X-Git-Url: http://www.git.stargrave.org/?p=tofuproxy.git;a=blobdiff_plain;f=tls.go;h=b73d42eebfd29f5242135d3927b5d30c14e7caf5;hp=05d21db2fc6dffc8ea117e3808a4ba0a10f5b152;hb=HEAD;hpb=decb4bfb406665dde1233e9936fee3edfe3e81da

diff --git a/tls.go b/tls.go
index 05d21db..889dba7 100644
--- a/tls.go
+++ b/tls.go
@@ -1,20 +1,18 @@
-/*
-tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
-             manager, WARC/geminispace browser
-Copyright (C) 2021-2022 Sergey Matveev <stargrave@stargrave.org>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
+// tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+//              manager, WARC/geminispace browser
+// Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 package tofuproxy
 
@@ -25,15 +23,15 @@ import (
 	"fmt"
 	"log"
 	"net/http"
-	"strings"
 	"time"
+
+	ttls "go.stargrave.org/tofuproxy/tls"
 )
 
 var (
 	TLSNextProtoS = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
 	CACert        *x509.Certificate
 	CAPrv         crypto.PrivateKey
-	sessionCache  = tls.NewLRUClientSessionCache(1024)
 )
 
 type Handler struct{}
@@ -52,16 +50,15 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		log.Fatalln(err)
 	}
 	defer conn.Close()
-	conn.Write([]byte(fmt.Sprintf(
-		"%s %d %s\r\n\r\n",
-		req.Proto,
-		http.StatusOK, http.StatusText(http.StatusOK),
-	)))
-	host := strings.Split(req.Host, ":")[0]
+	fmt.Fprintf(
+		conn, "%s %d %s\r\n\r\n",
+		req.Proto, http.StatusOK, http.StatusText(http.StatusOK),
+	)
+	host, _, _ := ttls.SplitHostPort(req.Host)
 	hostCertsM.Lock()
 	keypair, ok := hostCerts[host]
 	if !ok || !keypair.cert.NotAfter.After(time.Now().Add(time.Hour)) {
-		keypair = newKeypair(host, CACert, CAPrv)
+		keypair = newX509Keypair(host, CACert, CAPrv)
 		hostCerts[host] = keypair
 	}
 	hostCertsM.Unlock()