2 tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
3 manager, WARC/geminispace browser
4 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, version 3 of the License.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
37 cn := flag.String("cn", "tofuproxy.localhost", "CommonName")
39 log.SetFlags(log.Lshortfile)
41 prv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
46 notBefore := time.Now()
47 notAfter := notBefore.Add(365 * 24 * time.Hour)
49 serialRaw := make([]byte, 16)
50 if _, err = io.ReadFull(rand.Reader, serialRaw); err != nil {
53 serial := big.NewInt(0)
54 serial = serial.SetBytes(serialRaw)
56 template := x509.Certificate{
58 Subject: pkix.Name{CommonName: *cn},
59 DNSNames: []string{*cn},
62 BasicConstraintsValid: true,
65 certRaw, err := x509.CreateCertificate(
66 rand.Reader, &template, &template, pub, prv,
71 if _, err = x509.ParseCertificate(certRaw); err != nil {
74 pkcs8, err := x509.MarshalPKCS8PrivateKey(prv)
79 err = pem.Encode(os.Stdout, &pem.Block{Type: "PRIVATE KEY", Bytes: pkcs8})
83 err = pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: certRaw})