]> Sergey Matveev's repositories - tofuproxy.git/blobdiff - tls/tlsauth.go
projects / tofuproxy.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
gemini:// support
[tofuproxy.git] / tls / tlsauth.go
diff --git a/tlsauth.go b/tls/tlsauth.go
similarity index 86%
rename from tlsauth.go
rename to tls/tlsauth.go
index fd9839a54b39885e2abaf6916aa524b9393687a7..1d47670d9d2d2d70e47c2464c997c168a4851f01 100644 (file)
--- a/tlsauth.go
+++ b/tls/tlsauth.go
@@ -1,5 +1,6 @@
 /*
-tofuproxy -- flexible HTTP/WARC proxy with TLS certificates management
+tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
+             manager, WARC/Gemini browser
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
@@ -75,6 +76,7 @@ grid .login
 
 bind . <KeyPress> {switch -exact %%K {
     q {exit 0} ; # reject once
+    n {puts "0:NONE" ; exit}
     l login
 }}
 
@@ -100,6 +102,9 @@ foreach sigScheme {%s} {
        }
        certs := make([]*x509.Certificate, 0, len(ents))
        tlsCerts := make([]*tls.Certificate, 0, len(ents))
+       b.WriteString(".lb insert end \"0: NONE\"\n")
+       certs = append(certs, nil)
+       tlsCerts = append(tlsCerts, nil)
        for i, ent := range ents {
                p := filepath.Join(CCerts, ent.Name())
                _, cert, err := ucspi.CertificateFromFile(p)
@@ -115,7 +120,7 @@ foreach sigScheme {%s} {
                        Certificate: [][]byte{cert.Raw},
                        PrivateKey:  prv,
                })
-               b.WriteString(fmt.Sprintf(".lb insert end \"%d: %s\"\n", i, cert.Subject))
+               b.WriteString(fmt.Sprintf(".lb insert end \"%d: %s\"\n", i+1, cert.Subject))
        }
        // ioutil.WriteFile("/tmp/tls-auth-dialog.tcl", b.Bytes(), 0666)
        cmd := exec.Command(CmdWish)
@@ -133,6 +138,13 @@ foreach sigScheme {%s} {
        if err != nil {
                return &tls.Certificate{}, nil
        }
+       if i == 0 {
+               dummy := tls.Certificate{}
+               caches.TLSAuthCacheM.Lock()
+               caches.TLSAuthCache[g.host] = &dummy
+               caches.TLSAuthCacheM.Unlock()
+               return &dummy, nil
+       }
        fifos.LogTLSAuth <- fmt.Sprintf("%s\t%s", g.host, certs[i].Subject)
        caches.TLSAuthCacheM.Lock()
        caches.TLSAuthCache[g.host] = tlsCerts[i]
Flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU manager, WARC/geminispace browser