summaryrefslogtreecommitdiff
path: root/doc/examples/tlsproxy
diff options
context:
space:
mode:
Diffstat (limited to 'doc/examples/tlsproxy')
-rw-r--r--doc/examples/tlsproxy/buffer.c20
-rw-r--r--doc/examples/tlsproxy/buffer.h26
-rw-r--r--doc/examples/tlsproxy/crypto-gnutls.c132
-rw-r--r--doc/examples/tlsproxy/crypto-gnutls.h19
-rw-r--r--doc/examples/tlsproxy/tlsproxy.c61
5 files changed, 124 insertions, 134 deletions
diff --git a/doc/examples/tlsproxy/buffer.c b/doc/examples/tlsproxy/buffer.c
index e983495f80..b4d34a8d67 100644
--- a/doc/examples/tlsproxy/buffer.c
+++ b/doc/examples/tlsproxy/buffer.c
@@ -88,7 +88,7 @@ buffer_t *bufNew(ssize_t size, ssize_t hwm)
return b;
}
-void bufFree(buffer_t * b)
+void bufFree(buffer_t *b)
{
free(b->buf);
free(b);
@@ -97,7 +97,7 @@ void bufFree(buffer_t * b)
/* get a maximal span to read. Returns 0 if buffer
* is empty
*/
-ssize_t bufGetReadSpan(buffer_t * b, void **addr)
+ssize_t bufGetReadSpan(buffer_t *b, void **addr)
{
if (b->empty) {
*addr = NULL;
@@ -112,7 +112,7 @@ ssize_t bufGetReadSpan(buffer_t * b, void **addr)
/* get a maximal span to write. Returns 0 id buffer is full
*/
-ssize_t bufGetWriteSpan(buffer_t * b, void **addr)
+ssize_t bufGetWriteSpan(buffer_t *b, void **addr)
{
if (b->empty) {
*addr = b->buf;
@@ -132,7 +132,7 @@ ssize_t bufGetWriteSpan(buffer_t * b, void **addr)
}
/* mark size bytes as read */
-void bufDoneRead(buffer_t * b, ssize_t size)
+void bufDoneRead(buffer_t *b, ssize_t size)
{
while (!b->empty && (size > 0)) {
/* empty can't occur here, so equal pointers means full */
@@ -159,7 +159,7 @@ void bufDoneRead(buffer_t * b, ssize_t size)
}
/* mark size bytes as written */
-void bufDoneWrite(buffer_t * b, ssize_t size)
+void bufDoneWrite(buffer_t *b, ssize_t size)
{
while ((b->empty || (b->ridx != b->widx)) && (size > 0)) {
/* full can't occur here, so equal pointers means empty */
@@ -182,27 +182,27 @@ void bufDoneWrite(buffer_t * b, ssize_t size)
}
}
-int bufIsEmpty(buffer_t * b)
+int bufIsEmpty(buffer_t *b)
{
return b->empty;
}
-int bufIsFull(buffer_t * b)
+int bufIsFull(buffer_t *b)
{
return !b->empty && (b->ridx == b->widx);
}
-int bufIsOverHWM(buffer_t * b)
+int bufIsOverHWM(buffer_t *b)
{
return bufGetCount(b) > b->hwm;
}
-ssize_t bufGetFree(buffer_t * b)
+ssize_t bufGetFree(buffer_t *b)
{
return b->size - bufGetCount(b);
}
-ssize_t bufGetCount(buffer_t * b)
+ssize_t bufGetCount(buffer_t *b)
{
if (b->empty)
return 0;
diff --git a/doc/examples/tlsproxy/buffer.h b/doc/examples/tlsproxy/buffer.h
index 6d8a205a56..28b08e4632 100644
--- a/doc/examples/tlsproxy/buffer.h
+++ b/doc/examples/tlsproxy/buffer.h
@@ -23,23 +23,23 @@ OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef __TLSPROXY_BUFFERS_H
-# define __TLSPROXY_BUFFERS_H
+#define __TLSPROXY_BUFFERS_H
-# include <stdlib.h>
-# include <sys/types.h>
+#include <stdlib.h>
+#include <sys/types.h>
typedef struct buffer buffer_t;
buffer_t *bufNew(ssize_t size, ssize_t hwm);
-void bufFree(buffer_t * b);
-ssize_t bufGetReadSpan(buffer_t * b, void **addr);
-ssize_t bufGetWriteSpan(buffer_t * b, void **addr);
-void bufDoneRead(buffer_t * b, ssize_t size);
-void bufDoneWrite(buffer_t * b, ssize_t size);
-int bufIsEmpty(buffer_t * b);
-int bufIsFull(buffer_t * b);
-int bufIsOverHWM(buffer_t * b);
-ssize_t bufGetFree(buffer_t * b);
-ssize_t bufGetCount(buffer_t * b);
+void bufFree(buffer_t *b);
+ssize_t bufGetReadSpan(buffer_t *b, void **addr);
+ssize_t bufGetWriteSpan(buffer_t *b, void **addr);
+void bufDoneRead(buffer_t *b, ssize_t size);
+void bufDoneWrite(buffer_t *b, ssize_t size);
+int bufIsEmpty(buffer_t *b);
+int bufIsFull(buffer_t *b);
+int bufIsOverHWM(buffer_t *b);
+ssize_t bufGetFree(buffer_t *b);
