tlsgate

TLS reverse proxy
git clone git://git.akobets.xyz/tlsgate
Log | Files | Refs | README | LICENSE

commit 57c77b1eb423b0b09282f9eea09384593437bf2c
parent 26bd31b411894bab95ce7d07a4b397518a7bf86c
Author: Artem Kobets <artem@akobets.xyz>
Date:   Thu, 24 Sep 2020 13:52:09 +0300

make host required with IPS connections; make UDS illegal with TLS connections

Diffstat:
MTODO | 2--
Mmain.c | 12++++++++----
Msock.c | 4++--
Mtlsgate.1 | 4++--
4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/TODO b/TODO @@ -1,2 +0,0 @@ -unix domain socket not allowed if connection is tls -make host required, not optional if port exists diff --git a/main.c b/main.c @@ -363,15 +363,19 @@ main(int argc, char **argv) usage(); } // allow IPS or UDS proxy + // UDS not allowed with TLS if ( - (proxy_host != NULL && proxy_udsfile != NULL) || - !(proxy_port != NULL || proxy_udsfile != NULL) + !((proxy_host != NULL && proxy_port != NULL && proxy_udsfile == NULL) || + (proxy_host == NULL && proxy_port == NULL && proxy_udsfile != NULL)) || + (s.mode == MODE_TLS_CLIENT && proxy_udsfile != NULL) ) usage(); // allow IPS or UDS server + // UDS not allowed with TLS if ( - (s.server_host != NULL && s.server_udsfile != NULL) || - !(s.server_port != NULL || s.server_udsfile != NULL) + !((s.server_host != NULL && s.server_port != NULL && s.server_udsfile == NULL) || + (s.server_host == NULL && s.server_port == NULL && s.server_udsfile != NULL)) || + (s.mode == MODE_TLS_SERVER && s.server_udsfile != NULL) ) usage(); diff --git a/sock.c b/sock.c @@ -45,7 +45,7 @@ sock_proxy_ips(const char *host, const char *port) if (p == NULL) errx( "bind: Can not bind to address: %s:%s", - host == NULL ? "(null)" : host, + host, port ); @@ -128,7 +128,7 @@ sock_server_ips(const char *host, const char *port) if (p == NULL) { warnx( "connect: Can not connect to address: %s:%s", - host == NULL ? "(null)" : host, + host, port ); return -1; diff --git a/tlsgate.1 b/tlsgate.1 @@ -24,7 +24,7 @@ TLS proxy hostname. TLS proxy port number. .TP .B -u file -TLS UNIX domain socket path. +TLS UNIX domain socket path. Can not be used with -s. .TP .B -H host Server hostname. @@ -33,7 +33,7 @@ Server hostname. Server port number. .TP .B -U file -Server UNIX domain socket path. +Server UNIX domain socket path. Can not be used with -S. .TP .B -c cert Path to public certificate. Required with -s.