/*
-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
- manager, WARC/Gemini browser
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+ manager, WARC/geminispace browser
+Copyright (C) 2021-2023 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
"crypto/x509"
"fmt"
"net"
- "strings"
"go.cypherpunks.ru/ucspi"
"go.stargrave.org/tofuproxy/fifos"
var sessionCache = tls.NewLRUClientSessionCache(1024)
func DialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
- host := strings.Split(addr, ":")[0]
+ host, _, _ := SplitHostPort(addr)
+ host = toLowerCaseASCII(host)
ccg := ClientCertificateGetter{host: host}
cfg := tls.Config{
VerifyPeerCertificate: func(