From 8b5dc9dccbad7d935537464b8ffee607a247bc71 Mon Sep 17 00:00:00 2001 From: Vladislav Yarmak Date: Sun, 4 Sep 2022 23:07:14 +0300 Subject: [PATCH] autocert --- go.sum | 2 ++ main.go | 43 +++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/go.sum b/go.sum index 6760904..2068491 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,9 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/main.go b/main.go index 93716dc..71d3425 100644 --- a/main.go +++ b/main.go @@ -7,10 +7,15 @@ import ( "log" "net/http" "os" + "path/filepath" + "strings" "time" + + "golang.org/x/crypto/acme/autocert" ) var ( + home, _ = os.UserHomeDir() version = "undefined" ) @@ -26,6 +31,23 @@ func arg_fail(msg string) { os.Exit(2) } +type CSVArg []string + +func (a *CSVArg) Set(s string) error { + *a = strings.Split(s, ",") + return nil +} + +func (a *CSVArg) String() string { + if a == nil { + return "" + } + if *a == nil { + return "" + } + return strings.Join(*a, ",") +} + type CLIArgs struct { bind_address string auth string @@ -35,7 +57,10 @@ type CLIArgs struct { list_ciphers bool ciphers string disableHTTP2 bool - showVersion bool + showVersion bool + autocert bool + autocertWhitelist CSVArg + autocertDir string } func list_ciphers() { @@ -58,6 +83,9 @@ func parse_args() CLIArgs { flag.StringVar(&args.ciphers, "ciphers", "", "colon-separated list of enabled ciphers") flag.BoolVar(&args.disableHTTP2, "disable-http2", false, "disable HTTP2") flag.BoolVar(&args.showVersion, "version", false, "show program version and exit") + flag.BoolVar(&args.autocert, "autocert", false, "issue TLS certificates automatically") + flag.Var(&args.autocertWhitelist, "autocert-whitelist", "restrict autocert domains to this comma-separated list") + flag.StringVar(&args.autocertDir, "autocert-dir", filepath.Join(home, ".dumbproxy", "autocert"), "path to autocert cache") flag.Parse() return args } @@ -70,7 +98,6 @@ func run() int { return 0 } - if args.list_ciphers { list_ciphers() return 0 @@ -116,6 +143,18 @@ func run() int { cfg.CipherSuites = makeCipherList(args.ciphers) server.TLSConfig = cfg err = server.ListenAndServeTLS("", "") + } else if args.autocert { + m := &autocert.Manager{ + Cache: autocert.DirCache(args.autocertDir), + Prompt: autocert.AcceptTOS, + } + if args.autocertWhitelist != nil { + m.HostPolicy = autocert.HostWhitelist([]string(args.autocertWhitelist)...) + } + cfg := m.TLSConfig() + cfg.CipherSuites = makeCipherList(args.ciphers) + server.TLSConfig = cfg + err = server.ListenAndServeTLS("", "") } else { err = server.ListenAndServe() }