X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=verify.go;h=4c20c0e6f55f8c1e65e1a5899e8bad1c957e5fa0;hb=4473383b88399bbc5433a9292847d954087c8d61;hp=7844d14f97ee8bc1542614b930971e24348064dc;hpb=4a08befbafd49a1471ab629de4ab58621c702f32;p=tofuproxy.git

diff --git a/verify.go b/verify.go
index 7844d14..4c20c0e 100644
--- a/verify.go
+++ b/verify.go
@@ -1,4 +1,5 @@
 /*
+tofuproxy -- HTTP proxy with TLS certificates management
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
@@ -14,7 +15,7 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-package main
+package tofuproxy
 
 import (
 	"bytes"
@@ -31,13 +32,14 @@ import (
 	"sync"
 
 	"go.cypherpunks.ru/ucspi"
+	"go.stargrave.org/tofuproxy/fifos"
 )
 
 var (
 	CmdCerttool = "certtool"
-	CmdWish     = "wish8.7"
+	CmdWish     = "wish8.6"
 
-	certs     *string
+	Certs     string
 	accepted  = make(map[string]string)
 	acceptedM sync.RWMutex
 	rejected  = make(map[string]string)
@@ -121,18 +123,18 @@ func verifyCert(
 	daneExists, daneMatched := dane(host, certTheir)
 	if daneExists {
 		if daneMatched {
-			sinkCert <- fmt.Sprintf("DANE\t%s\tmatched", host)
+			fifos.SinkCert <- fmt.Sprintf("DANE\t%s\tmatched", host)
 		} else {
-			sinkErr <- fmt.Sprintf("DANE\t%s\tnot matched", host)
+			fifos.SinkErr <- fmt.Sprintf("DANE\t%s\tnot matched", host)
 		}
 	}
-	fn := filepath.Join(*certs, host)
+	fn := filepath.Join(Certs, host)
 	certsOur, _, err := ucspi.CertPoolFromFile(fn)
 	if err == nil || dialErr != nil || (daneExists && !daneMatched) {
 		if certsOur != nil && certTheirHash == spkiHash(certsOur[0]) {
 			acceptedAdd(host, certTheirHash)
 			if bytes.Compare(certsOur[0].Raw, rawCerts[0]) != 0 {
-				sinkCert <- fmt.Sprintf("Refresh\t%s\t%s", host, certTheirHash)
+				fifos.SinkCert <- fmt.Sprintf("Refresh\t%s\t%s", host, certTheirHash)
 				goto CertUpdate
 			}
 			return nil
@@ -201,32 +203,32 @@ grid columnconfigure . 0 -weight 1
 		err = cmd.Run()
 		exitError, ok := err.(*exec.ExitError)
 		if !ok {
-			sinkCert <- fmt.Sprintf("DENY\t%s\t%s", host, certTheirHash)
+			fifos.SinkCert <- fmt.Sprintf("DENY\t%s\t%s", host, certTheirHash)
 			return ErrRejected{host}
 		}
 		switch exitError.ExitCode() {
 		case 10:
-			sinkCert <- fmt.Sprintf("ADD\t%s\t%s", host, certTheirHash)
+			fifos.SinkCert <- fmt.Sprintf("ADD\t%s\t%s", host, certTheirHash)
 			goto CertUpdate
 		case 11:
-			sinkCert <- fmt.Sprintf("ONCE\t%s\t%s", host, certTheirHash)
+			fifos.SinkCert <- fmt.Sprintf("ONCE\t%s\t%s", host, certTheirHash)
 			acceptedAdd(host, certTheirHash)
 			return nil
 		case 12:
 			rejectedAdd(host, certTheirHash)
 			fallthrough
 		default:
-			sinkCert <- fmt.Sprintf("DENY\t%s\t%s", host, certTheirHash)
+			fifos.SinkCert <- fmt.Sprintf("DENY\t%s\t%s", host, certTheirHash)
 			return ErrRejected{host}
 		}
 	} else {
 		if !os.IsNotExist(err) {
 			return err
 		}
-		sinkCert <- fmt.Sprintf("TOFU\t%s\t%s", host, certTheirHash)
+		fifos.SinkCert <- fmt.Sprintf("TOFU\t%s\t%s", host, certTheirHash)
 	}
 CertUpdate:
-	tmp, err := os.CreateTemp(*certs, "")
+	tmp, err := os.CreateTemp(Certs, "")
 	if err != nil {
 		log.Fatalln(err)
 	}