go.cypherpunks.ru/ucspi -- UCSPI-related utilities

UCSPI (UNIX Client-Server Program Interface, http://cr.yp.to/ucspi-tcp.html)
provides convenient and easy interface for building network client server
programs.

That modules provides TLS-related utilities, that could be more suitable
that OpenSSL-dependant ones, or also much more complicated stunnel.

* cmd/tlss: TLS server, that is intended to be run under another UCSPI
  server, like that:

    tcpserver ::0 443 tlss -cert cert.pem -key prv.pem program arg0 arg1 ...

  Optionally it can require client's certificate verification, by
  providing the PEM file with acceptable CAs. In that case, TLSREMOTEDN
  environment variable is set, with the string representation of client's
  certificate subject. Also PROTO=TLS is set.

* cmd/tlsc: TLS client, that is intended to be run under another UCSPI
  client, like that:

    tcpclient example.com 443 tlsc -name example.com program arg0 arg1 ...

  Optionally it can authenticate to server using the certificate keypair
  through -cert/-key options. -ca option allows overriding of the system
  provided CAs. Also you can authenticate server against SHA256 hash of its
  SPKI with -fpr option. PROTO=TLS and TLSREMOTEDN are always set. You can
  disable authentication completely with -name "". -show option prints
  connection state after handshake and outputs certificates information.

* cmd/proxy: proxy between UCSPI server and UCSPI client

go.cypherpunks.ru/ucspi is free software: see the file COPYING for
copying conditions.