~emersion/tlstunnel

fd462140366c36924d85172fbed149e6e6b5c0f9 — Simon Ser 8 days ago cef64c5
Store certificates in /var/lib/tlstunnel by default
3 files changed, 16 insertions(+), 7 deletions(-)

M Makefile
M cmd/tlstunnel/main.go
M server.go
M Makefile => Makefile +3 -1
@@ 9,9 9,11 @@ PREFIX = /usr/local
BINDIR = $(PREFIX)/bin
MANDIR = $(PREFIX)/share/man
SYSCONFDIR = /etc
SHAREDSTATEDIR = /var/lib

goflags = $(GOFLAGS) \
	-ldflags="-X 'main.configPath=$(SYSCONFDIR)/tlstunnel/config'"
	-ldflags="-X main.configPath='$(SYSCONFDIR)/tlstunnel/config' \
		-X main.certDataPath='$(SHAREDSTATEDIR)/tlstunnel'"

all: tlstunnel tlstunnel.1


M cmd/tlstunnel/main.go => cmd/tlstunnel/main.go +9 -1
@@ 5,9 5,13 @@ import (
	"log"

	"git.sr.ht/~emersion/tlstunnel"
	"github.com/caddyserver/certmagic"
)

var configPath = "config"
var (
	configPath = "config"
	certDataPath = ""
)

func main() {
	flag.StringVar(&configPath, "config", configPath, "path to configuration file")


@@ 20,6 24,10 @@ func main() {

	srv := tlstunnel.NewServer()

	if certDataPath != "" {
		srv.ACMEConfig.Storage = &certmagic.FileStorage{Path: certDataPath}
	}

	if err := srv.Load(cfg); err != nil {
		log.Fatal(err)
	}

M server.go => server.go +4 -5
@@ 17,8 17,7 @@ type Server struct {
	Frontends    []*Frontend
	ManagedNames []string
	ACMEManager  *certmagic.ACMEManager

	certmagic *certmagic.Config
	ACMEConfig   *certmagic.Config
}

func NewServer() *Server {


@@ 34,7 33,7 @@ func NewServer() *Server {
	return &Server{
		Listeners:   make(map[string]*Listener),
		ACMEManager: mgr,
		certmagic:   cfg,
		ACMEConfig:  cfg,
	}
}



@@ 53,7 52,7 @@ func (srv *Server) RegisterListener(addr string) *Listener {
}

func (srv *Server) Start() error {
	if err := srv.certmagic.ManageAsync(context.Background(), srv.ManagedNames); err != nil {
	if err := srv.ACMEConfig.ManageAsync(context.Background(), srv.ManagedNames); err != nil {
		return fmt.Errorf("failed to manage TLS certificates: %v", err)
	}



@@ 122,7 121,7 @@ func (ln *Listener) handle(conn net.Conn) error {
	defer conn.Close()

	// TODO: setup timeouts
	tlsConn := tls.Server(conn, ln.Server.certmagic.TLSConfig())
	tlsConn := tls.Server(conn, ln.Server.ACMEConfig.TLSConfig())
	if err := tlsConn.Handshake(); err != nil {
		return err
	}