aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-03-23 20:03:28 +0100
committerDimitri Sokolyuk <demon@dim13.org>2016-03-23 20:03:28 +0100
commit9509cf74f017cb5e4e64c59d0b30bd5602626c01 (patch)
tree2cdd72b396aa191f0def253617c52c1f0cda6dd1
parent8941d819d53de276d56925877165310e9afd6648 (diff)
Fix cert issues
-rw-r--r--goxyctl/main.go29
-rw-r--r--main.go23
-rw-r--r--rpc.go9
3 files changed, 33 insertions, 28 deletions
diff --git a/goxyctl/main.go b/goxyctl/main.go
index 39f8c6d..64af637 100644
--- a/goxyctl/main.go
+++ b/goxyctl/main.go
@@ -1,10 +1,8 @@
package main
import (
- "crypto/rsa"
- "crypto/tls"
- "encoding/gob"
"flag"
+ "io/ioutil"
"log"
"net/rpc"
)
@@ -18,30 +16,29 @@ var (
remove = flag.Bool("remove", false, "remove entry")
)
-type Entry struct {
+type RPCEntry struct {
ServerName string
Upstream string
- Cert *tls.Certificate
-}
-
-func init() {
- gob.Register(rsa.PrivateKey{})
+ Cert []byte
+ Key []byte
}
func main() {
flag.Parse()
- e := Entry{
+ e := RPCEntry{
ServerName: *servername,
Upstream: *upstream,
}
if *keyfile != "" && *crtfile != "" {
- crt, err := tls.LoadX509KeyPair(*crtfile, *keyfile)
- if err != nil {
+ var err error
+ if e.Cert, err = ioutil.ReadFile(*crtfile); err != nil {
+ log.Fatal(err)
+ }
+ if e.Key, err = ioutil.ReadFile(*keyfile); err != nil {
log.Fatal(err)
}
- e.Cert = &crt
}
client, err := rpc.DialHTTP("tcp", *rpcserver)
@@ -56,10 +53,10 @@ func main() {
case e.ServerName != "" && *remove:
err = client.Call("GoXY.Del", e, nil)
default:
- var r map[string]Entry
+ var r []RPCEntry
err = client.Call("GoXY.List", struct{}{}, &r)
- for k, v := range r {
- log.Println(k, v)
+ for _, v := range r {
+ log.Println(v.ServerName, "->", v.Upstream)
}
}
if err != nil {
diff --git a/main.go b/main.go
index 78aeca5..b0eafdd 100644
--- a/main.go
+++ b/main.go
@@ -25,22 +25,31 @@ type Route map[string]Entry
type Entry struct {
ServerName string
Upstream string
- Cert *tls.Certificate
+ Cert []byte
+ Key []byte
+ cert *tls.Certificate
}
func (r Route) SNI(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
- if e, ok := r[h.ServerName]; ok && e.Cert != nil {
- return e.Cert, nil
+ if e, ok := r[h.ServerName]; ok && e.cert != nil {
+ return e.cert, nil
}
return nil, errors.New("no cert for " + h.ServerName)
}
-func (r Route) Restore() {
+func (r Route) Restore() error {
// FIXME assignment copies lock value to *mux: net/http.ServeMux contains sync.RWMutex
*mux = *http.NewServeMux()
- for _, e := range route {
- e.NewHandle()
+ for k, v := range route {
+ cert, err := tls.X509KeyPair(v.Cert, v.Key)
+ if err != nil {
+ return err
+ }
+ v.cert = &cert
+ r[k] = v
+ v.NewHandle()
}
+ return nil
}
func (e Entry) NewHandle() error {
@@ -54,7 +63,7 @@ func (e Entry) NewHandle() error {
}
func (e Entry) String() string {
- if e.Cert != nil {
+ if e.cert != nil {
return e.ServerName + " -> " + e.Upstream + " with TLS"
} else {
return e.ServerName + " -> " + e.Upstream
diff --git a/rpc.go b/rpc.go
index 589ca92..e7ab0d9 100644
--- a/rpc.go
+++ b/rpc.go
@@ -1,8 +1,6 @@
package main
import (
- "crypto/rsa"
- "encoding/gob"
"log"
"net/rpc"
)
@@ -10,7 +8,6 @@ import (
type GoXY struct{}
func init() {
- gob.Register(rsa.PrivateKey{})
rpc.Register(GoXY{})
}
@@ -30,7 +27,9 @@ func (GoXY) Del(e Entry, _ *struct{}) error {
return nil
}
-func (GoXY) List(_ struct{}, r *Route) error {
- *r = route
+func (GoXY) List(_ struct{}, r *[]Entry) error {
+ for _, v := range route {
+ *r = append(*r, v)
+ }
return nil
}