+ssize_t bufGetCount(buffer_t *b);
#endif
diff --git a/doc/examples/tlsproxy/crypto-gnutls.c b/doc/examples/tlsproxy/crypto-gnutls.c
index a9da58912b..b0495f99b9 100644
--- a/doc/examples/tlsproxy/crypto-gnutls.c
+++ b/doc/examples/tlsproxy/crypto-gnutls.c
@@ -60,20 +60,20 @@ struct tlssession {
};
#define BUF_SIZE 65536
-#define BUF_HWM ((BUF_SIZE*3)/4)
+#define BUF_HWM ((BUF_SIZE * 3) / 4)
static int falsequit(void *opaque)
{
return FALSE;
}
-static int quit(tlssession_t * s)
+static int quit(tlssession_t *s)
{
return s->quitfn(s->opaque);
}
#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
-# pragma GCC diagnostic ignored "-Wsuggest-attribute=format"
+#pragma GCC diagnostic ignored "-Wsuggest-attribute=format"
#endif
static int stderrout(void *opaque, const char *format, va_list ap)
@@ -81,7 +81,7 @@ static int stderrout(void *opaque, const char *format, va_list ap)
return vfprintf(stderr, format, ap);
}
-static int errout(tlssession_t * s, const char *format, ...)
+static int errout(tlssession_t *s, const char *format, ...)
{
va_list ap;
int ret;
@@ -91,7 +91,7 @@ static int errout(tlssession_t * s, const char *format, ...)
return ret;
}
-static int debugout(tlssession_t * s, const char *format, ...)
+static int debugout(tlssession_t *s, const char *format, ...)
{
va_list ap;
int ret = 0;
@@ -122,7 +122,7 @@ static int verify_certificate_callback(gnutls_session_t session)
tlssession_t *s;
/* read session pointer */
- s = (tlssession_t *) gnutls_session_get_ptr(session);
+ s = (tlssession_t *)gnutls_session_get_ptr(session);
if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
return GNUTLS_E_CERTIFICATE_ERROR;
@@ -131,9 +131,8 @@ static int verify_certificate_callback(gnutls_session_t session)
* structure. So you must have installed one or more CA certificates.
*/
if (s->hostname && *s->hostname)
- ret =
- gnutls_certificate_verify_peers3(session, s->hostname,
- &status);
+ ret = gnutls_certificate_verify_peers3(session, s->hostname,
+ &status);
else
ret = gnutls_certificate_verify_peers2(session, &status);
@@ -145,10 +144,8 @@ static int verify_certificate_callback(gnutls_session_t session)
if (status) {
gnutls_datum_t txt;
- ret =
- gnutls_certificate_verification_status_print(status,
- GNUTLS_CRT_X509,
- &txt, 0);
+ ret = gnutls_certificate_verification_status_print(
+ status, GNUTLS_CRT_X509, &txt, 0);
if (ret >= 0) {
debugout(s, "verification error: %s\n", txt.data);
gnutls_free(txt.data);
@@ -163,12 +160,12 @@ static int verify_certificate_callback(gnutls_session_t session)
return 0;
}
-tlssession_t *tlssession_new(int isserver,
- char *keyfile, char *certfile, char *cacertfile,
- char *hostname, int insecure, int debug,
- int (*quitfn)(void *opaque),
+tlssession_t *tlssession_new(int isserver, char *keyfile, char *certfile,
+ char *cacertfile, char *hostname, int insecure,
+ int debug, int (*quitfn)(void *opaque),
int (*erroutfn)(void *opaque, const char *format,
- va_list ap), void *opaque)
+ va_list ap),
+ void *opaque)
{
int ret;
tlssession_t *s = calloc(1, sizeof(tlssession_t));
@@ -196,9 +193,8 @@ tlssession_t *tlssession_new(int isserver,
}
if (cacertfile != NULL) {
- ret =
- gnutls_certificate_set_x509_trust_file(s->creds, cacertfile,
- GNUTLS_X509_FMT_PEM);
+ ret = gnutls_certificate_set_x509_trust_file(
+ s->creds, cacertfile, GNUTLS_X509_FMT_PEM);
if (ret < 0) {
errout(s, "Error setting the x509 trust file: %s\n",
gnutls_strerror(ret));
@@ -206,10 +202,10 @@ tlssession_t *tlssession_new(int isserver,
}
if (!insecure) {
- gnutls_certificate_set_verify_function(s->creds,
- verify_certificate_callback);
- gnutls_certificate_set_verify_flags(s->creds,
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+ gnutls_certificate_set_verify_function(
