X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=tlsauth.go;h=8622a0cf85abb48b1d96f2d14ed57023ff6c5816;hb=1b3ef99af2896156902264aaccced15426874484;hp=531245d23f6e15773995a24bbc7655a4bc5c09ed;hpb=2a793fabff3fefc42e99a43a7a26eee2fb98badf;p=tofuproxy.git

diff --git a/tlsauth.go b/tlsauth.go
index 531245d..8622a0c 100644
--- a/tlsauth.go
+++ b/tlsauth.go
@@ -31,6 +31,7 @@ import (
 	"strings"
 
 	"go.cypherpunks.ru/ucspi"
+	"go.stargrave.org/tofuproxy/caches"
 	"go.stargrave.org/tofuproxy/fifos"
 )
 
@@ -38,11 +39,18 @@ var CCerts string
 
 type ClientCertificateGetter struct {
 	host string
+	auth bool
 }
 
 func (g *ClientCertificateGetter) get(
 	cri *tls.CertificateRequestInfo,
 ) (*tls.Certificate, error) {
+	caches.TLSAuthCacheM.RLock()
+	tlsCert := caches.TLSAuthCache[g.host]
+	caches.TLSAuthCacheM.RUnlock()
+	if tlsCert != nil {
+		return tlsCert, nil
+	}
 	var b bytes.Buffer
 	b.WriteString(fmt.Sprintf(`
 wm title . "TLS client authentication: %s"
@@ -107,6 +115,10 @@ grid .submit
 	if err != nil {
 		return &tls.Certificate{}, nil
 	}
-	fifos.SinkCert <- fmt.Sprintf("ClientAuth\t%s\t%s", g.host, certs[i].Subject)
+	fifos.LogTLSAuth <- fmt.Sprintf("%s\t%s", g.host, certs[i].Subject)
+	caches.TLSAuthCacheM.Lock()
+	caches.TLSAuthCache[g.host] = tlsCerts[i]
+	caches.TLSAuthCacheM.Unlock()
+	g.auth = true
 	return tlsCerts[i], nil
 }