SLionel Sambuc     'test' will not automatically do SSL/TLS, or even read or write
32*ebfedea0SLionel Sambuc     data -- it must be told to do so on input lines starting
33*ebfedea0SLionel Sambuc     with a command letter.  'W' means write a line, 'R' means
34*ebfedea0SLionel Sambuc     read a line, 'C' means close the connection, 'T' means
35*ebfedea0SLionel Sambuc     start an SSL/TLS proxy.  E.g. (user input tagged with '*'):
36*ebfedea0SLionel Sambuc
37*ebfedea0SLionel Sambuc     * R
38*ebfedea0SLionel Sambuc       <<< 220 mail.example.net
39*ebfedea0SLionel Sambuc     * WSTARTTLS
40*ebfedea0SLionel Sambuc       >>> STARTTLS
41*ebfedea0SLionel Sambuc     * R
42*ebfedea0SLionel Sambuc       <<< 220 Ready to start TLS
43*ebfedea0SLionel Sambuc     * T
44*ebfedea0SLionel Sambuc       test_process_init(fd = 3, client_p = 1, apparg = (nil))
45*ebfedea0SLionel Sambuc       +++ `E:self signed certificate in certificate chain'
46*ebfedea0SLionel Sambuc       +++ `<... certificate info ...>'
47*ebfedea0SLionel Sambuc     * WHELO localhost
48*ebfedea0SLionel Sambuc       >>> HELO localhost
49*ebfedea0SLionel Sambuc       R
50*ebfedea0SLionel Sambuc       <<< 250 mail.example.net
51*ebfedea0SLionel Sambuc
52*ebfedea0SLionel Sambuc     You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using
53*ebfedea0SLionel Sambuc     'T' multiple times.  I have no idea why you would want to though.
54*ebfedea0SLionel Sambuc
55*ebfedea0SLionel Sambuc
56*ebfedea0SLionel SambucThis code is rather old.  When I find time I will update anything that
57*ebfedea0SLionel Sambucshould be changed, and improve code comments.  To compile the sample
58*ebfedea0SLionel Sambucprogram 'test' on platforms other then Linux or Solaris, you will have
59*ebfedea0SLionel Sambucto edit the Makefile.
60*ebfedea0SLionel Sambuc
61*ebfedea0SLionel SambucAs noted above, easy_tls.c will be changed to become a library one
62*ebfedea0SLionel Sambucday, which means that future revisions will not be fully compatible to
63*ebfedea0SLionel Sambucthe current version.
64*ebfedea0SLionel Sambuc
65*ebfedea0SLionel SambucBodo M�ller <bodo@openssl.org>
66