+ s->creds, verify_certificate_callback);
+ gnutls_certificate_set_verify_flags(
+ s->creds, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
}
}
@@ -217,10 +213,8 @@ tlssession_t *tlssession_new(int isserver,
certfile = keyfile;
if (certfile != NULL && keyfile != NULL) {
- ret =
- gnutls_certificate_set_x509_key_file(s->creds, certfile,
- keyfile,
- GNUTLS_X509_FMT_PEM);
+ ret = gnutls_certificate_set_x509_key_file(
+ s->creds, certfile, keyfile, GNUTLS_X509_FMT_PEM);
if (ret < 0) {
errout(s,
@@ -244,9 +238,8 @@ tlssession_t *tlssession_new(int isserver,
gnutls_session_set_ptr(s->session, (void *)s);
if (!isserver && s->hostname && *s->hostname) {
- ret =
- gnutls_server_name_set(s->session, GNUTLS_NAME_DNS,
- s->hostname, strlen(s->hostname));
+ ret = gnutls_server_name_set(s->session, GNUTLS_NAME_DNS,
+ s->hostname, strlen(s->hostname));
if (ret < 0) {
errout(s, "Cannot set server name: %s\n",
gnutls_strerror(ret));
@@ -261,9 +254,8 @@ tlssession_t *tlssession_new(int isserver,
goto error;
}
- ret =
- gnutls_credentials_set(s->session, GNUTLS_CRD_CERTIFICATE,
- s->creds);
+ ret = gnutls_credentials_set(s->session, GNUTLS_CRD_CERTIFICATE,
+ s->creds);
if (ret < 0) {
errout(s, "Cannot set session GNUTL credentials: %s\n",
gnutls_strerror(ret));
@@ -278,14 +270,14 @@ tlssession_t *tlssession_new(int isserver,
return s;
- error:
+error:
if (s->session)
gnutls_deinit(s->session);
free(s);
return NULL;
}
-void tlssession_close(tlssession_t * s)
+void tlssession_close(tlssession_t *s)
{
if (s->session)
gnutls_deinit(s->session);
@@ -298,7 +290,7 @@ int tlssession_init(void)
return gnutls_global_init();
}
-int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
+int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t *s)
{
fd_set readfds;
fd_set writefds;
@@ -318,7 +310,7 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
/* set it up to work with our FD */
gnutls_transport_set_ptr(s->session,
- (gnutls_transport_ptr_t) (intptr_t) cryptfd);
+ (gnutls_transport_ptr_t)(intptr_t)cryptfd);
/* Now do the handshake */
ret = gnutls_handshake(s->session);
@@ -350,7 +342,7 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
size_t buffered = gnutls_record_check_pending(s->session);
if (buffered)
- wait = FALSE; /* do not wait for select to return if we have buffered data */
+ wait = FALSE; /* do not wait for select to return if we have buffered data */
if (plainEOF) {
/* plain text end has closed, but me may still have
@@ -384,12 +376,11 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
do {
timeout.tv_sec = wait ? 1 : 0;
timeout.tv_usec = 0;
- result =
- select(maxfd, &readfds, &writefds, NULL, &timeout);
+ result = select(maxfd, &readfds, &writefds, NULL,
+ &timeout);
selecterrno = errno;
- }
- while ((result == -1) && (selecterrno == EINTR) && !quit(s));
+ } while ((result == -1) && (selecterrno == EINTR) && !quit(s));
if (quit(s))
break;
@@ -404,9 +395,8 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
if (len > 0) {
do {
ret = read(plainfd, addr, (size_t)len);
- }
- while ((ret < 0) && (errno == EINTR)
- && !quit(s));
+ } while ((ret < 0) && (errno == EINTR) &&
+ !quit(s));
if (quit(s))
break;
if (ret < 0) {
@@ -417,7 +407,9 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
if (ret == 0) {
plainEOF = TRUE;
} else {
- bufDoneWrite(plainToCrypt, ret); /* mark ret bytes as written to the buffer */
+ bufDoneWrite(
+ plainToCrypt,
+ ret); /* mark ret bytes as written to the buffer */
}
}
}
@@ -433,9 +425,8 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
if (len > 0) {
do {
ret = write(plainfd, addr, (size_t)len);
- }
- while ((ret < 0) && (errno == EINTR)
- && !quit(s));
