From: Sergey Matveev <stargrave@stargrave.org>
Date: Mon, 6 Sep 2021 12:52:40 +0000 (+0300)
Subject: HTTP/2.0
X-Git-Tag: v0.1.0~87
X-Git-Url: http://www.git.stargrave.org/?p=tofuproxy.git;a=commitdiff_plain;h=4877ccb6fc682f9f56b4a40532e62eda2625b3f8

HTTP/2.0
---

diff --git a/conn.go b/conn.go
index 1542abd..fbb8a5c 100644
--- a/conn.go
+++ b/conn.go
@@ -25,6 +25,7 @@ import (
 type SingleConn struct {
 	conn net.Conn
 	ln   *SingleListener
+	once sync.Once
 }
 
 func (conn *SingleConn) Read(b []byte) (int, error) { return conn.conn.Read(b) }
@@ -32,7 +33,7 @@ func (conn *SingleConn) Read(b []byte) (int, error) { return conn.conn.Read(b) }
 func (conn *SingleConn) Write(b []byte) (int, error) { return conn.conn.Write(b) }
 
 func (conn *SingleConn) Close() error {
-	conn.ln.Unlock()
+	conn.once.Do(conn.ln.Unlock)
 	return conn.conn.Close()
 }
 
@@ -62,7 +63,7 @@ func (ln *SingleListener) Accept() (net.Conn, error) {
 		return nil, AlreadyAccepted{}
 	}
 	ln.accepted = true
-	return &SingleConn{ln.conn, ln}, nil
+	return &SingleConn{conn: ln.conn, ln: ln}, nil
 }
 
 func (ln *SingleListener) Close() error { return nil }
diff --git a/doc/index.texi b/doc/index.texi
index 62b18bc..a860f63 100644
--- a/doc/index.texi
+++ b/doc/index.texi
@@ -91,6 +91,9 @@ creating some kind of complex configuration framework.
 
 @item TLS session resumption is also supported.
 
+@item And Go itself tries also to act as a
+@url{https://http2.github.io/, HTTP/2} client too.
+
 @end itemize
 
 @image{dialog,,,Example dialog,.webp}
diff --git a/main.go b/main.go
index 69448ce..663bf95 100644
--- a/main.go
+++ b/main.go
@@ -42,9 +42,8 @@ var (
 	caCert        *x509.Certificate
 	caPrv         crypto.PrivateKey
 	transport     = http.Transport{
-		ForceAttemptHTTP2: false,
-		TLSNextProto:      make(map[string]func(string, *tls.Conn) http.RoundTripper),
 		DialTLSContext:    dialTLS,
+		ForceAttemptHTTP2: true,
 	}
 	sessionCache = tls.NewLRUClientSessionCache(1024)
 
@@ -62,6 +61,7 @@ func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
 			return verifyCert(host, nil, rawCerts, verifiedChains)
 		},
 		ClientSessionCache: sessionCache,
+		NextProtos:         []string{"h2", "http/1.1"},
 	}
 	conn, dialErr := tls.Dial(network, addr, &cfg)
 	if dialErr != nil {
@@ -83,17 +83,16 @@ func dialTLS(ctx context.Context, network, addr string) (net.Conn, error) {
 		}
 	}
 	connState := conn.ConnectionState()
-	msg := fmt.Sprintf(
-		"%s\t%s %s\t%s",
-		strings.TrimSuffix(addr, ":443"),
-		ucspi.TLSVersion(connState.Version),
-		tls.CipherSuiteName(connState.CipherSuite),
-		spkiHash(connState.PeerCertificates[0]),
-	)
 	if connState.DidResume {
-		msg += "\tresumed"
+		sinkTLS <- fmt.Sprintf(
+			"%s\t%s %s\t%s\t%s",
+			strings.TrimSuffix(addr, ":443"),
+			ucspi.TLSVersion(connState.Version),
+			tls.CipherSuiteName(connState.CipherSuite),
+			spkiHash(connState.PeerCertificates[0]),
+			connState.NegotiatedProtocol,
+		)
 	}
-	sinkTLS <- msg
 	return conn, nil
 }
 
diff --git a/verify.go b/verify.go
index f6844cd..7844d14 100644
--- a/verify.go
+++ b/verify.go
@@ -42,6 +42,7 @@ var (
 	acceptedM sync.RWMutex
 	rejected  = make(map[string]string)
 	rejectedM sync.RWMutex
+	VerifyM   sync.Mutex
 )
 
 func spkiHash(cert *x509.Certificate) string {
@@ -103,6 +104,8 @@ func verifyCert(
 		}
 	}
 	certTheirHash := spkiHash(certTheir)
+	VerifyM.Lock()
+	defer VerifyM.Unlock()
 	acceptedM.RLock()
 	certOurHash := accepted[host]
 	acceptedM.RUnlock()