Add ./configure --disable-ipv6 to use IPv4 only.

[tlsproxy/tlsproxy.git] / src / tlsproxy.c

diff --git a/src/tlsproxy.c b/src/tlsproxy.c
index 85ca776af98516a91f3d98e789ba2fc266e190bf..a54a6e9c5161e6a67f3c68950daac3da7894596c 100644 (file)
--- a/src/tlsproxy.c
+++ b/src/tlsproxy.c
@@ -1,5 +1,7 @@
 /*
- * tlsproxy is a transparent TLS proxy for HTTPS connections.
+ * tlsproxy is a TLS proxy for HTTPS which intercepts the connections and
+ * ensures the server certificate doesn't change. Normally this isn't detected
+ * if a trusted CA for the new server certificate is installed.
  *
  * Copyright (C) 2011  Simon Ruderich
  *
@@ -71,7 +73,9 @@ static SEM *ringbuffer_free; /* Space for another element in the buffer? */
 static SEM *ringbuffer_lock; /* Read lock. */
 
 
+#ifdef DEBUG
 static void sigint_handler(int signal);
+#endif
 
 static void parse_arguments(int argc, char **argv);
 static void print_usage(const char *argv);
@@ -85,7 +89,11 @@ static void worker_thread(void);
 int main(int argc, char **argv) {
     int port;
     int client_socket, server_socket;
+#ifdef USE_IPV4_ONLY
+    struct sockaddr_in server_in;
+#else
     struct sockaddr_in6 server_in;
+#endif
 
     size_t i;
     pthread_t *threads;
@@ -102,11 +110,13 @@ int main(int argc, char **argv) {
     }
 
     /* Setup our SIGINT signal handler which allows a "normal" termination of
-     * the server. */
+     * the server in DEBUG mode. */
     sigemptyset(&action.sa_mask);
-    action.sa_handler = sigint_handler;
     action.sa_flags   = 0;
+#ifdef DEBUG
+    action.sa_handler = sigint_handler;
     sigaction(SIGINT, &action, NULL);
+#endif
     /* Ignore SIGPIPEs. */
     action.sa_handler = SIG_IGN;
     sigaction(SIGPIPE, &action, NULL);
@@ -140,14 +150,19 @@ int main(int argc, char **argv) {
                                 (void * (*)(void *))&worker_thread,
                                 NULL);
         if (0 != result) {
-            printf("failed to create worker thread: %s\n", strerror(result));
+            fprintf(stderr, "failed to create worker thread: %s\n",
+                            strerror(result));
             return EXIT_FAILURE;
         }
 
         threads[i] = thread;
     }
 
+#ifdef USE_IPV4_ONLY
+    server_socket = socket(PF_INET, SOCK_STREAM, 0);
+#else
     server_socket = socket(PF_INET6, SOCK_STREAM, 0);
+#endif
     if (-1 == server_socket) {
         perror("socket()");
         return EXIT_FAILURE;
@@ -164,9 +179,15 @@ int main(int argc, char **argv) {
 
     /* Bind to the listen socket. */
     memset(&server_in, 0, sizeof(server_in));
+#ifdef USE_IPV4_ONLY
+    server_in.sin_family      = AF_INET;               /* IPv4 only */
+    server_in.sin_addr.s_addr = INADDR_ANY;            /* bind to any address */
+    server_in.sin_port        = htons((uint16_t)port); /* port to bind to */
+#else
     server_in.sin6_family = AF_INET6;              /* IPv6 (and IPv4) */
     server_in.sin6_addr   = in6addr_any;           /* bind to any address */
     server_in.sin6_port   = htons((uint16_t)port); /* port to bind to */
+#endif
     if (-1 == bind(server_socket, (struct sockaddr *)&server_in,
                                   sizeof(server_in))) {
         perror("bind()");
@@ -233,11 +254,13 @@ int main(int argc, char **argv) {
     return EXIT_FAILURE;
 }
 
+#ifdef DEBUG
 static void sigint_handler(int signal_number) {
     (void)signal_number;
 
     done = 1;
 }
+#endif
 
 static void parse_arguments(int argc, char **argv) {
     int option;