--- /dev/null
+/*
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+ manager, WARC/geminispace browser
+Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 3 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package fifos
+
+import (
+ "crypto/tls"
+ "log"
+ "strings"
+
+ "go.cypherpunks.ru/ucspi"
+ "go.stargrave.org/tofuproxy/caches"
+)
+
+func addTLSAuth(p string) {
+ for {
+ for _, line := range readLinesFromFIFO(p) {
+ cols := strings.SplitN(line, " ", 2)
+ if len(cols) != 2 {
+ log.Println("invalid add-tls-auth line format")
+ continue
+ }
+ if cols[1] == "NONE" {
+ caches.TLSAuthCacheM.Lock()
+ caches.TLSAuthCache[cols[0]] = &tls.Certificate{}
+ caches.TLSAuthCacheM.Unlock()
+ log.Printf("%s: added host %s: NONE\n", p, cols[0])
+ continue
+ }
+ _, cert, err := ucspi.CertificateFromFile(cols[1])
+ if err != nil {
+ log.Fatalln(err)
+ }
+ prv, err := ucspi.PrivateKeyFromFile(cols[1])
+ if err != nil {
+ log.Fatalln(err)
+ }
+ caches.TLSAuthCacheM.Lock()
+ caches.TLSAuthCache[cols[0]] = &tls.Certificate{
+ Certificate: [][]byte{cert.Raw},
+ PrivateKey: prv,
+ }
+ caches.TLSAuthCacheM.Unlock()
+ log.Printf("%s: added host %s: %s\n", p, cols[0], cert.Subject)
+ }
+ }
+}