X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=fifos%2Ftls.go;fp=fifos%2Ftls.go;h=285ed3a39575472d531c3a950294dc066ad46cf8;hb=aca0f719ffa95e51420a625813f2f4cbf1d5397c;hp=0000000000000000000000000000000000000000;hpb=80f011b4e856b5598d17abb172687b228fac9641;p=tofuproxy.git diff --git a/fifos/tls.go b/fifos/tls.go new file mode 100644 index 0000000..285ed3a --- /dev/null +++ b/fifos/tls.go @@ -0,0 +1,62 @@ +/* +tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU + manager, WARC/geminispace browser +Copyright (C) 2021 Sergey Matveev + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 3 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +*/ + +package fifos + +import ( + "crypto/tls" + "log" + "strings" + + "go.cypherpunks.ru/ucspi" + "go.stargrave.org/tofuproxy/caches" +) + +func addTLSAuth(p string) { + for { + for _, line := range readLinesFromFIFO(p) { + cols := strings.SplitN(line, " ", 2) + if len(cols) != 2 { + log.Println("invalid add-tls-auth line format") + continue + } + if cols[1] == "NONE" { + caches.TLSAuthCacheM.Lock() + caches.TLSAuthCache[cols[0]] = &tls.Certificate{} + caches.TLSAuthCacheM.Unlock() + log.Printf("%s: added host %s: NONE\n", p, cols[0]) + continue + } + _, cert, err := ucspi.CertificateFromFile(cols[1]) + if err != nil { + log.Fatalln(err) + } + prv, err := ucspi.PrivateKeyFromFile(cols[1]) + if err != nil { + log.Fatalln(err) + } + caches.TLSAuthCacheM.Lock() + caches.TLSAuthCache[cols[0]] = &tls.Certificate{ + Certificate: [][]byte{cert.Raw}, + PrivateKey: prv, + } + caches.TLSAuthCacheM.Unlock() + log.Printf("%s: added host %s: %s\n", p, cols[0], cert.Subject) + } + } +}