X-Git-Url: https://ruderich.org/simon/gitweb/?p=tlsproxy%2Ftlsproxy.git;a=blobdiff_plain;f=src%2Ftlsproxy.c;h=a35b49b0280d99e52f8cb8db2f5ec88110bb0d85;hp=8b9b6d92e1bb3309010b54a7240900a23419268c;hb=HEAD;hpb=8c4ae426c578d53c7afcbcbc178c96a7da3614c2 diff --git a/src/tlsproxy.c b/src/tlsproxy.c index 8b9b6d9..a35b49b 100644 --- a/src/tlsproxy.c +++ b/src/tlsproxy.c @@ -3,7 +3,7 @@ * ensures the server certificate doesn't change. Normally this isn't detected * if a trusted CA for the new server certificate is installed. * - * Copyright (C) 2011-2013 Simon Ruderich + * Copyright (C) 2011-2014 Simon Ruderich * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,13 +24,16 @@ #include "connection.h" #include +#include #include +#include +#include #include #include +#include #include #include #include -#include #if GNUTLS_VERSION_NUMBER <= 0x020b00 /* Necessary for GnuTLS when used with threads. */ @@ -148,9 +151,9 @@ int main(int argc, char **argv) { } #ifdef USE_IPV4_ONLY - server_socket = socket(PF_INET, SOCK_STREAM, 0); + server_socket = socket(AF_INET, SOCK_STREAM, 0); #else - server_socket = socket(PF_INET6, SOCK_STREAM, 0); + server_socket = socket(AF_INET6, SOCK_STREAM, 0); #endif if (server_socket < 0) { perror("socket()"); @@ -189,6 +192,7 @@ int main(int argc, char **argv) { if (global_log_level >= LOG_DEBUG1_LEVEL) { printf("tlsproxy %s\n", VERSION); printf("Listening for connections on port %d.\n", port); + printf("Priority string: %s.\n", PROXY_TLS_PRIORITIES); if (global_proxy_host != NULL && global_proxy_port != NULL) { printf("Using proxy: %s:%s.\n", global_proxy_host, @@ -256,7 +260,7 @@ static void parse_arguments(int argc, char **argv) { /* Default values. */ thread_count = 10; #ifdef DEBUG - global_log_level = LOG_DEBUG1_LEVEL; + global_log_level = LOG_DEBUG2_LEVEL; #else global_log_level = LOG_WARNING_LEVEL; #endif @@ -313,12 +317,11 @@ static void parse_arguments(int argc, char **argv) { memcpy(global_proxy_host, optarg, (size_t)(position - optarg)); global_proxy_host[position - optarg] = '\0'; - global_proxy_port = malloc(strlen(position + 1) + 1); + global_proxy_host = strdup(position + 1); if (global_proxy_port == NULL) { - perror("malloc()"); + perror("strdup()"); exit(EXIT_FAILURE); } - strcpy(global_proxy_port, position + 1); break; } @@ -354,7 +357,7 @@ static void print_usage(const char *argv) { argv); fprintf(stderr, "\n"); fprintf(stderr, "-a digest authentication file [default: none]\n"); - fprintf(stderr, "-d debug level: 0=errors only, 2=debug [default: 1]\n"); + fprintf(stderr, "-d debug level: 0=errors only, 2=debug, 3=more debug [default: 1]\n"); fprintf(stderr, "-p proxy hostname and port\n"); fprintf(stderr, "-t number of threads [default: 10]\n"); fprintf(stderr, "-u passthrough connection if no certificate is stored \ @@ -411,7 +414,8 @@ static void initialize_gnutls(void) { #endif /* Setup GnuTLS cipher suites. */ - result = gnutls_priority_init(&global_tls_priority_cache, "NORMAL", NULL); + result = gnutls_priority_init(&global_tls_priority_cache, + PROXY_TLS_PRIORITIES, NULL); GNUTLS_ERROR_EXIT(result, "gnutls_priority_init()"); /* Read Diffie-Hellman parameters. */ @@ -422,7 +426,8 @@ static void initialize_gnutls(void) { exit(EXIT_FAILURE); } dh_parameters_datum.data = (unsigned char *)dh_parameters; - dh_parameters_datum.size = strlen(dh_parameters); + assert(strlen(dh_parameters) <= UINT_MAX); + dh_parameters_datum.size = (unsigned int)(strlen(dh_parameters)); result = gnutls_dh_params_init(&global_tls_dh_params); GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_init()");