X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Ftlsproxy.c;h=17c49e971b6a27d1e7c096c2a85977256265d1de;hb=946885b04de70f8481f58160de12f3ee3b0b380a;hp=0e095689374b7cae7e4ce51546491d1e9ade25d4;hpb=14106ea40a55acbba0d14a6f66350221ade044ab;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/tlsproxy.c b/src/tlsproxy.c
index 0e09568..17c49e9 100644
--- a/src/tlsproxy.c
+++ b/src/tlsproxy.c
@@ -1,5 +1,7 @@
 /*
- * tlsproxy is a transparent TLS proxy for HTTPS connections.
+ * tlsproxy is a TLS proxy for HTTPS which intercepts the connections and
+ * ensures the server certificate doesn't change. Normally this isn't detected
+ * if a trusted CA for the new server certificate is installed.
  *
  * Copyright (C) 2011  Simon Ruderich
  *
@@ -48,6 +50,14 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
 #define DH_SIZE 1024
 
 
+/* For gnutls_*() functions. */
+#define GNUTLS_ERROR_EXIT(error, message) \
+    if (GNUTLS_E_SUCCESS != error) { \
+        fprintf(stderr, "%s: %s\n", message, gnutls_strerror(error)); \
+        exit(EXIT_FAILURE); \
+    }
+
+
 /* Server should shut down. Set by SIGINT handler. */
 static volatile int done;