1easy_tls - generic SSL/TLS proxy 2======== 3 4(... and example for non-blocking SSL/TLS I/O multiplexing.) 5 6 7 easy_tls.c, easy_tls.h: 8 9 Small generic SSL/TLS proxy library: With a few function calls, 10 an application socket will be replaced by a pipe handled by a 11 separate SSL/TLS proxy process. This allows easily adding 12 SSL/TLS support to many programs not originally designed for it. 13 14 [Actually easy_tls.c is not a proper library: Customization 15 requires defining preprocessor macros while compiling it. 16 This is quite confusing, so I'll probably change it.] 17 18 These files may be used under the OpenSSL license. 19 20 21 22 test.c, test.h, Makefile, cert.pem, cacerts.pem: 23 24 Rudimentary example program using the easy_tls library, and 25 example key and certificates for it. Usage examples: 26 27 $ ./test 8443 # create server listening at port 8443 28 $ ./test 127.0.0.1 8443 # create client, connect to port 8443 29 # at IP address 127.0.0.1 30 31 'test' will not automatically do SSL/TLS, or even read or write 32 data -- it must be told to do so on input lines starting 33 with a command letter. 'W' means write a line, 'R' means 34 read a line, 'C' means close the connection, 'T' means 35 start an SSL/TLS proxy. E.g. (user input tagged with '*'): 36 37 * R 38 <<< 220 mail.example.net 39 * WSTARTTLS 40 >>> STARTTLS 41 * R 42 <<< 220 Ready to start TLS 43 * T 44 test_process_init(fd = 3, client_p = 1, apparg = (nil)) 45 +++ `E:self signed certificate in certificate chain' 46 +++ `<... certificate info ...>' 47 * WHELO localhost 48 >>> HELO localhost 49 R 50 <<< 250 mail.example.net 51 52 You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using 53 'T' multiple times. I have no idea why you would want to though. 54 55 56This code is rather old. When I find time I will update anything that 57should be changed, and improve code comments. To compile the sample 58program 'test' on platforms other then Linux or Solaris, you will have 59to edit the Makefile. 60 61As noted above, easy_tls.c will be changed to become a library one 62day, which means that future revisions will not be fully compatible to 63the current version. 64 65Bodo M�ller <bodo@openssl.org> 66