-/*
-tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
- manager, WARC/geminispace browser
-Copyright (C) 2021-2022 Sergey Matveev <stargrave@stargrave.org>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
+// tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+// manager, WARC/geminispace browser
+// Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
package tofuproxy
"fmt"
"log"
"net/http"
- "strings"
"time"
+
+ ttls "go.stargrave.org/tofuproxy/tls"
)
var (
TLSNextProtoS = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
CACert *x509.Certificate
CAPrv crypto.PrivateKey
- sessionCache = tls.NewLRUClientSessionCache(1024)
)
type Handler struct{}
log.Fatalln(err)
}
defer conn.Close()
- conn.Write([]byte(fmt.Sprintf(
- "%s %d %s\r\n\r\n",
- req.Proto,
- http.StatusOK, http.StatusText(http.StatusOK),
- )))
- host := strings.Split(req.Host, ":")[0]
+ fmt.Fprintf(
+ conn, "%s %d %s\r\n\r\n",
+ req.Proto, http.StatusOK, http.StatusText(http.StatusOK),
+ )
+ host, _, _ := ttls.SplitHostPort(req.Host)
hostCertsM.Lock()
keypair, ok := hostCerts[host]
if !ok || !keypair.cert.NotAfter.After(time.Now().Add(time.Hour)) {
- keypair = newKeypair(host, CACert, CAPrv)
+ keypair = newX509Keypair(host, CACert, CAPrv)
hostCerts[host] = keypair
}
hostCertsM.Unlock()