"fmt"
"log"
"net/http"
- "strings"
"time"
+
+ ttls "go.stargrave.org/tofuproxy/tls"
)
var (
req.Proto,
http.StatusOK, http.StatusText(http.StatusOK),
)))
- host := strings.Split(req.Host, ":")[0]
+ host, _, _ := ttls.SplitHostPort(req.Host)
hostCertsM.Lock()
keypair, ok := hostCerts[host]
if !ok || !keypair.cert.NotAfter.After(time.Now().Add(time.Hour)) {
"encoding/hex"
"fmt"
"log"
- "strings"
"github.com/miekg/dns"
)
if DNSSrv == "" {
return false, false
}
- host := addr
- port := "443"
- cols := strings.Split(addr, ":")
- if len(cols) > 1 {
- host = cols[0]
- port = cols[1]
+ host, port, err := SplitHostPort(addr)
+ if err != nil {
+ log.Printf("can not split host+port: %s: %+v\n", addr, err)
+ return false, false
+ }
+ if port == "" {
+ port = "443"
}
m := new(dns.Msg)
m.SetQuestion(dns.Fqdn(fmt.Sprintf("_%s._tcp.%s", port, host)), dns.TypeTLSA)
"crypto/x509"
"fmt"
"net"
- "strings"
"go.cypherpunks.ru/ucspi"
"go.stargrave.org/tofuproxy/fifos"
var sessionCache = tls.NewLRUClientSessionCache(1024)
func DialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
- host := strings.Split(addr, ":")[0]
+ host, _, _ := SplitHostPort(addr)
ccg := ClientCertificateGetter{host: host}
cfg := tls.Config{
VerifyPeerCertificate: func(
--- /dev/null
+package tofuproxy
+
+import (
+ "net"
+ "strings"
+)
+
+func SplitHostPort(addr string) (string, string, error) {
+ if net.ParseIP(addr) != nil {
+ return addr, "", nil
+ }
+ host, port, err := net.SplitHostPort(addr)
+ if err == nil {
+ return host, port, nil
+ }
+ if strings.Contains(err.Error(), "missing port") {
+ return addr, "", nil
+ }
+ return addr, "", err
+}