1109998Smarkmeasy_tls - generic SSL/TLS proxy
2109998Smarkm========
3109998Smarkm
4109998Smarkm(... and example for non-blocking SSL/TLS I/O multiplexing.)
5109998Smarkm
6109998Smarkm
7109998Smarkm  easy_tls.c, easy_tls.h:
8109998Smarkm
9109998Smarkm     Small generic SSL/TLS proxy library: With a few function calls,
10109998Smarkm     an application socket will be replaced by a pipe handled by a
11109998Smarkm     separate SSL/TLS proxy process.  This allows easily adding
12109998Smarkm     SSL/TLS support to many programs not originally designed for it.
13109998Smarkm
14109998Smarkm     [Actually easy_tls.c is not a proper library: Customization
15109998Smarkm     requires defining preprocessor macros while compiling it.
16109998Smarkm     This is quite confusing, so I'll probably change it.]
17109998Smarkm
18109998Smarkm     These files may be used under the OpenSSL license.
19109998Smarkm
20109998Smarkm
21109998Smarkm
22109998Smarkm  test.c, test.h, Makefile, cert.pem, cacerts.pem:
23109998Smarkm
24109998Smarkm     Rudimentary example program using the easy_tls library, and
25109998Smarkm     example key and certificates for it.  Usage examples:
26109998Smarkm
27109998Smarkm       $ ./test 8443     # create server listening at port 8443
28109998Smarkm       $ ./test 127.0.0.1 8443  # create client, connect to port 8443
29109998Smarkm                                # at IP address 127.0.0.1
30109998Smarkm
31109998Smarkm     'test' will not automatically do SSL/TLS, or even read or write
32109998Smarkm     data -- it must be told to do so on input lines starting
33109998Smarkm     with a command letter.  'W' means write a line, 'R' means
34109998Smarkm     read a line, 'C' means close the connection, 'T' means
35109998Smarkm     start an SSL/TLS proxy.  E.g. (user input tagged with '*'):
36109998Smarkm
37109998Smarkm     * R
38109998Smarkm       <<< 220 mail.example.net
39109998Smarkm     * WSTARTTLS
40109998Smarkm       >>> STARTTLS
41109998Smarkm     * R
42109998Smarkm       <<< 220 Ready to start TLS
43109998Smarkm     * T
44109998Smarkm       test_process_init(fd = 3, client_p = 1, apparg = (nil))
45109998Smarkm       +++ `E:self signed certificate in certificate chain'
46109998Smarkm       +++ `<... certificate info ...>'
47109998Smarkm     * WHELO localhost
48109998Smarkm       >>> HELO localhost
49109998Smarkm       R
50109998Smarkm       <<< 250 mail.example.net
51109998Smarkm
52109998Smarkm     You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using
53109998Smarkm     'T' multiple times.  I have no idea why you would want to though.
54109998Smarkm
55109998Smarkm
56109998SmarkmThis code is rather old.  When I find time I will update anything that
57109998Smarkmshould be changed, and improve code comments.  To compile the sample
58109998Smarkmprogram 'test' on platforms other then Linux or Solaris, you will have
59109998Smarkmto edit the Makefile.
60109998Smarkm
61109998SmarkmAs noted above, easy_tls.c will be changed to become a library one
62109998Smarkmday, which means that future revisions will not be fully compatible to
63109998Smarkmthe current version.
64109998Smarkm
65109998SmarkmBodo M�ller <bodo@openssl.org>
66