X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=tls.go;h=ffd5084e28695822b346352f2e65461b1b9879a6;hb=6eee3c6c83cc535855e254426a90f7a2abba04ce;hp=dc598622998f6bcdcf893c11991c72b40c9532ed;hpb=bae1cfe5ce46a1b758ccc4dddda2751b6ac47f3e;p=tofuproxy.git

diff --git a/tls.go b/tls.go
index dc59862..ffd5084 100644
--- a/tls.go
+++ b/tls.go
@@ -1,5 +1,6 @@
 /*
-tofuproxy -- flexible HTTP/WARC proxy with TLS certificates management
+tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
+             manager, WARC/Gemini browser
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
@@ -18,19 +19,14 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 package tofuproxy
 
 import (
-	"context"
 	"crypto"
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"log"
-	"net"
 	"net/http"
 	"strings"
 	"time"
-
-	"go.cypherpunks.ru/ucspi"
-	"go.stargrave.org/tofuproxy/fifos"
 )
 
 var (
@@ -101,51 +97,3 @@ func (h *HTTPSHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	req.URL.Host = h.host
 	roundTrip(w, req)
 }
-
-func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
-	host := strings.Split(addr, ":")[0]
-	ccg := ClientCertificateGetter{host: host}
-	cfg := tls.Config{
-		VerifyPeerCertificate: func(
-			rawCerts [][]byte,
-			verifiedChains [][]*x509.Certificate,
-		) error {
-			return verifyCert(host, nil, rawCerts, verifiedChains)
-		},
-		ClientSessionCache:   sessionCache,
-		NextProtos:           []string{"h2", "http/1.1"},
-		GetClientCertificate: ccg.get,
-	}
-	conn, dialErr := tls.Dial(network, addr, &cfg)
-	if dialErr != nil {
-		if _, ok := dialErr.(ErrRejected); ok {
-			return nil, dialErr
-		}
-		cfg.InsecureSkipVerify = true
-		cfg.VerifyPeerCertificate = func(
-			rawCerts [][]byte,
-			verifiedChains [][]*x509.Certificate,
-		) error {
-			return verifyCert(host, dialErr, rawCerts, verifiedChains)
-		}
-		var err error
-		conn, err = tls.Dial(network, addr, &cfg)
-		if err != nil {
-			fifos.LogErr <- fmt.Sprintf("%s\t%s", addr, dialErr.Error())
-			return nil, err
-		}
-	}
-	connState := conn.ConnectionState()
-	if !connState.DidResume {
-		fifos.LogTLS <- fmt.Sprintf(
-			"%s\t%s %s %s\t%s\t%s",
-			addr,
-			ucspi.TLSVersion(connState.Version),
-			tls.CipherSuiteName(connState.CipherSuite),
-			connState.PeerCertificates[0].SignatureAlgorithm,
-			spkiHash(connState.PeerCertificates[0]),
-			connState.NegotiatedProtocol,
-		)
-	}
-	return conn, nil
-}