import (
"context"
"crypto"
- "crypto/sha256"
"crypto/tls"
"crypto/x509"
- "encoding/hex"
"flag"
"fmt"
"io"
"os"
"os/exec"
"strings"
- "sync"
"time"
"github.com/dustin/go-humanize"
var (
tlsNextProtoS = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
- tlsNextProtoC = make(map[string]func(string, *tls.Conn) http.RoundTripper)
caCert *x509.Certificate
caPrv crypto.PrivateKey
- certs *string
- dnsSrv *string
transport = http.Transport{
- ForceAttemptHTTP2: false,
- DisableKeepAlives: true,
- MaxIdleConnsPerHost: 2,
- TLSNextProto: tlsNextProtoC,
- DialTLSContext: dialTLS,
+ ForceAttemptHTTP2: false,
+ TLSNextProto: make(map[string]func(string, *tls.Conn) http.RoundTripper),
+ DialTLSContext: dialTLS,
}
- accepted = make(map[string]string)
- acceptedM sync.RWMutex
- rejected = make(map[string]string)
- rejectedM sync.RWMutex
-
CmdDWebP = "dwebp"
CmdDJXL = "djxl"
)
-func spkiHash(cert *x509.Certificate) string {
- hsh := sha256.Sum256(cert.RawSubjectPublicKeyInfo)
- return hex.EncodeToString(hsh[:])
-}
-
-func acceptedAdd(addr, h string) {
- acceptedM.Lock()
- accepted[addr] = h
- acceptedM.Unlock()
-}
-
-func rejectedAdd(addr, h string) {
- rejectedM.Lock()
- rejected[addr] = h
- rejectedM.Unlock()
-}
-
-type ErrRejected struct {
- addr string
-}
-
-func (err ErrRejected) Error() string { return err.addr + " was rejected" }
-
func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
host := strings.TrimSuffix(addr, ":443")
cfg := tls.Config{
Handler: &Handler{},
TLSNextProto: tlsNextProtoS,
}
- srv.SetKeepAlivesEnabled(false)
log.Println("listening:", *bind)
if err := srv.Serve(ln); err != nil {
log.Fatalln(err)
import (
"bytes"
+ "crypto/sha256"
"crypto/x509"
+ "encoding/hex"
"encoding/pem"
"fmt"
"log"
"os/exec"
"path/filepath"
"strings"
+ "sync"
"go.cypherpunks.ru/ucspi"
)
var (
CmdCerttool = "certtool"
CmdWish = "wish8.7"
+
+ certs *string
+ accepted = make(map[string]string)
+ acceptedM sync.RWMutex
+ rejected = make(map[string]string)
+ rejectedM sync.RWMutex
)
+func spkiHash(cert *x509.Certificate) string {
+ hsh := sha256.Sum256(cert.RawSubjectPublicKeyInfo)
+ return hex.EncodeToString(hsh[:])
+}
+
+func acceptedAdd(addr, h string) {
+ acceptedM.Lock()
+ accepted[addr] = h
+ acceptedM.Unlock()
+}
+
+func rejectedAdd(addr, h string) {
+ rejectedM.Lock()
+ rejected[addr] = h
+ rejectedM.Unlock()
+}
+
+type ErrRejected struct {
+ addr string
+}
+
+func (err ErrRejected) Error() string { return err.addr + " was rejected" }
+
func certInfo(certRaw []byte) string {
cmd := exec.Command(CmdCerttool, "--certificate-info", "--inder")
cmd.Stdin = bytes.NewReader(certRaw)