DESCRIPTION

This code implements a three-tiered client server architecture that simply
establishes an SSL/TLS encrypted TCP connection from a client to an intermediate
server, which then establishes a separate SSL/TLS encrypted TCP connection to
a second, Tier 2 server.  The Tier 2 server simply sends back a reply message to
the intermediary server, which then forwards it back on to the client.

All servers are concurrent and create a new process using fork() to handle
incoming connections.

The networking and SSL/TLS code has been modularized in order to better
facilitate servers acting as clients.  Code that had previously been in the
ssl-client.c file is now in the client-tools.h and client-tools.c files, and
similarly with the server code now in the server-tools.h and server-tools.c
source files.  The intermediary server code is in the source file
ssl-server-tier1.c and the Tier 2 server code is in the source file
ssl-server-tier2.c.  They have significant differences due to the different
roles they play in the system.

RUNNING THE PROGRAMS

To run the Tier 2 server, simply run it from the command line as before:

./ssl-server-tier2 <port>

To run the Tier 1 server, you'll need to run it with command line option
switches, e.g.,

./ssl-server-tier1 -p <server port> -s <remote server name/IP> -o >remote server port>

To run the client, specify the name/address and port (optional) of the Tier 1
server, e.g.,

./ssl-client localhost:4433

or

./ssl-client 192.168.56.7:4433

KEYS AND CERTIFICATES

Each server will need a private encryption key and certificate.  To create a
self-signed certificate your server can use, at the command prompt type:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem

This will create two files: a private key contained in the file 'key.pem' and a
certificate containing a public key in the file 'cert.pem'.  Your servers will
require both in order to operate properly.  The client requires neither.