README.md
1tlsproxy
2========
3
4`tlsproxy` is a TLS proxy written with GnuTLS. It is mostly designed as an
5example of how to use asynchronous (non-blocking) I/O with GnuTLS. More
6accurately, it was designed so I could learn how to do it. I think I've
7got it right.
8
9To that end, it's been divided up as follows:
10
11* `crypto.c` does all the crypto, and `tlssession_mainloop()` does the hard work.
12* `buffer.c` provides ring buffer support.
13* `tlsproxy.c` deals with command line options and connecting sockets.
14
15It can be used in two modes:
16
17* Client mode (default). Listens on an unencrypted port, connects to
18 an encrypted port.
19* Server mode (run with `-s`). Listens on an encrypted port, connects to
20 an unencrypted port.
21
22Usage
23=====
24
25```
26tlsproxy
27
28Usage:
29 tlsproxy [OPTIONS]
30
31A TLS client or server proxy
32
33Options:
34 -c, --connect ADDRESS Connect to ADDRESS
35 -l, --listen ADDRESS Listen on ADDRESS
36 -K, --key FILE Use FILE as private key
37 -C, --cert FILE Use FILE as public key
38 -A, --cacert FILE Use FILE as public CA cert file
39 -H, --hostname HOSTNAME Use HOSTNAME to validate the CN of the peer
40 rather than hostname extracted from -C option
41 -s, --server Run the listen port encrypted rather than the
42 connect port
43 -i, --insecure Do not validate certificates
44 -n, --nofork Do not fork off (aids debugging); specify twice
45 to stop forking on accept as well
46 -d, --debug Turn on debugging
47 -h, --help Show this usage message
48```
49
50License
51=======
52
53MIT
54