tlsgate

TLS reverse proxy
git clone git://git.akobets.xyz/tlsgate
Log | Files | Refs | README | LICENSE

commit 2ebd1d92747016fb39e90a0c357127166a91654a
parent b34680058ab5005839eec4d2e79abb14cc34036f
Author: Artem Kobets <artem@akobets.xyz>
Date:   Wed, 23 Sep 2020 22:15:34 +0300

style

Diffstat:
Mmain.c | 71++++++++++++++++++++++++++++++++---------------------------------------
1 file changed, 32 insertions(+), 39 deletions(-)

diff --git a/main.c b/main.c @@ -22,20 +22,14 @@ enum { struct settings { int mode; - struct tls *tls_ctx; int timeout; - char *tls_cert_file; - char *tls_key_file; - char *tls_ca_file; - char *proxy_host; - char *proxy_port; - char *proxy_udsfile; + struct tls *tls_ctx; char *server_host; char *server_port; char *server_udsfile; }; -static void serve(struct settings *s, int cfd, struct sockaddr_storage *addr); +static void serve(const struct settings *s, int cfd, const struct sockaddr_storage *addr); static void cleanup(void); static void sigchld(int unused); static void sigcleanup(int sig); @@ -46,7 +40,7 @@ char *argv0; static char *proxy_udsfile; void -serve(struct settings *s, int cfd, struct sockaddr_storage *addr) +serve(const struct settings *s, int cfd, const struct sockaddr_storage *addr) { time_t t; char addr_str[INET6_ADDRSTRLEN]; // > INET_ADDRSTRLEN @@ -291,7 +285,19 @@ usage(void) int main(int argc, char **argv) { - struct settings s; + struct settings s = { + .mode = MODE_NONE, + .tls_ctx = NULL, + .timeout = 30, + .server_host = NULL, + .server_port = NULL, + .server_udsfile = NULL + }; + char *tls_cert_file = NULL; + char *tls_key_file = NULL; + char *tls_ca_file = NULL; + char *proxy_host = NULL; + char *proxy_port = NULL; int opt; struct tls_config *config; int fd, cfd; @@ -301,19 +307,6 @@ main(int argc, char **argv) argv0 = argv[0]; - s.mode = MODE_NONE; - s.tls_ctx = NULL; - s.timeout = 30; - s.tls_cert_file = NULL; - s.tls_key_file = NULL; - s.tls_ca_file = NULL; - s.proxy_host = NULL; - s.proxy_port = NULL; - s.proxy_udsfile = NULL; - s.server_host = NULL; - s.server_port = NULL; - s.server_udsfile = NULL; - while ((opt = getopt(argc, argv, "sSh:p:u:H:P:U:c:k:C:t:v")) != -1) { switch (opt) { case 's': @@ -323,22 +316,22 @@ main(int argc, char **argv) s.mode = MODE_TLS_SERVER; break; case 'c': - s.tls_cert_file = optarg; + tls_cert_file = optarg; break; case 'k': - s.tls_key_file = optarg; + tls_key_file = optarg; break; case 'C': - s.tls_ca_file = optarg; + tls_ca_file = optarg; break; case 'h': - s.proxy_host = optarg; + proxy_host = optarg; break; case 'p': - s.proxy_port = optarg; + proxy_port = optarg; break; case 'u': - s.proxy_udsfile = proxy_udsfile = optarg; + proxy_udsfile = optarg; break; case 'H': s.server_host = optarg; @@ -365,12 +358,12 @@ main(int argc, char **argv) if (s.mode == MODE_NONE) usage(); // cert and private key files are required - if (s.tls_cert_file == NULL || s.tls_key_file == NULL) + if (tls_cert_file == NULL || tls_key_file == NULL) usage(); // allow IPS or UDS proxy if ( - (s.proxy_host != NULL && s.proxy_udsfile != NULL) || - !(s.proxy_port != NULL || s.proxy_udsfile != NULL) + (proxy_host != NULL && proxy_udsfile != NULL) || + !(proxy_port != NULL || proxy_udsfile != NULL) ) usage(); // allow IPS or UDS server @@ -390,12 +383,12 @@ main(int argc, char **argv) } if ((config = tls_config_new()) == NULL) err("tls_config_new"); - if (tls_config_set_cert_file(config, s.tls_cert_file) == -1) + if (tls_config_set_cert_file(config, tls_cert_file) == -1) err("tls_config_set_cert_file"); - if (tls_config_set_key_file(config, s.tls_key_file) == -1) + if (tls_config_set_key_file(config, tls_key_file) == -1) err("tls_config_set_key_file"); - if (s.tls_ca_file != NULL) { - if (tls_config_set_ca_file(config, s.tls_ca_file) == -1) + if (tls_ca_file != NULL) { + if (tls_config_set_ca_file(config, tls_ca_file) == -1) err("tls_config_set_ca_file"); } if (tls_configure(s.tls_ctx, config) == -1) @@ -408,9 +401,9 @@ main(int argc, char **argv) handle_termsignals(sigcleanup); // setup proxy socket - fd = s.proxy_udsfile - ? sock_proxy_uds(s.proxy_udsfile) - : sock_proxy_ips(s.proxy_host, s.proxy_port); + fd = proxy_udsfile + ? sock_proxy_uds(proxy_udsfile) + : sock_proxy_ips(proxy_host, proxy_port); switch (fork()) { case 0: