From 9509cf74f017cb5e4e64c59d0b30bd5602626c01 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Wed, 23 Mar 2016 20:03:28 +0100 Subject: Fix cert issues --- goxyctl/main.go | 29 +++++++++++++---------------- main.go | 23 ++++++++++++++++------- rpc.go | 9 ++++----- 3 files changed, 33 insertions(+), 28 deletions(-) diff --git a/goxyctl/main.go b/goxyctl/main.go index 39f8c6d..64af637 100644 --- a/goxyctl/main.go +++ b/goxyctl/main.go @@ -1,10 +1,8 @@ package main import ( - "crypto/rsa" - "crypto/tls" - "encoding/gob" "flag" + "io/ioutil" "log" "net/rpc" ) @@ -18,30 +16,29 @@ var ( remove = flag.Bool("remove", false, "remove entry") ) -type Entry struct { +type RPCEntry struct { ServerName string Upstream string - Cert *tls.Certificate -} - -func init() { - gob.Register(rsa.PrivateKey{}) + Cert []byte + Key []byte } func main() { flag.Parse() - e := Entry{ + e := RPCEntry{ ServerName: *servername, Upstream: *upstream, } if *keyfile != "" && *crtfile != "" { - crt, err := tls.LoadX509KeyPair(*crtfile, *keyfile) - if err != nil { + var err error + if e.Cert, err = ioutil.ReadFile(*crtfile); err != nil { + log.Fatal(err) + } + if e.Key, err = ioutil.ReadFile(*keyfile); err != nil { log.Fatal(err) } - e.Cert = &crt } client, err := rpc.DialHTTP("tcp", *rpcserver) @@ -56,10 +53,10 @@ func main() { case e.ServerName != "" && *remove: err = client.Call("GoXY.Del", e, nil) default: - var r map[string]Entry + var r []RPCEntry err = client.Call("GoXY.List", struct{}{}, &r) - for k, v := range r { - log.Println(k, v) + for _, v := range r { + log.Println(v.ServerName, "->", v.Upstream) } } if err != nil { diff --git a/main.go b/main.go index 78aeca5..b0eafdd 100644 --- a/main.go +++ b/main.go @@ -25,22 +25,31 @@ type Route map[string]Entry type Entry struct { ServerName string Upstream string - Cert *tls.Certificate + Cert []byte + Key []byte + cert *tls.Certificate } func (r Route) SNI(h *tls.ClientHelloInfo) (*tls.Certificate, error) { - if e, ok := r[h.ServerName]; ok && e.Cert != nil { - return e.Cert, nil + if e, ok := r[h.ServerName]; ok && e.cert != nil { + return e.cert, nil } return nil, errors.New("no cert for " + h.ServerName) } -func (r Route) Restore() { +func (r Route) Restore() error { // FIXME assignment copies lock value to *mux: net/http.ServeMux contains sync.RWMutex *mux = *http.NewServeMux() - for _, e := range route { - e.NewHandle() + for k, v := range route { + cert, err := tls.X509KeyPair(v.Cert, v.Key) + if err != nil { + return err + } + v.cert = &cert + r[k] = v + v.NewHandle() } + return nil } func (e Entry) NewHandle() error { @@ -54,7 +63,7 @@ func (e Entry) NewHandle() error { } func (e Entry) String() string { - if e.Cert != nil { + if e.cert != nil { return e.ServerName + " -> " + e.Upstream + " with TLS" } else { return e.ServerName + " -> " + e.Upstream diff --git a/rpc.go b/rpc.go index 589ca92..e7ab0d9 100644 --- a/rpc.go +++ b/rpc.go @@ -1,8 +1,6 @@ package main import ( - "crypto/rsa" - "encoding/gob" "log" "net/rpc" ) @@ -10,7 +8,6 @@ import ( type GoXY struct{} func init() { - gob.Register(rsa.PrivateKey{}) rpc.Register(GoXY{}) } @@ -30,7 +27,9 @@ func (GoXY) Del(e Entry, _ *struct{}) error { return nil } -func (GoXY) List(_ struct{}, r *Route) error { - *r = route +func (GoXY) List(_ struct{}, r *[]Entry) error { + for _, v := range route { + *r = append(*r, v) + } return nil } -- cgit v1.2.3