Xrelayd is a basic tcp proxy server which enables you to encrypt arbitrary
protocols without changing ssl unaware deamons and client software. Xrelayd
runs on UNIX systems including Linux and Mac OS X.


INSTALL:
- Get xrelayd:
  wget http://znerol.ch/files/xrelayd-0.2.tar.gz
  tar xzf xrelayd-0.2.tgz
  
- Get XySSL (http://xyssl.org/)
  wget http://xyssl.org/code/download/xyssl-0.8.tgz
  tar xzf xyssl-0.8.tgz

- Patch XySSL (Needed at least for XySSL 0.8):
  patch -d xyssl-0.8 -p1 < xrelayd-0.2/patches/xyssl-0.8-fix_x509_write.patch

- Build XySSL:
  make -C xyssl-0.8
  
- Build xrelayd.
  cd xrelayd-0.2
  make XYSSL_SOURCE=../xyssl-0.8

- Install xrelayd
  make install

If you build and install xrelayd like this, xyssl will be linked statically
into xrelayd and you dont need to install the library which is the default
behaviour of xyssl at the moment.


USAGE:
  usage: [-c] [-v] [-d localip:port] [-r remoteip:port]

      -A      Server certificate file (may change to CA file in future) 
      -p      private key and certificate chain PEM file name
      -c      client mode. remote is ssl, local plain
      -v      validate certificate
      -d      listen locally on this [host:]port
      -r      connect to remote machine on [host:]port
      -P      pidfile
      -f      foreground mode
      -D      syslog level (0...7)

    Options for private key and x509 certificate generation
      -K      generate private key and certificate. arg=keylen
      -U      subjectline for certificate. specify at least CN
      -Y      number of days before this cert becomes invalid


EXAMPLE: ENABLE ENCRYPTION FOR HTTP SERVER RUNNING LOCALLY:
- Create a RSA key and self signed X509 certificate using xrelayd
  ./xrelayd -f -K 1024 -p host.key -U "CN=localhost" -p host.key -A host.cert

- Run xrelayd in debug mode:
  ./xrelayd -f -D7 -r localhost:80 -d 4433 -p host.key -A host.cert

- Open the URI https://localhost:4433/ in your favorite browser.

- Run xrelayd in daemon mode with standard loglevel:
  ./xrelayd -r vdeb.local:80 -d 4433 -p host.key -A host.cert


CHANGES:

2007-10-26 Version 0.2
- Based on xyssl 0.8
- Generation of RSA-keys and self signed certificate
- Fixed bug preventing big uploads (POST) when operated as a HTTPS server

2007-09-01 Version 0.1
- Initial release. No key/cert-generation yet
- Based on xyssl 0.7


TODO:
- Test client mode.
- Certificate verifycation (-v).
- Proper chroot and privilege dropping.
- More examples.