"strings"
"go.cypherpunks.ru/ucspi"
+ "go.stargrave.org/tofuproxy/caches"
"go.stargrave.org/tofuproxy/fifos"
)
type ClientCertificateGetter struct {
host string
+ auth bool
}
func (g *ClientCertificateGetter) get(
cri *tls.CertificateRequestInfo,
) (*tls.Certificate, error) {
+ caches.TLSAuthCacheM.RLock()
+ tlsCert := caches.TLSAuthCache[g.host]
+ caches.TLSAuthCacheM.RUnlock()
+ if tlsCert != nil {
+ return tlsCert, nil
+ }
var b bytes.Buffer
b.WriteString(fmt.Sprintf(`
wm title . "TLS client authentication: %s"
if err != nil {
return &tls.Certificate{}, nil
}
- fifos.SinkCert <- fmt.Sprintf("ClientAuth\t%s\t%s", g.host, certs[i].Subject)
+ fifos.LogTLSAuth <- fmt.Sprintf("%s\t%s", g.host, certs[i].Subject)
+ caches.TLSAuthCacheM.Lock()
+ caches.TLSAuthCache[g.host] = tlsCerts[i]
+ caches.TLSAuthCacheM.Unlock()
+ g.auth = true
return tlsCerts[i], nil
}