/*
-tofuproxy -- flexible HTTP/WARC proxy with TLS certificates management
+tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
+ manager, WARC/Gemini browser
Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
bind . <KeyPress> {switch -exact %%K {
q {exit 0} ; # reject once
+ n {puts "0:NONE" ; exit}
l login
}}
}
certs := make([]*x509.Certificate, 0, len(ents))
tlsCerts := make([]*tls.Certificate, 0, len(ents))
+ b.WriteString(".lb insert end \"0: NONE\"\n")
+ certs = append(certs, nil)
+ tlsCerts = append(tlsCerts, nil)
for i, ent := range ents {
p := filepath.Join(CCerts, ent.Name())
_, cert, err := ucspi.CertificateFromFile(p)
Certificate: [][]byte{cert.Raw},
PrivateKey: prv,
})
- b.WriteString(fmt.Sprintf(".lb insert end \"%d: %s\"\n", i, cert.Subject))
+ b.WriteString(fmt.Sprintf(".lb insert end \"%d: %s\"\n", i+1, cert.Subject))
}
// ioutil.WriteFile("/tmp/tls-auth-dialog.tcl", b.Bytes(), 0666)
cmd := exec.Command(CmdWish)
if err != nil {
return &tls.Certificate{}, nil
}
+ if i == 0 {
+ dummy := tls.Certificate{}
+ caches.TLSAuthCacheM.Lock()
+ caches.TLSAuthCache[g.host] = &dummy
+ caches.TLSAuthCacheM.Unlock()
+ return &dummy, nil
+ }
fifos.LogTLSAuth <- fmt.Sprintf("%s\t%s", g.host, certs[i].Subject)
caches.TLSAuthCacheM.Lock()
caches.TLSAuthCache[g.host] = tlsCerts[i]