~emersion/tlstunnel

7b0912cf3cf28da920cfe076b6dcae4b93a15a78 — Simon Ser 4 months ago 43f434b
Add support for TLS backends

Closes: https://todo.sr.ht/~emersion/tlstunnel/6
3 files changed, 17 insertions(+), 3 deletions(-)

M directives.go
M server.go
M tlstunnel.1.scd
M directives.go => directives.go +9 -0
@@ 94,6 94,15 @@ func parseBackend(backend *Backend, d *scfg.Directive) error {
	}

	switch u.Scheme {
	case "tls":
		host, _, err := net.SplitHostPort(u.Host)
		if err != nil {
			return fmt.Errorf("failed to parse backend address %q: %v", u.Host, err)
		}
		backend.TLSConfig = &tls.Config{
			ServerName: host,
		}
		fallthrough
	case "", "tcp":
		backend.Network = "tcp"
		backend.Address = u.Host

M server.go => server.go +7 -3
@@ 172,6 172,9 @@ func (fe *Frontend) handle(downstream net.Conn, tlsState *tls.ConnectionState) e
	if err != nil {
		return fmt.Errorf("failed to dial backend: %v", err)
	}
	if be.TLSConfig != nil {
		upstream = tls.Client(upstream, be.TLSConfig)
	}
	defer upstream.Close()

	if be.Proxy {


@@ 199,9 202,10 @@ func (fe *Frontend) handle(downstream net.Conn, tlsState *tls.ConnectionState) e
}

type Backend struct {
	Network string
	Address string
	Proxy   bool
	Network   string
	Address   string
	Proxy     bool
	TLSConfig *tls.Config // nil if no TLS
}

func duplexCopy(a, b io.ReadWriter) error {

M tlstunnel.1.scd => tlstunnel.1.scd +1 -0
@@ 50,6 50,7 @@ The following directives are supported:
		The following URIs are supported:

		- _[tcp://]<host>:<port>_ connects to a TCP server
		- _tls://<host>:<port>_ connects to a TLS over TCP server
		- _unix://<path>_ connects to a Unix socket

		The _+proxy_ suffix can be added to the URI scheme to forward