Rename genericstarttls to autossl and improve docs

Issue:		#87

opts.c

@@ -115,7 +115,9 @@ opts_free(opts_t *opts)
 }
 
 /*
- * Return 1 if opts_t contains a proxyspec with ssl, 0 otherwise.
+ * Return 1 if opts_t contains a proxyspec that (eventually) uses SSL/TLS,
+ * 0 otherwise.  When 0, it is safe to assume that no SSL/TLS operations
+ * will take place with this configuration.
  */
 int
 opts_has_ssl_spec(opts_t *opts)
@@ -123,7 +125,7 @@ opts_has_ssl_spec(opts_t *opts)
 	proxyspec_t *p = opts->spec;
 
 	while (p) {
-		if (p->ssl || p->tlspeek)
+		if (p->ssl || p->upgrade)
 			return 1;
 		p = p->next;
 	}
@@ -284,27 +286,27 @@ proxyspec_parse(int *argc, char **argv[], const char *natengine)
 				if (!strcmp(**argv, "tcp")) {
 					spec->ssl = 0;
 					spec->http = 0;
-					spec->tlspeek = 0;
+					spec->upgrade = 0;
 				} else
 				if (!strcmp(**argv, "ssl")) {
 					spec->ssl = 1;
 					spec->http = 0;
-					spec->tlspeek = 0;
+					spec->upgrade = 0;
 				} else
 				if (!strcmp(**argv, "http")) {
 					spec->ssl = 0;
 					spec->http = 1;
-					spec->tlspeek = 0;
+					spec->upgrade = 0;
 				} else
 				if (!strcmp(**argv, "https")) {
 					spec->ssl = 1;
 					spec->http = 1;
-					spec->tlspeek = 0;
+					spec->upgrade = 0;
 				} else
-				if (!strcmp(**argv, "genericstarttls")) {
+				if (!strcmp(**argv, "autossl")) {
 					spec->ssl = 0;
 					spec->http = 0;
-					spec->tlspeek = 1;
+					spec->upgrade = 1;
 				} else {
 					fprintf(stderr, "Unknown connection "
 					                "type '%s'\n", **argv);
@@ -468,10 +470,10 @@ proxyspec_str(proxyspec_t *spec)
 			return NULL;
 		}
 	}
-	if (asprintf(&s, "[%s]:%s %s %s %s %s", lhbuf, lpbuf,
+	if (asprintf(&s, "[%s]:%s %s%s%s %s", lhbuf, lpbuf,
 	             (spec->ssl ? "ssl" : "tcp"),
-	             (spec->http ? "http" : "plain"),
-	             (spec->tlspeek ? "peeking" : ""),
+	             (spec->upgrade ? "|upgrade" : ""),
+	             (spec->http ? "|http" : ""),
 	             (spec->natengine ? spec->natengine : cbuf)) < 0) {
 		s = NULL;
 	}

opts.h

@@ -39,7 +39,7 @@
 typedef struct proxyspec {
 	unsigned int ssl : 1;
 	unsigned int http : 1;
-	unsigned int tlspeek: 1;
+	unsigned int upgrade: 1;
 	struct sockaddr_storage listen_addr;
 	socklen_t listen_addrlen;
 	/* connect_addr and connect_addrlen are set: static mode;

pxyconn.c

@@ -200,7 +200,7 @@ pxy_conn_ctx_new(proxyspec_t *spec, opts_t *opts,
 	memset(ctx, 0, sizeof(pxy_conn_ctx_t));
 	ctx->spec = spec;
 	ctx->opts = opts;
-	ctx->looking_for_client_hello = spec->tlspeek;
+	ctx->looking_for_client_hello = spec->upgrade;
 	if (OPTS_DEBUG(opts)) {
 		log_dbg_printf("looking status is %d\n", ctx->looking_for_client_hello);
 	}

sslsplit.1

@@ -333,7 +333,7 @@ SNI DNS lookup):
 \fBtcp\fP   \fIlistenaddr port\fP
 [\fInat-engine\fP|\fIfwdaddr port\fP]
 .br
-\fBgenericstarttls\fP \fIlistenaddr port\fP
+\fBautossl\fP \fIlistenaddr port\fP
 [\fInat-engine\fP|\fIfwdaddr port\fP]
 .ad
 .TP
@@ -354,10 +354,12 @@ Plain TCP connection without SSL/TLS and without any lower level protocol
 decoding; decrypted connection content is treated as opaque stream of bytes
 and not modified.
 .TP
-\fBgenericstarttls\fP
-Plain TCP connection until an SSL client hello appears in the byte stream;
-then starts SSL/TLS interception.
-
+\fBautossl\fP
+Plain TCP connection until a Client Hello SSL/TLS message appears in the byte
+stream, then automatic upgrade to SSL/TLS interception.
+This is generic, protocol-independent STARTTLS support, that may erroneously
+trigger on byte sequences that look like Client Hello messages even though
+there was no actual STARTTLS command issued.
 .TP
 .I listenaddr port
 IPv4 or IPv6 address and port or service name to listen on.  This is the
@@ -378,7 +380,7 @@ If \fIfwdaddr\fP is a hostname, it will be resolved to an IP address.
 .TP
 \fBsni\fP \fIport\fP
 Use the Server Name Indication (SNI) hostname sent by the client in the
-ClientHello SSL/TLS message to determine the IP address of the server to
+Client Hello SSL/TLS message to determine the IP address of the server to
 connect to.  This only works for \fBssl\fP and \fBhttps\fP \fIproxyspecs\fP and
 needs a port or service name as an argument.
 Because this requires DNS lookups, it is preferrable to use NAT engine