X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=cmd%2Ftlsc%2Fmain.go;h=de0feca16cab533174e084dd36678b4dc794c5cb;hb=69e3e32993247d0d4fd49b9a5c7b079a5dd937fc;hp=8d32b827275c3805628f61dd3f00a836207c9c74;hpb=c39958cb57c7a598f668a15a3d793a2ab708b193;p=ucspi.git diff --git a/cmd/tlsc/main.go b/cmd/tlsc/main.go index 8d32b82..de0feca 100644 --- a/cmd/tlsc/main.go +++ b/cmd/tlsc/main.go @@ -1,19 +1,17 @@ -/* -ucspi/cmd/tlsc -- UCSPI TLS client -Copyright (C) 2021 Sergey Matveev - -This program is free software: you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation, version 3 of the License. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . -*/ +// ucspi/cmd/tlsc -- UCSPI TCP proxy client +// Copyright (C) 2021-2024 Sergey Matveev +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, version 3 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . package main @@ -41,6 +39,7 @@ func main() { prvPath := flag.String("key", "", "Path to client PKCS#8 private key") casPath := flag.String("ca", "", "Path to CA certificates file") hostname := flag.String("name", "example.com", "Expected server's hostname") + insecure := flag.Bool("insecure", false, "Insecure mode") fpr := flag.String("fpr", "", "Expected SHA256 hash of server certificate's SPKI") flag.Usage = func() { fmt.Fprintf(os.Stderr, `Usage: tcpclient host port tlsc -name expected.name @@ -59,9 +58,10 @@ func main() { } cfg := &tls.Config{} - if *hostname == "" || *onlyShow { + if *hostname == "" || *onlyShow || *insecure { cfg.InsecureSkipVerify = true - } else { + } + if *hostname != "" { cfg.ServerName = *hostname } if *crtPath != "" { @@ -80,7 +80,7 @@ func main() { } if *casPath != "" { var err error - cfg.RootCAs, err = ucspi.CertPoolFromFile(*casPath) + _, cfg.RootCAs, err = ucspi.CertPoolFromFile(*casPath) if err != nil { log.Fatalln(err) } @@ -93,19 +93,16 @@ func main() { cfg.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { spki := verifiedChains[0][0].RawSubjectPublicKeyInfo hshTheir := sha256.Sum256(spki) - if bytes.Compare(hshOur, hshTheir[:]) != 0 { + if !bytes.Equal(hshOur, hshTheir[:]) { return errors.New("server certificate's SPKI hash mismatch") } return nil } } - conn := &ucspi.Conn{R: os.NewFile(6, "R"), W: os.NewFile(7, "W")} - if conn.R == nil { - log.Fatalln("no 6 file descriptor") - } - if conn.W == nil { - log.Fatalln("no 7 file descriptor") + conn, err := ucspi.NewConn(os.NewFile(6, "R"), os.NewFile(7, "W")) + if err != nil { + log.Fatalln(err) } tlsConn := tls.Client(conn, cfg) if err := tlsConn.Handshake(); err != nil { @@ -114,8 +111,10 @@ func main() { connState := tlsConn.ConnectionState() if *onlyShow { fmt.Fprintf( - os.Stderr, "Version: %04x\nCipherSuite: %s\n", - connState.Version, tls.CipherSuiteName(connState.CipherSuite), + os.Stderr, + "Version: %s\nCipherSuite: %s\n", + ucspi.TLSVersion(connState.Version), + tls.CipherSuiteName(connState.CipherSuite), ) for _, cert := range connState.PeerCertificates { os.Stderr.WriteString("\n") @@ -150,17 +149,18 @@ func main() { if err = cmd.Start(); err != nil { log.Fatalln(err) } - copiers := make(chan struct{}) + worker := make(chan struct{}) go func() { io.Copy(rw, tlsConn) rw.Close() - close(copiers) + close(worker) }() go func() { io.Copy(tlsConn, wr) }() _, err = cmd.Process.Wait() - <-copiers + <-worker + tlsConn.Close() if err != nil { log.Fatalln(err) }