X-Git-Url: https://ruderich.org/simon/gitweb/?p=tlsproxy%2Ftlsproxy.git;a=blobdiff_plain;f=src%2Ftlsproxy.h;h=fae7d60dec4dbfd0647b2ad5017abbf17a1ee8ad;hp=a0db68fd0726f9674014c1d3f2fd5106e553c445;hb=9f7ef8fa5c5216ac2510d2b4acb3b1b5c26886d1;hpb=643caf202af98fa5ebe83f642db459a04067e92f

diff --git a/src/tlsproxy.h b/src/tlsproxy.h
index a0db68f..fae7d60 100644
--- a/src/tlsproxy.h
+++ b/src/tlsproxy.h
@@ -1,7 +1,7 @@
 /*
- * Global variables.
+ * Global variables/defines.
  *
- * Copyright (C) 2011  Simon Ruderich
+ * Copyright (C) 2011-2013  Simon Ruderich
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -22,13 +22,60 @@
 
 #include <config.h>
 
-#include <stdlib.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 
+#include <gnutls/gnutls.h>
+
+#include "log.h"
+
+
+/* Length for path arrays. */
+#define TLSPROXY_MAX_PATH_LENGTH 1024
+
+/* Paths to necessary TLS files: the CA, the server key and DH parameters. */
+#define PROXY_CA_PATH  "proxy-ca.pem"
+#define PROXY_KEY_PATH "proxy-key.pem"
+#define PROXY_DH_PATH  "proxy-dh.pem"
+/* Path to special "invalid" certificate send to the client when an error
+ * occurs. */
+#define PROXY_INVALID_CERT_PATH "proxy-invalid.pem"
+/* The server certificate for the given hostname is stored in
+ * "./certificate-hostname-proxy.pem" - we use this for the connection to the
+ * client. */
+#define PROXY_SERVER_CERT_FILE_FORMAT "./certificate-%s-proxy.pem"
+/* The remote server certificate for the given hostname is stored in
+ * "./certificate-hostname-proxy.pem" - we make sure the server sends this
+ * certificate. */
+#define STORED_SERVER_CERT_FILE_FORMAT "./certificate-%s-server.pem"
+
+/* GnuTLS priority string used for both server and client connections. */
+#define PROXY_TLS_PRIORITIES "NORMAL"
+
 
 /* Proxy hostname and port if specified on the command line. */
-char *use_proxy_host;
-char *use_proxy_port;
+char *global_proxy_host;
+char *global_proxy_port;
+
+/* Passphrase for authentication of this proxy. Used with the -a option. */
+char *global_http_digest_authorization;
+
+/* Log level, command line option. */
+int global_log_level;
+
+/* Passthrough connections if no certificate is stored for this hostname?
+ * Specified on the command line. */
+int global_passthrough_unknown;
+
+/* "Global" GnuTLS data used by all threads, read only. */
+gnutls_priority_t global_tls_priority_cache;
+gnutls_dh_params_t global_tls_dh_params;
+
+/* Very simple compile time asserts. No good error message though. */
+#define ct_assert(x) { \
+    int unused[(x) ? 1 : -1]; \
+    (void)unused; \
+}
 
 #endif