1*ebfedea0SLionel Sambuceasy_tls - generic SSL/TLS proxy 2*ebfedea0SLionel Sambuc======== 3*ebfedea0SLionel Sambuc 4*ebfedea0SLionel Sambuc(... and example for non-blocking SSL/TLS I/O multiplexing.) 5*ebfedea0SLionel Sambuc 6*ebfedea0SLionel Sambuc 7*ebfedea0SLionel Sambuc easy_tls.c, easy_tls.h: 8*ebfedea0SLionel Sambuc 9*ebfedea0SLionel Sambuc Small generic SSL/TLS proxy library: With a few function calls, 10*ebfedea0SLionel Sambuc an application socket will be replaced by a pipe handled by a 11*ebfedea0SLionel Sambuc separate SSL/TLS proxy process. This allows easily adding 12*ebfedea0SLionel Sambuc SSL/TLS support to many programs not originally designed for it. 13*ebfedea0SLionel Sambuc 14*ebfedea0SLionel Sambuc [Actually easy_tls.c is not a proper library: Customization 15*ebfedea0SLionel Sambuc requires defining preprocessor macros while compiling it. 16*ebfedea0SLionel Sambuc This is quite confusing, so I'll probably change it.] 17*ebfedea0SLionel Sambuc 18*ebfedea0SLionel Sambuc These files may be used under the OpenSSL license. 19*ebfedea0SLionel Sambuc 20*ebfedea0SLionel Sambuc 21*ebfedea0SLionel Sambuc 22*ebfedea0SLionel Sambuc test.c, test.h, Makefile, cert.pem, cacerts.pem: 23*ebfedea0SLionel Sambuc 24*ebfedea0SLionel Sambuc Rudimentary example program using the easy_tls library, and 25*ebfedea0SLionel Sambuc example key and certificates for it. Usage examples: 26*ebfedea0SLionel Sambuc 27*ebfedea0SLionel Sambuc $ ./test 8443 # create server listening at port 8443 28*ebfedea0SLionel Sambuc $ ./test 127.0.0.1 8443 # create client, connect to port 8443 29*ebfedea0SLionel Sambuc # at IP address 127.0.0.1 30*ebfedea0SLionel Sambuc 31*ebfedea0SLionel Sambuc 'test' will not automatically do SSL/TLS, or even read or write 32*ebfedea0SLionel Sambuc data -- it must be told to do so on input lines starting 33*ebfedea0SLionel Sambuc with a command letter. 'W' means write a line, 'R' means 34*ebfedea0SLionel Sambuc read a line, 'C' means close the connection, 'T' means 35*ebfedea0SLionel Sambuc start an SSL/TLS proxy. E.g. (user input tagged with '*'): 36*ebfedea0SLionel Sambuc 37*ebfedea0SLionel Sambuc * R 38*ebfedea0SLionel Sambuc <<< 220 mail.example.net 39*ebfedea0SLionel Sambuc * WSTARTTLS 40*ebfedea0SLionel Sambuc >>> STARTTLS 41*ebfedea0SLionel Sambuc * R 42*ebfedea0SLionel Sambuc <<< 220 Ready to start TLS 43*ebfedea0SLionel Sambuc * T 44*ebfedea0SLionel Sambuc test_process_init(fd = 3, client_p = 1, apparg = (nil)) 45*ebfedea0SLionel Sambuc +++ `E:self signed certificate in certificate chain' 46*ebfedea0SLionel Sambuc +++ `<... certificate info ...>' 47*ebfedea0SLionel Sambuc * WHELO localhost 48*ebfedea0SLionel Sambuc >>> HELO localhost 49*ebfedea0SLionel Sambuc R 50*ebfedea0SLionel Sambuc <<< 250 mail.example.net 51*ebfedea0SLionel Sambuc 52*ebfedea0SLionel Sambuc You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using 53*ebfedea0SLionel Sambuc 'T' multiple times. I have no idea why you would want to though. 54*ebfedea0SLionel Sambuc 55*ebfedea0SLionel Sambuc 56*ebfedea0SLionel SambucThis code is rather old. When I find time I will update anything that 57*ebfedea0SLionel Sambucshould be changed, and improve code comments. To compile the sample 58*ebfedea0SLionel Sambucprogram 'test' on platforms other then Linux or Solaris, you will have 59*ebfedea0SLionel Sambucto edit the Makefile. 60*ebfedea0SLionel Sambuc 61*ebfedea0SLionel SambucAs noted above, easy_tls.c will be changed to become a library one 62*ebfedea0SLionel Sambucday, which means that future revisions will not be fully compatible to 63*ebfedea0SLionel Sambucthe current version. 64*ebfedea0SLionel Sambuc 65*ebfedea0SLionel SambucBodo M�ller <bodo@openssl.org> 66