aboutsummaryrefslogtreecommitdiff
path: root/main.go
diff options
context:
space:
mode:
Diffstat (limited to 'main.go')
-rw-r--r--main.go23
1 files changed, 16 insertions, 7 deletions
diff --git a/main.go b/main.go
index 78aeca5..b0eafdd 100644
--- a/main.go
+++ b/main.go
@@ -25,22 +25,31 @@ type Route map[string]Entry
type Entry struct {
ServerName string
Upstream string
- Cert *tls.Certificate
+ Cert []byte
+ Key []byte
+ cert *tls.Certificate
}
func (r Route) SNI(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
- if e, ok := r[h.ServerName]; ok && e.Cert != nil {
- return e.Cert, nil
+ if e, ok := r[h.ServerName]; ok && e.cert != nil {
+ return e.cert, nil
}
return nil, errors.New("no cert for " + h.ServerName)
}
-func (r Route) Restore() {
+func (r Route) Restore() error {
// FIXME assignment copies lock value to *mux: net/http.ServeMux contains sync.RWMutex
*mux = *http.NewServeMux()
- for _, e := range route {
- e.NewHandle()
+ for k, v := range route {
+ cert, err := tls.X509KeyPair(v.Cert, v.Key)
+ if err != nil {
+ return err
+ }
+ v.cert = &cert
+ r[k] = v
+ v.NewHandle()
}
+ return nil
}
func (e Entry) NewHandle() error {
@@ -54,7 +63,7 @@ func (e Entry) NewHandle() error {
}
func (e Entry) String() string {
- if e.Cert != nil {
+ if e.cert != nil {
return e.ServerName + " -> " + e.Upstream + " with TLS"
} else {
return e.ServerName + " -> " + e.Upstream