stud
stud copied to clipboard
bumptech
The Scalable TLS Unwrapping Daemon
Correct commit is: eb772bd4
This patch adds small subset of logging functions and removes all calls to perror() and substitutes them with hopefully more informative calls using strerror().
So we don't have to "ulimit -n" before starting stud.
The read address is then passed to the backend server if --write-proxy or --write-ip is specified. This can be useful if you use HAProxy as your load balancer (in TCP...
This patch adds support for the TACK TLS extension (http://tack.io/). Its use requires OpenSSL with TACK support (currently at https://github.com/tack/openssl_tack).
`PEM_read_bio_RSAPrivateKey()` can fail under some conditions, so we should print out OpenSSL's error message(s) to help the user understand and resolve the issue.
Optimized futexes are only available on i386 and amd64 since they use inline assembly. It is difficult to come with a generic way to tell which arch we are using...
EAGAIN is not likely with TCP (you'd need a bad ulimit for exampel), but if nothing else, it's hard on the eyes.
Added a function to do basic wildcard matching when deciding which cert to use under SNI. Also added some comments to the default config clarifying how to list multiple cert...
