X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=tls%2Ftlsauth.go;fp=tlsauth.go;h=1d47670d9d2d2d70e47c2464c997c168a4851f01;hb=6eee3c6c83cc535855e254426a90f7a2abba04ce;hp=fd9839a54b39885e2abaf6916aa524b9393687a7;hpb=bae1cfe5ce46a1b758ccc4dddda2751b6ac47f3e;p=tofuproxy.git diff --git a/tlsauth.go b/tls/tlsauth.go similarity index 86% rename from tlsauth.go rename to tls/tlsauth.go index fd9839a..1d47670 100644 --- a/tlsauth.go +++ b/tls/tlsauth.go @@ -1,5 +1,6 @@ /* -tofuproxy -- flexible HTTP/WARC proxy with TLS certificates management +tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates + manager, WARC/Gemini browser Copyright (C) 2021 Sergey Matveev This program is free software: you can redistribute it and/or modify @@ -75,6 +76,7 @@ grid .login bind . {switch -exact %%K { q {exit 0} ; # reject once + n {puts "0:NONE" ; exit} l login }} @@ -100,6 +102,9 @@ foreach sigScheme {%s} { } certs := make([]*x509.Certificate, 0, len(ents)) tlsCerts := make([]*tls.Certificate, 0, len(ents)) + b.WriteString(".lb insert end \"0: NONE\"\n") + certs = append(certs, nil) + tlsCerts = append(tlsCerts, nil) for i, ent := range ents { p := filepath.Join(CCerts, ent.Name()) _, cert, err := ucspi.CertificateFromFile(p) @@ -115,7 +120,7 @@ foreach sigScheme {%s} { Certificate: [][]byte{cert.Raw}, PrivateKey: prv, }) - b.WriteString(fmt.Sprintf(".lb insert end \"%d: %s\"\n", i, cert.Subject)) + b.WriteString(fmt.Sprintf(".lb insert end \"%d: %s\"\n", i+1, cert.Subject)) } // ioutil.WriteFile("/tmp/tls-auth-dialog.tcl", b.Bytes(), 0666) cmd := exec.Command(CmdWish) @@ -133,6 +138,13 @@ foreach sigScheme {%s} { if err != nil { return &tls.Certificate{}, nil } + if i == 0 { + dummy := tls.Certificate{} + caches.TLSAuthCacheM.Lock() + caches.TLSAuthCache[g.host] = &dummy + caches.TLSAuthCacheM.Unlock() + return &dummy, nil + } fifos.LogTLSAuth <- fmt.Sprintf("%s\t%s", g.host, certs[i].Subject) caches.TLSAuthCacheM.Lock() caches.TLSAuthCache[g.host] = tlsCerts[i]