+ } while ((ret < 0) && (errno == EINTR) &&
+ !quit(s));
if (quit(s))
break;
if (ret < 0) {
@@ -443,7 +434,9 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
"Error on write to plain socket: %m\n");
goto error;
}
- bufDoneRead(cryptToPlain, ret); /* mark ret bytes as read from the buffer */
+ bufDoneRead(
+ cryptToPlain,
+ ret); /* mark ret bytes as read from the buffer */
}
}
@@ -457,11 +450,10 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
ssize_t len = bufGetWriteSpan(cryptToPlain, &addr);
if (len > 0) {
do {
- ret =
- gnutls_record_recv(s->session, addr,
- (size_t)len);
- }
- while (ret == GNUTLS_E_INTERRUPTED && !quit(s));
+ ret = gnutls_record_recv(
+ s->session, addr, (size_t)len);
+ } while (ret == GNUTLS_E_INTERRUPTED &&
+ !quit(s));
/* do not loop on GNUTLS_E_AGAIN - this means we'd block so we'd loop for
* ever
*/
@@ -476,7 +468,9 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
if (ret == 0) {
cryptEOF = TRUE;
} else {
- bufDoneWrite(cryptToPlain, ret); /* mark ret bytes as written to the buffer */
+ bufDoneWrite(
+ cryptToPlain,
+ ret); /* mark ret bytes as written to the buffer */
}
}
}
@@ -492,16 +486,14 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
if (len > 0) {
do {
if (tls_wr_interrupted) {
- ret =
- gnutls_record_send
- (s->session, NULL, 0);
+ ret = gnutls_record_send(
+ s->session, NULL, 0);
} else {
- ret =
- gnutls_record_send
- (s->session, addr, len);
+ ret = gnutls_record_send(
+ s->session, addr, len);
}
- }
- while (ret == GNUTLS_E_INTERRUPTED && !quit(s));
+ } while (ret == GNUTLS_E_INTERRUPTED &&
+ !quit(s));
if (quit(s))
break;
if (ret == GNUTLS_E_AGAIN) {
@@ -515,7 +507,9 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
gnutls_strerror(ret));
goto error;
} else {
- bufDoneRead(plainToCrypt, ret); /* mark ret bytes as read from the buffer */
+ bufDoneRead(
+ plainToCrypt,
+ ret); /* mark ret bytes as read from the buffer */
}
}
}
@@ -524,10 +518,10 @@ int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * s)
ret = 0;
goto freereturn;
- error:
+error:
ret = -1;
- freereturn:
+freereturn:
gnutls_bye(s->session, GNUTLS_SHUT_RDWR);
shutdown(plainfd, SHUT_RDWR);
bufFree(plainToCrypt);
diff --git a/doc/examples/tlsproxy/crypto-gnutls.h b/doc/examples/tlsproxy/crypto-gnutls.h
index be04e665d2..b315c9a274 100644
--- a/doc/examples/tlsproxy/crypto-gnutls.h
+++ b/doc/examples/tlsproxy/crypto-gnutls.h
@@ -25,19 +25,18 @@ OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef __TLSPROXY_CRYPTO_GNUTLS_H
-# define __TLSPROXY_CRYPTO_GNUTLS_H
+#define __TLSPROXY_CRYPTO_GNUTLS_H
int tlssession_init(void);
typedef struct tlssession tlssession_t;
-tlssession_t *tlssession_new(int isserver,
- char *keyfile, char *certfile, char *cacertfile,
- char *hostname, int insecure, int debug,
- int (*quitfn)(void *opaque),
- int (*erroutfn)(void *opaque,
- const char *format,
- va_list ap), void *opaque);
-void tlssession_close(tlssession_t * s);
-int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t * session);
+tlssession_t *tlssession_new(int isserver, char *keyfile, char *certfile,
+ char *cacertfile, char *hostname, int insecure,
+ int debug, int (*quitfn)(void *opaque),
+ int (*erroutfn)(void *opaque, const char *format,
+ va_list ap),
+ void *opaque);
+void tlssession_close(tlssession_t *s);
+int tlssession_mainloop(int cryptfd, int plainfd, tlssession_t *session);
#endif
diff --git a/doc/examples/tlsproxy/tlsproxy.c b/doc/examples/tlsproxy/tlsproxy.c
index f9ce373fdc..dc5bea2aee 100644
--- a/doc/examples/tlsproxy/tlsproxy.c
+++ b/doc/examples/tlsproxy/tlsproxy.c
@@ -64,10 +64,10 @@ static int bindtoaddress(char *addrport)
snprintf(addr, sizeof(addr), "%s", addrport);
