-/*
-ucspi/cmd/tlsc -- UCSPI TLS server
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 3 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
+// ucspi/cmd/tlss -- UCSPI TCP proxy server
+// Copyright (C) 2021-2024 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
package main
"crypto/x509"
"flag"
"fmt"
+ "io"
"log"
"os"
"os/exec"
}
var cas *x509.CertPool
if *casPath != "" {
- cas, err = ucspi.CertPoolFromFile(*casPath)
+ _, cas, err = ucspi.CertPoolFromFile(*casPath)
if err != nil {
log.Fatalln(err)
}
cfg.ClientAuth = tls.RequireAndVerifyClientCert
}
- conn := &ucspi.Conn{R: os.Stdin, W: os.Stdout}
+ conn, _ := ucspi.NewConn(os.Stdin, os.Stdout)
tlsConn := tls.Server(conn, cfg)
if err = tlsConn.Handshake(); err != nil {
log.Fatalln(err)
dn = tlsConn.ConnectionState().PeerCertificates[0].Subject.String()
}
+ rr, rw, err := os.Pipe()
+ if err != nil {
+ log.Fatalln(err)
+ }
+ wr, ww, err := os.Pipe()
+ if err != nil {
+ log.Fatalln(err)
+ }
args := flag.Args()
cmd := exec.Command(args[0], args[1:]...)
- cmd.Stdin = tlsConn
- cmd.Stdout = tlsConn
+ cmd.Stdin = rr
+ cmd.Stdout = ww
cmd.Stderr = os.Stderr
cmd.Env = append(os.Environ(), "PROTO=TLS")
if dn != "" {
if err = cmd.Start(); err != nil {
log.Fatalln(err)
}
- if _, err = cmd.Process.Wait(); err != nil {
+ worker := make(chan struct{})
+ go func() {
+ io.Copy(rw, tlsConn)
+ rw.Close()
+ }()
+ go func() {
+ io.Copy(tlsConn, wr)
+ tlsConn.Close()
+ close(worker)
+ }()
+ err = cmd.Wait()
+ ww.Close()
+ <-worker
+ if err != nil {
log.Fatalln(err)
}
}