1easy_tls - generic SSL/TLS proxy
2========
3
4(... and example for non-blocking SSL/TLS I/O multiplexing.)
5
6
7  easy_tls.c, easy_tls.h:
8
9     Small generic SSL/TLS proxy library: With a few function calls,
10     an application socket will be replaced by a pipe handled by a
11     separate SSL/TLS proxy process.  This allows easily adding
12     SSL/TLS support to many programs not originally designed for it.
13
14     [Actually easy_tls.c is not a proper library: Customization
15     requires defining preprocessor macros while compiling it.
16     This is quite confusing, so I'll probably change it.]
17
18     These files may be used under the OpenSSL license.
19
20
21
22  test.c, test.h, Makefile, cert.pem, cacerts.pem:
23
24     Rudimentary example program using the easy_tls library, and
25     example key and certificates for it.  Usage examples:
26
27       $ ./test 8443     # create server listening at port 8443
28       $ ./test 127.0.0.1 8443  # create client, connect to port 8443
29                                # at IP address 127.0.0.1
30
31     'test' will not automatically do SSL/TLS, or even read or write
32     data -- it must be told to do so on input lines starting
33     with a command letter.  'W' means write a line, 'R' means
34     read a line, 'C' means close the connection, 'T' means
35     start an SSL/TLS proxy.  E.g. (user input tagged with '*'):
36
37     * R
38       <<< 220 mail.example.net
39     * WSTARTTLS
40       >>> STARTTLS
41     * R
42       <<< 220 Ready to start TLS
43     * T
44       test_process_init(fd = 3, client_p = 1, apparg = (nil))
45       +++ `E:self signed certificate in certificate chain'
46       +++ `<... certificate info ...>'
47     * WHELO localhost
48       >>> HELO localhost
49       R
50       <<< 250 mail.example.net
51
52     You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using
53     'T' multiple times.  I have no idea why you would want to though.
54
55
56This code is rather old.  When I find time I will update anything that
57should be changed, and improve code comments.  To compile the sample
58program 'test' on platforms other then Linux or Solaris, you will have
59to edit the Makefile.
60
61As noted above, easy_tls.c will be changed to become a library one
62day, which means that future revisions will not be fully compatible to
63the current version.
64
65Bodo M�ller <bodo@openssl.org>
66