* should be a good limit to make processing simpler. */
#define MAX_REQUEST_LINE 4096
-/* Paths to necessary TLS files: the CA and the server key. */
-#define PROXY_CA_FILE "proxy-ca.pem"
-#define PROXY_KEY_FILE "proxy-key.pem"
-
static int initialize_tls_session_client(int peer_socket,
const char *hostname,
gnutls_certificate_credentials_t *x509_cred) {
int result;
char path[1024];
- /* The server certificate for the given hostname is stored in
- * "./certificate-hostname-proxy.pem". */
-#define PATH_FORMAT "./certificate-%s-proxy.pem"
/* Hostname too long. */
- if (sizeof(path) - strlen(PATH_FORMAT) <= strlen(hostname)) {
+ if (sizeof(path) - strlen(PROXY_SERVER_CERT_FORMAT) <= strlen(hostname)) {
LOG(LOG_WARNING,
"initialize_tls_session_client(): hostname too long: '%s'",
hostname);
hostname);
return -1;
}
- snprintf(path, sizeof(path), PATH_FORMAT, hostname);
-#undef PATH_FORMAT
+ snprintf(path, sizeof(path), PROXY_SERVER_CERT_FORMAT, hostname);
result = gnutls_certificate_allocate_credentials(x509_cred);
if (GNUTLS_E_SUCCESS != result) {
#include "log.h"
+/* Paths to necessary TLS files: the CA and the server key. */
+#define PROXY_CA_FILE "proxy-ca.pem"
+#define PROXY_KEY_FILE "proxy-key.pem"
+/* The server certificate for the given hostname is stored in
+ * "./certificate-hostname-proxy.pem" - we use this for the connection to the
+ * client. */
+#define PROXY_SERVER_CERT_FORMAT "./certificate-%s-proxy.pem"
/* Proxy hostname and port if specified on the command line. */