X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Ftlsproxy.c;h=b79e05daec86135f8ed470b2f8bee9bf881d1b37;hb=76ad95f5a7601b7e0549a4f4624443287f64a262;hp=a54a6e9c5161e6a67f3c68950daac3da7894596c;hpb=451082eb1b2f8fc5cbacbb65cd4e48348192b477;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/tlsproxy.c b/src/tlsproxy.c
index a54a6e9..b79e05d 100644
--- a/src/tlsproxy.c
+++ b/src/tlsproxy.c
@@ -59,7 +59,7 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
 
 
 /* Server should shut down. Set by SIGINT handler. */
-static volatile int done;
+static volatile int done = 0;
 
 /* Number of threads. */
 static size_t thread_count;
@@ -109,11 +109,11 @@ int main(int argc, char **argv) {
         return EXIT_FAILURE;
     }
 
-    /* Setup our SIGINT signal handler which allows a "normal" termination of
-     * the server in DEBUG mode. */
     sigemptyset(&action.sa_mask);
     action.sa_flags   = 0;
 #ifdef DEBUG
+    /* Setup our SIGINT signal handler which allows a "normal" termination of
+     * the server in DEBUG mode. */
     action.sa_handler = sigint_handler;
     sigaction(SIGINT, &action, NULL);
 #endif
@@ -168,20 +168,18 @@ int main(int argc, char **argv) {
         return EXIT_FAILURE;
     }
 
-#ifdef DEBUG
     /* Fast rebinding for debug mode, could cause invalid packets. */
-    {
+    if (LOG_DEBUG_LEVEL <= global_log_level) {
         int socket_option = 1;
         setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR,
                    &socket_option, sizeof(socket_option));
     }
-#endif
 
     /* Bind to the listen socket. */
     memset(&server_in, 0, sizeof(server_in));
 #ifdef USE_IPV4_ONLY
     server_in.sin_family      = AF_INET;               /* IPv4 only */
-    server_in.sin_addr.s_addr = INADDR_ANY;            /* bind to any address */
+    server_in.sin_addr.s_addr = htonl(INADDR_ANY);     /* bind to any address */
     server_in.sin_port        = htons((uint16_t)port); /* port to bind to */
 #else
     server_in.sin6_family = AF_INET6;              /* IPv6 (and IPv4) */
@@ -199,7 +197,7 @@ int main(int argc, char **argv) {
         return EXIT_FAILURE;
     }
 
-    if (LOG_DEBUG <= global_log_level) {
+    if (LOG_DEBUG_LEVEL <= global_log_level) {
         printf("Listening for connections on port %d.\n", port);
 
         if (NULL != global_proxy_host && NULL != global_proxy_port) {
@@ -268,12 +266,13 @@ static void parse_arguments(int argc, char **argv) {
     /* Default values. */
     thread_count = 10;
 #ifdef DEBUG
-    global_log_level = LOG_DEBUG;
+    global_log_level = LOG_DEBUG_LEVEL;
 #else
-    global_log_level = LOG_WARNING;
+    global_log_level = LOG_WARNING_LEVEL;
 #endif
+    global_passthrough_unknown = 0;
 
-    while (-1 != (option = getopt(argc, argv, "d:p:t:h?"))) {
+    while (-1 != (option = getopt(argc, argv, "d:p:t:uh?"))) {
         switch (option) {
             case 'd': {
                 if (0 > atoi(optarg)) {
@@ -324,6 +323,10 @@ static void parse_arguments(int argc, char **argv) {
                 thread_count = (size_t)atoi(optarg);
                 break;
             }
+            case 'u': {
+                global_passthrough_unknown = 1;
+                break;
+            }
             case 'h':
             default: /* '?' */
                 print_usage(argv[0]);
@@ -338,12 +341,15 @@ static void parse_arguments(int argc, char **argv) {
     }
 }
 static void print_usage(const char *argv) {
-    fprintf(stderr, "Usage: %s [-d level] [-p host:port] [-t count] port\n",
+    fprintf(stderr, "Usage: %s [-d level] [-p host:port] [-t count] [-u] port\n",
                     argv);
     fprintf(stderr, "\n");
     fprintf(stderr, "-d debug level: 0=errors only, 2=debug [default: 1]\n");
     fprintf(stderr, "-p proxy hostname and port\n");
     fprintf(stderr, "-t number of threads [default: 10]\n");
+    fprintf(stderr, "-u passthrough connection if no certificate is stored \
+[default: error]\n");
+    fprintf(stderr, "   WARNING: might be a security problem!\n");
 }
 
 static void initialize_gnutls(void) {
@@ -370,18 +376,18 @@ static void initialize_gnutls(void) {
     GNUTLS_ERROR_EXIT(result, "gnutls_global_init()");
 
     /* Setup GnuTLS cipher suites. */
-    result = gnutls_priority_init(&tls_priority_cache, "NORMAL", NULL);
+    result = gnutls_priority_init(&global_tls_priority_cache, "NORMAL", NULL);
     GNUTLS_ERROR_EXIT(result, "gnutls_priority_init()");
 
     /* Generate Diffie-Hellman parameters. */
-    result = gnutls_dh_params_init(&tls_dh_params);
+    result = gnutls_dh_params_init(&global_tls_dh_params);
     GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_init()");
-    result = gnutls_dh_params_generate2(tls_dh_params, DH_SIZE);
+    result = gnutls_dh_params_generate2(global_tls_dh_params, DH_SIZE);
     GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_generate2()");
 }
 static void deinitialize_gnutls(void) {
-    gnutls_dh_params_deinit(tls_dh_params);
-    gnutls_priority_deinit(tls_priority_cache);
+    gnutls_dh_params_deinit(global_tls_dh_params);
+    gnutls_priority_deinit(global_tls_priority_cache);
 
     gnutls_global_deinit();
 }