REQUIREMENTS
------------
+- C89 compiler
- GnuTLS library including development headers
- certtool (from GnuTLS) to create TLS certificates
- `proxy-ca.pem`: CA which is used for all connections to the client
- `proxy-ca-key.pem`: private key for the CA
+- `proxy-dh.pem`: Diffie-Hellman parameters for the proxy
- `proxy-key.pem`: private key for the proxy
- `proxy-invalid.pem`: special certificate used for invalid pages
certificate to secure the connection to the client (signed by `proxy-ca.pem`).
If an error occurs in the validation (missing `certificate-*.pem` files,
-fingerprint changed, etc.) it's logged by the proxy (stdout) and the special
+fingerprint changed, etc.) it's logged by the proxy (stderr) and the special
`proxy-invalid.pem` certificate is used to send a 500 error message to the
client. The connection to the server is closed so there's no chance that any
client data is sent to the (possible) evil server. The invalid certificate is
- Firefox (at least Iceweasel 3.5.16 on Debian) fails to load the error page
sent with the "invalid" certificate once the certificate has been accepted.
As the user shouldn't accept the invalid certificate this is a minor issue.
+
+
+AUTHORS
+-------
+
+Written by Simon Ruderich <simon@ruderich.org>.
+
+
+LICENSE
+-------
+
+tlsproxy is licensed under GPL version 3 or later.
+
+Copyright (C) 2011-2013 Simon Ruderich
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.