X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Ftlsproxy.h;h=4664428fe862be1f5ce02bde348399b037667b8d;hb=55ce9f0a9991527dc9a7c09ee03446c3a7c48e93;hp=d244b8d01efd6ac17948d9b8c13e0286a0db36e8;hpb=219d904b7d12173ee93d016fe1a2cb8ae32eea9c;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/tlsproxy.h b/src/tlsproxy.h
index d244b8d..4664428 100644
--- a/src/tlsproxy.h
+++ b/src/tlsproxy.h
@@ -30,6 +30,7 @@
 
 #include "log.h"
 
+
 /* Length for path arrays. */
 #define TLSPROXY_MAX_PATH_LENGTH 1024
 
@@ -43,11 +44,23 @@
 /* The server certificate for the given hostname is stored in
  * "./certificate-hostname-proxy.pem" - we use this for the connection to the
  * client. */
-#define PROXY_SERVER_CERT_FORMAT "./certificate-%s-proxy.pem"
+#define PROXY_SERVER_CERT_FILE_FORMAT "./certificate-%s-proxy.pem"
 /* The remote server certificate for the given hostname is stored in
  * "./certificate-hostname-proxy.pem" - we make sure the server sends this
  * certificate. */
-#define STORED_SERVER_CERT_FORMAT "./certificate-%s-server.pem"
+#define STORED_SERVER_CERT_FILE_FORMAT "./certificate-%s-server.pem"
+
+/* GnuTLS priority string used for both server and client connections. */
+#define PROXY_TLS_PRIORITIES \
+    /* Don't use known insecure algorithms. */ \
+    "SECURE" \
+    /* Lower priority of SHA-1, user better hashes if possible. */ \
+    ":-SHA1:+SHA1" \
+    /* Force safe renegotiations. Shouldn't cause any problems as this \
+     * option only affects the server side (with GnuTLS defaults) and the \
+     * local clients most-likely already support safe renegotiations (old \
+     * servers are therefore not an issue). */ \
+    ":%SAFE_RENEGOTIATION"
 
 
 /* Proxy hostname and port if specified on the command line. */
@@ -55,7 +68,7 @@ char *global_proxy_host;
 char *global_proxy_port;
 
 /* Passphrase for authentication of this proxy. Used with the -a option. */
-char *http_digest_authorization;
+char *global_http_digest_authorization;
 
 /* Log level, command line option. */
 int global_log_level;