2 ucspi/cmd/tlsc -- UCSPI TLS server
3 Copyright (C) 2021-2022 Sergey Matveev <stargrave@stargrave.org>
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, version 3 of the License.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
30 "go.cypherpunks.ru/ucspi"
34 crtPath := flag.String("cert", "cert.pem", "Path to server X.509 certificate")
35 prvPath := flag.String("key", "prv.pem", "Path to server PKCS#8 private key")
36 casPath := flag.String("client-ca", "", "Require client authentication, path to CA certificates file")
38 fmt.Fprintf(os.Stderr, `Usage: tcpserver host port tlss [-client-ca CAs.pem]
39 -cert cert.pem -key prv.pem program [args...]
45 log.SetFlags(log.Lshortfile)
47 crtRaw, _, err := ucspi.CertificateFromFile(*crtPath)
51 prv, err := ucspi.PrivateKeyFromFile(*prvPath)
55 var cas *x509.CertPool
57 _, cas, err = ucspi.CertPoolFromFile(*casPath)
64 Certificates: []tls.Certificate{{
65 Certificate: [][]byte{crtRaw},
71 cfg.ClientAuth = tls.RequireAndVerifyClientCert
74 conn, _ := ucspi.NewConn(os.Stdin, os.Stdout)
75 tlsConn := tls.Server(conn, cfg)
76 if err = tlsConn.Handshake(); err != nil {
81 dn = tlsConn.ConnectionState().PeerCertificates[0].Subject.String()
84 rr, rw, err := os.Pipe()
88 wr, ww, err := os.Pipe()
93 cmd := exec.Command(args[0], args[1:]...)
96 cmd.Stderr = os.Stderr
97 cmd.Env = append(os.Environ(), "PROTO=TLS")
99 cmd.Env = append(cmd.Env, "TLSREMOTEDN="+dn)
102 if err = cmd.Start(); err != nil {
105 worker := make(chan struct{})