tlsgate

TLS reverse proxy
git clone git://git.akobets.xyz/tlsgate
Log | Files | Refs | README | LICENSE

commit 26bd31b411894bab95ce7d07a4b397518a7bf86c
parent 2ebd1d92747016fb39e90a0c357127166a91654a
Author: Artem Kobets <artem@akobets.xyz>
Date:   Thu, 24 Sep 2020 10:39:02 +0300

optional cert and key files for server TLS

Diffstat:
MTODO | 6++----
Mmain.c | 20+++++++++++++-------
Mtlsgate.1 | 6++++--
3 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/TODO b/TODO @@ -1,4 +1,2 @@ -two modes, -s and -S - -s: client is tls, -S: server is tls - serve poll() loop rewritten to handle both regular and tls connections on server and client - tls options (cert_file, key_file) are only required when they have to be (for -s) +unix domain socket not allowed if connection is tls +make host required, not optional if port exists diff --git a/main.c b/main.c @@ -357,9 +357,11 @@ main(int argc, char **argv) if (s.mode == MODE_NONE) usage(); - // cert and private key files are required - if (tls_cert_file == NULL || tls_key_file == NULL) - usage(); + // If accepting TLS connections, cert and private key files are required + if (s.mode == MODE_TLS_CLIENT) { + if (tls_cert_file == NULL || tls_key_file == NULL) + usage(); + } // allow IPS or UDS proxy if ( (proxy_host != NULL && proxy_udsfile != NULL) || @@ -383,10 +385,14 @@ main(int argc, char **argv) } if ((config = tls_config_new()) == NULL) err("tls_config_new"); - if (tls_config_set_cert_file(config, tls_cert_file) == -1) - err("tls_config_set_cert_file"); - if (tls_config_set_key_file(config, tls_key_file) == -1) - err("tls_config_set_key_file"); + if (tls_cert_file != NULL) { + if (tls_config_set_cert_file(config, tls_cert_file) == -1) + err("tls_config_set_cert_file"); + } + if (tls_key_file != NULL) { + if (tls_config_set_key_file(config, tls_key_file) == -1) + err("tls_config_set_key_file"); + } if (tls_ca_file != NULL) { if (tls_config_set_ca_file(config, tls_ca_file) == -1) err("tls_config_set_ca_file"); diff --git a/tlsgate.1 b/tlsgate.1 @@ -1,4 +1,4 @@ -.TH TLSGATE 1 2020-09-23 +.TH TLSGATE 1 .SH NAME tlsgate - TLS reverse proxy .SH SYNOPSIS @@ -65,11 +65,13 @@ Accept connections on port 443 and pass them to a local http server on port 80. -P 80 .PP Use TLS with an IRC client that does not support it (client is connecting to /tmp/irc.sock). +Timeout is set to 0 so proxy does not timeout. .PP tlsgate \\ -S \\ -u /tmp/irc.sock \\ -H irc.server.com \\ - -P 6697 + -P 6697 \\ + -t 0 .SH AUTHOR Artem Kobets <artem@akobets.xyz>