X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=tls%2Fdane.go;h=f2db78331b3d2f448002f8af2632fe0d834f7e62;hb=29146b48a23355805345a7b7a656809cf624bb85;hp=22fad5dd6e5cccc9e3c34e9b579d88a821138cbc;hpb=6eee3c6c83cc535855e254426a90f7a2abba04ce;p=tofuproxy.git

diff --git a/tls/dane.go b/tls/dane.go
index 22fad5d..f2db783 100644
--- a/tls/dane.go
+++ b/tls/dane.go
@@ -1,7 +1,7 @@
 /*
-tofuproxy -- flexible HTTP proxy, TLS terminator, X.509 certificates
-             manager, WARC/Gemini browser
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+             manager, WARC/geminispace browser
+Copyright (C) 2021-2023 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -25,23 +25,23 @@ import (
 	"encoding/hex"
 	"fmt"
 	"log"
-	"strings"
 
 	"github.com/miekg/dns"
 )
 
 var DNSSrv string
 
-func dane(addr string, cert *x509.Certificate) (bool, bool) {
+func DANE(addr string, cert *x509.Certificate) (bool, bool) {
 	if DNSSrv == "" {
 		return false, false
 	}
-	host := addr
-	port := "443"
-	cols := strings.Split(addr, ":")
-	if len(cols) > 1 {
-		host = cols[0]
-		port = cols[1]
+	host, port, err := SplitHostPort(addr)
+	if err != nil {
+		log.Printf("can not split host+port: %s: %+v\n", addr, err)
+		return false, false
+	}
+	if port == "" {
+		port = "443"
 	}
 	m := new(dns.Msg)
 	m.SetQuestion(dns.Fqdn(fmt.Sprintf("_%s._tcp.%s", port, host)), dns.TypeTLSA)