/*
- * tlsproxy is a transparent TLS proxy for HTTPS connections.
+ * tlsproxy is a TLS proxy for HTTPS which intercepts the connections and
+ * ensures the server certificate doesn't change. Normally this isn't detected
+ * if a trusted CA for the new server certificate is installed.
*
* Copyright (C) 2011 Simon Ruderich
*
static SEM *ringbuffer_lock; /* Read lock. */
+#ifdef DEBUG
static void sigint_handler(int signal);
+#endif
static void parse_arguments(int argc, char **argv);
static void print_usage(const char *argv);
int main(int argc, char **argv) {
int port;
int client_socket, server_socket;
+#ifdef USE_IPV4_ONLY
+ struct sockaddr_in server_in;
+#else
struct sockaddr_in6 server_in;
+#endif
size_t i;
pthread_t *threads;
}
/* Setup our SIGINT signal handler which allows a "normal" termination of
- * the server. */
+ * the server in DEBUG mode. */
sigemptyset(&action.sa_mask);
- action.sa_handler = sigint_handler;
action.sa_flags = 0;
+#ifdef DEBUG
+ action.sa_handler = sigint_handler;
sigaction(SIGINT, &action, NULL);
+#endif
/* Ignore SIGPIPEs. */
action.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &action, NULL);
(void * (*)(void *))&worker_thread,
NULL);
if (0 != result) {
- printf("failed to create worker thread: %s\n", strerror(result));
+ fprintf(stderr, "failed to create worker thread: %s\n",
+ strerror(result));
return EXIT_FAILURE;
}
threads[i] = thread;
}
+#ifdef USE_IPV4_ONLY
+ server_socket = socket(PF_INET, SOCK_STREAM, 0);
+#else
server_socket = socket(PF_INET6, SOCK_STREAM, 0);
+#endif
if (-1 == server_socket) {
perror("socket()");
return EXIT_FAILURE;
/* Bind to the listen socket. */
memset(&server_in, 0, sizeof(server_in));
+#ifdef USE_IPV4_ONLY
+ server_in.sin_family = AF_INET; /* IPv4 only */
+ server_in.sin_addr.s_addr = htonl(INADDR_ANY); /* bind to any address */
+ server_in.sin_port = htons((uint16_t)port); /* port to bind to */
+#else
server_in.sin6_family = AF_INET6; /* IPv6 (and IPv4) */
server_in.sin6_addr = in6addr_any; /* bind to any address */
server_in.sin6_port = htons((uint16_t)port); /* port to bind to */
+#endif
if (-1 == bind(server_socket, (struct sockaddr *)&server_in,
sizeof(server_in))) {
perror("bind()");
return EXIT_FAILURE;
}
+#ifdef DEBUG
static void sigint_handler(int signal_number) {
(void)signal_number;
done = 1;
}
+#endif
static void parse_arguments(int argc, char **argv) {
int option;