2 ucspi/cmd/tlsc -- UCSPI TLS server
3 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, version 3 of the License.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
29 "go.cypherpunks.ru/ucspi"
33 crtPath := flag.String("cert", "cert.pem", "Path to server X.509 certificate")
34 prvPath := flag.String("key", "prv.pem", "Path to server PKCS#8 private key")
35 casPath := flag.String("client-ca", "", "Require client authentication, path to CA certificates file")
37 fmt.Fprintf(os.Stderr, `Usage: tcpserver host port tlss [-client-ca CAs.pem]
38 -cert cert.pem -key prv.pem program [args...]
44 log.SetFlags(log.Lshortfile)
46 crtRaw, _, err := ucspi.CertificateFromFile(*crtPath)
50 prv, err := ucspi.PrivateKeyFromFile(*prvPath)
54 var cas *x509.CertPool
56 _, cas, err = ucspi.CertPoolFromFile(*casPath)
63 Certificates: []tls.Certificate{{
64 Certificate: [][]byte{crtRaw},
70 cfg.ClientAuth = tls.RequireAndVerifyClientCert
73 conn := &ucspi.Conn{R: os.Stdin, W: os.Stdout}
74 tlsConn := tls.Server(conn, cfg)
75 if err = tlsConn.Handshake(); err != nil {
80 dn = tlsConn.ConnectionState().PeerCertificates[0].Subject.String()
84 cmd := exec.Command(args[0], args[1:]...)
87 cmd.Stderr = os.Stderr
88 cmd.Env = append(os.Environ(), "PROTO=TLS")
90 cmd.Env = append(cmd.Env, "TLSREMOTEDN="+dn)
93 if err = cmd.Start(); err != nil {
96 if _, err = cmd.Process.Wait(); err != nil {