X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=cmd%2Ftlss%2Fmain.go;h=2bbc52ba4380ebea2579b7d4b7484d6f7450c9ac;hb=HEAD;hp=c0f7a09f443da23151236219e1ed39da006d3f80;hpb=c39958cb57c7a598f668a15a3d793a2ab708b193;p=ucspi.git

diff --git a/cmd/tlss/main.go b/cmd/tlss/main.go
index c0f7a09..2bbc52b 100644
--- a/cmd/tlss/main.go
+++ b/cmd/tlss/main.go
@@ -1,19 +1,17 @@
-/*
-ucspi/cmd/tlsc -- UCSPI TLS server
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
+// ucspi/cmd/tlss -- UCSPI TCP proxy server
+// Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 package main
 
@@ -22,6 +20,7 @@ import (
 	"crypto/x509"
 	"flag"
 	"fmt"
+	"io"
 	"log"
 	"os"
 	"os/exec"
@@ -53,7 +52,7 @@ func main() {
 	}
 	var cas *x509.CertPool
 	if *casPath != "" {
-		cas, err = ucspi.CertPoolFromFile(*casPath)
+		_, cas, err = ucspi.CertPoolFromFile(*casPath)
 		if err != nil {
 			log.Fatalln(err)
 		}
@@ -70,7 +69,7 @@ func main() {
 		cfg.ClientAuth = tls.RequireAndVerifyClientCert
 	}
 
-	conn := &ucspi.Conn{R: os.Stdin, W: os.Stdout}
+	conn, _ := ucspi.NewConn(os.Stdin, os.Stdout)
 	tlsConn := tls.Server(conn, cfg)
 	if err = tlsConn.Handshake(); err != nil {
 		log.Fatalln(err)
@@ -80,10 +79,18 @@ func main() {
 		dn = tlsConn.ConnectionState().PeerCertificates[0].Subject.String()
 	}
 
+	rr, rw, err := os.Pipe()
+	if err != nil {
+		log.Fatalln(err)
+	}
+	wr, ww, err := os.Pipe()
+	if err != nil {
+		log.Fatalln(err)
+	}
 	args := flag.Args()
 	cmd := exec.Command(args[0], args[1:]...)
-	cmd.Stdin = tlsConn
-	cmd.Stdout = tlsConn
+	cmd.Stdin = rr
+	cmd.Stdout = ww
 	cmd.Stderr = os.Stderr
 	cmd.Env = append(os.Environ(), "PROTO=TLS")
 	if dn != "" {
@@ -93,7 +100,20 @@ func main() {
 	if err = cmd.Start(); err != nil {
 		log.Fatalln(err)
 	}
-	if _, err = cmd.Process.Wait(); err != nil {
+	worker := make(chan struct{})
+	go func() {
+		io.Copy(rw, tlsConn)
+		rw.Close()
+	}()
+	go func() {
+		io.Copy(tlsConn, wr)
+		tlsConn.Close()
+		close(worker)
+	}()
+	err = cmd.Wait()
+	ww.Close()
+	<-worker
+	if err != nil {
 		log.Fatalln(err)
 	}
 }