// tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU // manager, WARC/geminispace browser // Copyright (C) 2021-2024 Sergey Matveev // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, version 3 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program. If not, see . package fifos import ( "crypto/tls" "log" "strings" "go.cypherpunks.su/ucspi/v2" "go.stargrave.org/tofuproxy/caches" ) func addTLSAuth(p string) { for { for _, line := range readLinesFromFIFO(p) { cols := strings.SplitN(line, " ", 2) if len(cols) != 2 { log.Println("invalid add-tls-auth line format") continue } if cols[1] == "NONE" { caches.TLSAuthCacheM.Lock() caches.TLSAuthCache[cols[0]] = &tls.Certificate{} caches.TLSAuthCacheM.Unlock() log.Printf("%s: added host %s: NONE\n", p, cols[0]) continue } _, cert, err := ucspi.CertificateFromFile(cols[1]) if err != nil { log.Fatalln(err) } prv, err := ucspi.PrivateKeyFromFile(cols[1]) if err != nil { log.Fatalln(err) } caches.TLSAuthCacheM.Lock() caches.TLSAuthCache[cols[0]] = &tls.Certificate{ Certificate: [][]byte{cert.Raw}, PrivateKey: prv, } caches.TLSAuthCacheM.Unlock() log.Printf("%s: added host %s: %s\n", p, cols[0], cert.Subject) } } }