memset(&hints, 0, sizeof(struct addrinfo));
- hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */
- hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */
- hints.ai_socktype = SOCK_STREAM; /* Stream socket */
- hints.ai_protocol = 0; /* any protocol */
+ hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */
+ hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */
+ hints.ai_socktype = SOCK_STREAM; /* Stream socket */
+ hints.ai_protocol = 0; /* any protocol */
char *colon = strrchr(addr, ':');
const char *port = defaultport;
@@ -90,9 +90,8 @@ static int bindtoaddress(char *addrport)
if (fd >= 0) {
int one = 1;
- if (setsockopt
- (fd, SOL_SOCKET, SO_REUSEADDR, &one,
- sizeof(one)) < 0) {
+ if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one,
+ sizeof(one)) < 0) {
close(fd);
continue;
}
@@ -108,7 +107,7 @@ static int bindtoaddress(char *addrport)
return -1;
}
- freeaddrinfo(result); /* No longer needed */
+ freeaddrinfo(result); /* No longer needed */
if (listen(fd, 5) < 0) {
close(fd);
@@ -128,10 +127,10 @@ static int connecttoaddress(char *addrport)
snprintf(addr, sizeof(addr), "%s", addrport);
memset(&hints, 0, sizeof(struct addrinfo));
- hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */
- hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */
- hints.ai_socktype = SOCK_STREAM; /* Stream socket */
- hints.ai_protocol = 0; /* any protocol */
+ hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */
+ hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */
+ hints.ai_socktype = SOCK_STREAM; /* Stream socket */
+ hints.ai_protocol = 0; /* any protocol */
char *colon = strrchr(addr, ':');
const char *port = defaultport;
@@ -166,7 +165,7 @@ static int connecttoaddress(char *addrport)
return -1;
}
- freeaddrinfo(result); /* No longer needed */
+ freeaddrinfo(result); /* No longer needed */
return fd;
}
@@ -185,10 +184,9 @@ static int runproxy(int acceptfd)
return -1;
}
- tlssession_t *session =
- tlssession_new(server, keyfile, certfile, cacertfile, hostname,
- insecure,
- debug, quitfn, NULL, NULL);
+ tlssession_t *session = tlssession_new(server, keyfile, certfile,
+ cacertfile, hostname, insecure,
+ debug, quitfn, NULL, NULL);
if (!session) {
fprintf(stderr, "Could create TLS session\n");
close(connectfd);
@@ -235,8 +233,7 @@ static int runlistener(void)
return -1;
}
}
- }
- while (fd < 0 && !rxsigquit);
+ } while (fd < 0 && !rxsigquit);
if (rxsigquit)
break;
if (nofork < 2) {
@@ -287,18 +284,18 @@ static void processoptions(int argc, char **argv)
{
while (1) {
static const struct option longopts[] = {
- {"connect", required_argument, 0, 'c'},
- {"listen", required_argument, 0, 'l'},
- {"key", required_argument, 0, 'K'},
- {"cert", required_argument, 0, 'C'},
- {"cacert", required_argument, 0, 'A'},
- {"hostname", required_argument, 0, 'H'},
- {"server", no_argument, 0, 's'},
- {"insecure", no_argument, 0, 'i'},
- {"nofork", no_argument, 0, 'n'},
- {"debug", no_argument, 0, 'd'},
- {"help", no_argument, 0, 'h'},
- {0, 0, 0, 0}
+ { "connect", required_argument, 0, 'c' },
+ { "listen", required_argument, 0, 'l' },
+ { "key", required_argument, 0, 'K' },
+ { "cert", required_argument, 0, 'C' },
+ { "cacert", required_argument, 0, 'A' },
+ { "hostname", required_argument, 0, 'H' },
+ { "server", no_argument, 0, 's' },
+ { "insecure", no_argument, 0, 'i' },
+ { "nofork", no_argument, 0, 'n' },
+ { "debug", no_argument, 0, 'd' },
+ { "help", no_argument, 0, 'h' },
+ { 0, 0, 0, 0 }
};
int optidx = 0;
@@ -309,7 +306,7 @@ static void processoptions(int argc, char **argv)
break;
switch (c) {
- case 0: /* set a flag, nothing else to do */
+ case 0: /* set a flag, nothing else to do */
break;
case 'c':
View Lorry Controller Status