1 // tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
2 // manager, WARC/geminispace browser
3 // Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
5 // This program is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, version 3 of the License.
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with this program. If not, see <http://www.gnu.org/licenses/>.
24 "go.cypherpunks.ru/ucspi"
25 "go.stargrave.org/tofuproxy/caches"
28 func addTLSAuth(p string) {
30 for _, line := range readLinesFromFIFO(p) {
31 cols := strings.SplitN(line, " ", 2)
33 log.Println("invalid add-tls-auth line format")
36 if cols[1] == "NONE" {
37 caches.TLSAuthCacheM.Lock()
38 caches.TLSAuthCache[cols[0]] = &tls.Certificate{}
39 caches.TLSAuthCacheM.Unlock()
40 log.Printf("%s: added host %s: NONE\n", p, cols[0])
43 _, cert, err := ucspi.CertificateFromFile(cols[1])
47 prv, err := ucspi.PrivateKeyFromFile(cols[1])
51 caches.TLSAuthCacheM.Lock()
52 caches.TLSAuthCache[cols[0]] = &tls.Certificate{
53 Certificate: [][]byte{cert.Raw},
56 caches.TLSAuthCacheM.Unlock()
57 log.Printf("%s: added host %s: %s\n", p, cols[0], cert.Subject)