Disable RC4.

[tlsproxy/tlsproxy.git] / src / tlsproxy.c

diff --git a/src/tlsproxy.c b/src/tlsproxy.c
index 1ccee20c22ab16b541f39e2adee26c65f5d6a30a..a35b49b0280d99e52f8cb8db2f5ec88110bb0d85 100644 (file)
--- a/src/tlsproxy.c
+++ b/src/tlsproxy.c
@@ -3,7 +3,7 @@
  * ensures the server certificate doesn't change. Normally this isn't detected
  * if a trusted CA for the new server certificate is installed.
  *
- * Copyright (C) 2011-2013  Simon Ruderich
+ * Copyright (C) 2011-2014  Simon Ruderich
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,13 +26,14 @@
 #include <arpa/inet.h>
 #include <assert.h>
 #include <errno.h>
+#include <limits.h>
+#include <netinet/in.h>
 #include <pthread.h>
 #include <signal.h>
+#include <stdint.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
-#include <unistd.h>
-#include <limits.h>
 
 #if GNUTLS_VERSION_NUMBER <= 0x020b00
 /* Necessary for GnuTLS when used with threads. */
@@ -150,9 +151,9 @@ int main(int argc, char **argv) {
     }
 
 #ifdef USE_IPV4_ONLY
-    server_socket = socket(PF_INET, SOCK_STREAM, 0);
+    server_socket = socket(AF_INET, SOCK_STREAM, 0);
 #else
-    server_socket = socket(PF_INET6, SOCK_STREAM, 0);
+    server_socket = socket(AF_INET6, SOCK_STREAM, 0);
 #endif
     if (server_socket < 0) {
         perror("socket()");
@@ -191,6 +192,7 @@ int main(int argc, char **argv) {
     if (global_log_level >= LOG_DEBUG1_LEVEL) {
         printf("tlsproxy %s\n", VERSION);
         printf("Listening for connections on port %d.\n", port);
+        printf("Priority string: %s.\n", PROXY_TLS_PRIORITIES);
 
         if (global_proxy_host != NULL && global_proxy_port != NULL) {
             printf("Using proxy: %s:%s.\n", global_proxy_host,
@@ -258,7 +260,7 @@ static void parse_arguments(int argc, char **argv) {
     /* Default values. */
     thread_count = 10;
 #ifdef DEBUG
-    global_log_level = LOG_DEBUG1_LEVEL;
+    global_log_level = LOG_DEBUG2_LEVEL;
 #else
     global_log_level = LOG_WARNING_LEVEL;
 #endif
@@ -315,12 +317,11 @@ static void parse_arguments(int argc, char **argv) {
                 memcpy(global_proxy_host, optarg, (size_t)(position - optarg));
                 global_proxy_host[position - optarg] = '\0';
 
-                global_proxy_port = malloc(strlen(position + 1) + 1);
+                global_proxy_host = strdup(position + 1);
                 if (global_proxy_port == NULL) {
-                    perror("malloc()");
+                    perror("strdup()");
                     exit(EXIT_FAILURE);
                 }
-                strcpy(global_proxy_port, position + 1);
 
                 break;
             }
@@ -356,7 +357,7 @@ static void print_usage(const char *argv) {
                     argv);
     fprintf(stderr, "\n");
     fprintf(stderr, "-a digest authentication file [default: none]\n");
-    fprintf(stderr, "-d debug level: 0=errors only, 2=debug [default: 1]\n");
+    fprintf(stderr, "-d debug level: 0=errors only, 2=debug, 3=more debug [default: 1]\n");
     fprintf(stderr, "-p proxy hostname and port\n");
     fprintf(stderr, "-t number of threads [default: 10]\n");
     fprintf(stderr, "-u passthrough connection if no certificate is stored \
@@ -413,7 +414,8 @@ static void initialize_gnutls(void) {
 #endif
 
     /* Setup GnuTLS cipher suites. */
-    result = gnutls_priority_init(&global_tls_priority_cache, "NORMAL", NULL);
+    result = gnutls_priority_init(&global_tls_priority_cache,
+                                  PROXY_TLS_PRIORITIES, NULL);
     GNUTLS_ERROR_EXIT(result, "gnutls_priority_init()");
 
     /* Read Diffie-Hellman parameters. */