1109998Smarkmeasy_tls - generic SSL/TLS proxy 2109998Smarkm======== 3109998Smarkm 4109998Smarkm(... and example for non-blocking SSL/TLS I/O multiplexing.) 5109998Smarkm 6109998Smarkm 7109998Smarkm easy_tls.c, easy_tls.h: 8109998Smarkm 9109998Smarkm Small generic SSL/TLS proxy library: With a few function calls, 10109998Smarkm an application socket will be replaced by a pipe handled by a 11109998Smarkm separate SSL/TLS proxy process. This allows easily adding 12109998Smarkm SSL/TLS support to many programs not originally designed for it. 13109998Smarkm 14109998Smarkm [Actually easy_tls.c is not a proper library: Customization 15109998Smarkm requires defining preprocessor macros while compiling it. 16109998Smarkm This is quite confusing, so I'll probably change it.] 17109998Smarkm 18109998Smarkm These files may be used under the OpenSSL license. 19109998Smarkm 20109998Smarkm 21109998Smarkm 22109998Smarkm test.c, test.h, Makefile, cert.pem, cacerts.pem: 23109998Smarkm 24109998Smarkm Rudimentary example program using the easy_tls library, and 25109998Smarkm example key and certificates for it. Usage examples: 26109998Smarkm 27109998Smarkm $ ./test 8443 # create server listening at port 8443 28109998Smarkm $ ./test 127.0.0.1 8443 # create client, connect to port 8443 29109998Smarkm # at IP address 127.0.0.1 30109998Smarkm 31109998Smarkm 'test' will not automatically do SSL/TLS, or even read or write 32109998Smarkm data -- it must be told to do so on input lines starting 33109998Smarkm with a command letter. 'W' means write a line, 'R' means 34109998Smarkm read a line, 'C' means close the connection, 'T' means 35109998Smarkm start an SSL/TLS proxy. E.g. (user input tagged with '*'): 36109998Smarkm 37109998Smarkm * R 38109998Smarkm <<< 220 mail.example.net 39109998Smarkm * WSTARTTLS 40109998Smarkm >>> STARTTLS 41109998Smarkm * R 42109998Smarkm <<< 220 Ready to start TLS 43109998Smarkm * T 44109998Smarkm test_process_init(fd = 3, client_p = 1, apparg = (nil)) 45109998Smarkm +++ `E:self signed certificate in certificate chain' 46109998Smarkm +++ `<... certificate info ...>' 47109998Smarkm * WHELO localhost 48109998Smarkm >>> HELO localhost 49109998Smarkm R 50109998Smarkm <<< 250 mail.example.net 51109998Smarkm 52109998Smarkm You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using 53109998Smarkm 'T' multiple times. I have no idea why you would want to though. 54109998Smarkm 55109998Smarkm 56109998SmarkmThis code is rather old. When I find time I will update anything that 57109998Smarkmshould be changed, and improve code comments. To compile the sample 58109998Smarkmprogram 'test' on platforms other then Linux or Solaris, you will have 59109998Smarkmto edit the Makefile. 60109998Smarkm 61109998SmarkmAs noted above, easy_tls.c will be changed to become a library one 62109998Smarkmday, which means that future revisions will not be fully compatible to 63109998Smarkmthe current version. 64109998Smarkm 65109998SmarkmBodo M�ller <bodo@openssl.org> 66