search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
autossl AUTOSSL_SILENT option and improve documentation
[hband-ld-preload-libs.git] / src / autossl
blob1667ab42beb6851b810ce80a306782702ab73919
1 #!/bin/bash
2
3 # This is a helper script, wraps any command and sets up environment for
4 # autossl.so.
5 # Autossl.so is an LD_PRELOAD-ed library which intercepts network connections
6 # and upgrade them to TLS.
7 #
8 # This helper script provides convenience logic to help you type less when
9 # using it with common simple commands, like "wget <URL>". You probably
10 # use it only with simple commands anyways, so this convenience logic is
11 # opt-out. Turn it off by set AUTOSSL_CONVENIENCE=off in your invoking
12 # environment.
13 #
14 # As part of the convenience it (1) replaces https url-like command line
15 # arguments to http (to let autossl.so intercept the plain connection and
16 # upgrade it back to https during the connection) and (2) find domain
17 # names in command line arguments and passes appropriate "-servername"
18 # parameter to the underlaying openssl command.
19 #
20 # Set OPENSSL_EXTRA_ARGS environment variable to pass more parameters to openssl.
21 #
22 # It has an embedding port mapping which contains common plain:tls port
23 # pairs for a given protocol, but you can extend it by setting splace
24 # separated "plain:tls" port number pairs in AUTOSSL_TLS_PORT_MAP env
25 # variable.
26 #
27 # See autossl.so docs for more info.
28
29 help()
30 {
31 echo "Usage: autossl <COMMAND> [<ARGUMENTS>]"
32 echo "Environment:"
33 echo " AUTOSSL_BACKEND - which program to use as a upgrade-to-TLS helper. supported: openssl (default), stunnel"
34 echo " AUTOSSL_CONVENIENCE - if set to \"off\", don't try to guess SNI servername"
35 echo " AUTOSSL_SILENT - less diagnostical messages"
36 echo " AUTOSSL_UPGRADE_PORTS - space-delimited list of port numbers which autossl should work on (default 80)"
37 echo " AUTOSSL_UPGRADE_IPS - space-delimited list of IPs which autossl should work on. unset means any."
38 echo " AUTOSSL_TLS_PORT_MAP - space-delimited list of colon-separated port number pairs denoting which port should be mapped to which one (some common ports defaulted)"
39 echo " OPENSSL_EXTRA_ARGS - additional options passed to openssl"
40 echo " STUNNEL_EXTRA_ARGS - additional options passed to stunnel"
41 }
42
43 if [ $# = 0 ]
44 then
45 help >&2
46 exit -1
47 elif [ "$1" = --help ]
48 then
49 help
50 exit 0
51 else
52 declare -a args
53 servername=''
54
55 if [ "$AUTOSSL_CONVENIENCE" = off ]
56 then
57 args=("$@")
58 else
59 for arg in "$@"
60 do
61 if [[ $arg =~ ^https://([^@/]*@)?([^/ :]+) ]]
62 then
63 servername=${BASH_REMATCH[2]}
64 fi
65 if [ "${arg:0:6}" = https: ]
66 then
67 arg=${arg/https:/http:}
68 fi
69 args+=("$arg")
70 done
71
72 if [ -n "$servername" ]
73 then
74 OPENSSL_EXTRA_ARGS="$OPENSSL_EXTRA_ARGS${OPENSSL_EXTRA_ARGS:+ }-servername $servername"
75 export OPENSSL_EXTRA_ARGS
76 fi
77 fi
78
79 if [ ! $AUTOSSL_SILENT ]
80 then
81 echo "autossl: run: ${args[@]}" >&2
82 fi
83 if [ $AUTOSSL_SILENT ]
84 then
85 OPENSSL_EXTRA_ARGS="$OPENSSL_EXTRA_ARGS${OPENSSL_EXTRA_ARGS:+ }-quiet"
86 fi
87
88 LD_PRELOAD=/usr/lib/tool/preload/autossl.so \
89 AUTOSSL_UPGRADE_PORTS="80${AUTOSSL_UPGRADE_PORTS:+ }${AUTOSSL_UPGRADE_PORTS}" \
90 AUTOSSL_TLS_CMD=autossl-conn \
91 AUTOSSL_TLS_PORT_MAP="21:990 23:992 25:465 80:443 110:995 119:563 143:993 194:994 389:636 $AUTOSSL_TLS_PORT_MAP" \
92 AUTOSSL_ERRNO=5 \
93 exec "${args[@]}"
94 fi
useful LD_PRELOAD-able libraries for Linux