/* GnuTLS */
#include <gnutls/gnutls.h>
+#include "log.h"
-/* Log level constants. */
-#define LOG_ERROR 0
-#define LOG_WARNING 1
-#define LOG_DEBUG 2
-
-/* Macros for shorter error handling. */
-#define GNUTLS_ERROR_EXIT(error, message) \
- if (GNUTLS_E_SUCCESS != error) { \
- fprintf(stderr, "%s: %s\n", message, gnutls_strerror(error)); \
- exit(EXIT_FAILURE); \
- }
+/* Paths to necessary TLS files: the CA and the server key. */
+#define PROXY_CA_FILE "proxy-ca.pem"
+#define PROXY_KEY_FILE "proxy-key.pem"
+/* Path to special "invalid" certificate send to the client when an error
+ * occurs. */
+#define PROXY_INVALID_CERT_FILE "proxy-invalid.pem"
+/* The server certificate for the given hostname is stored in
+ * "./certificate-hostname-proxy.pem" - we use this for the connection to the
+ * client. */
+#define PROXY_SERVER_CERT_FORMAT "./certificate-%s-proxy.pem"
+/* The remote server certificate for the given hostname is stored in
+ * "./certificate-hostname-proxy.pem" - we make sure the server sends this
+ * certificate. */
+#define STORED_SERVER_CERT_FORMAT "./certificate-%s-server.pem"
/* Proxy hostname and port if specified on the command line. */
/* Log level, command line option. */
int global_log_level;
+/* Passthrough connections if no certificate is stored for this hostname?
+ * Specified on the command line. */
+int global_passthrough_unknown;
+
/* "Global" GnuTLS data used by all threads, read only. */
-gnutls_priority_t tls_priority_cache;
-gnutls_dh_params_t tls_dh_params;
+gnutls_priority_t global_tls_priority_cache;
+gnutls_dh_params_t global_tls_dh_params;
#endif