Compatibility with raw IPv6 addresses as hostname

diff --git a/tls.go b/tls.go
index 05d21db2fc6dffc8ea117e3808a4ba0a10f5b152..0fb4ae14c2c69dddc554b77f16861ec00005e10a 100644 (file)
--- a/tls.go
+++ b/tls.go
@@ -25,8 +25,9 @@ import (
        "fmt"
        "log"
        "net/http"
-       "strings"
        "time"
+
+       ttls "go.stargrave.org/tofuproxy/tls"
 )
 
 var (
@@ -57,7 +58,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
                req.Proto,
                http.StatusOK, http.StatusText(http.StatusOK),
        )))
-       host := strings.Split(req.Host, ":")[0]
+       host, _, _ := ttls.SplitHostPort(req.Host)
        hostCertsM.Lock()
        keypair, ok := hostCerts[host]
        if !ok || !keypair.cert.NotAfter.After(time.Now().Add(time.Hour)) {

diff --git a/tls/dane.go b/tls/dane.go
index ba6e7d059422718af4c74e934df409940c9afc43..b970cc226fc9276563b15b2e613a2e651710a83a 100644 (file)
--- a/tls/dane.go
+++ b/tls/dane.go
@@ -25,7 +25,6 @@ import (
        "encoding/hex"
        "fmt"
        "log"
-       "strings"
 
        "github.com/miekg/dns"
 )
@@ -36,12 +35,13 @@ func DANE(addr string, cert *x509.Certificate) (bool, bool) {
        if DNSSrv == "" {
                return false, false
        }
-       host := addr
-       port := "443"
-       cols := strings.Split(addr, ":")
-       if len(cols) > 1 {
-               host = cols[0]
-               port = cols[1]
+       host, port, err := SplitHostPort(addr)
+       if err != nil {
+               log.Printf("can not split host+port: %s: %+v\n", addr, err)
+               return false, false
+       }
+       if port == "" {
+               port = "443"
        }
        m := new(dns.Msg)
        m.SetQuestion(dns.Fqdn(fmt.Sprintf("_%s._tcp.%s", port, host)), dns.TypeTLSA)

diff --git a/tls/dial.go b/tls/dial.go
index f2286d772a8d8838f1048c44cf7e5d69298580f0..2b61daca266e57b64fd427fe871ab348b9db6c23 100644 (file)
--- a/tls/dial.go
+++ b/tls/dial.go
@@ -24,7 +24,6 @@ import (
        "crypto/x509"
        "fmt"
        "net"
-       "strings"
 
        "go.cypherpunks.ru/ucspi"
        "go.stargrave.org/tofuproxy/fifos"
@@ -33,7 +32,7 @@ import (
 var sessionCache = tls.NewLRUClientSessionCache(1024)
 
 func DialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
-       host := strings.Split(addr, ":")[0]
+       host, _, _ := SplitHostPort(addr)
        ccg := ClientCertificateGetter{host: host}
        cfg := tls.Config{
                VerifyPeerCertificate: func(

diff --git a/tls/hostport.go b/tls/hostport.go
new file mode 100644 (file)
index 0000000..14b1ce3
--- /dev/null
+++ b/tls/hostport.go
@@ -0,0 +1,20 @@
+package tofuproxy
+
+import (
+       "net"
+       "strings"
+)
+
+func SplitHostPort(addr string) (string, string, error) {
+       if net.ParseIP(addr) != nil {
+               return addr, "", nil
+       }
+       host, port, err := net.SplitHostPort(addr)
+       if err == nil {
+               return host, port, nil
+       }
+       if strings.Contains(err.Error(), "missing port") {
+               return addr, "", nil
+       }
+       return addr, "", err
+}