ref!: supply a full *tls.Config for each connection

2025-08-18 08:06:31 +00:00 · 2025-08-06 15:21:47 -06:00 · 2025-08-06 15:21:47 -06:00 · 6d07f5f663
commit 6d07f5f663
parent bc4aeb3124
2 changed files with 19 additions and 25 deletions
--- a/cmd/sclient/main.go
+++ b/cmd/sclient/main.go
@ -1,6 +1,7 @@
 package main

 import (
+	"crypto/tls"
 	"flag"
 	"fmt"
 	"os"
@ -79,12 +80,16 @@ func main() {
 	}

 	sclient := &sclient.Tunnel{
-		RemotePort:         443,
-		LocalAddress:       "localhost",
-		InsecureSkipVerify: insecure,
-		ServerName:         servername,
-		Silent:             silent,
-		NextProtos:         alpns,
+		RemotePort:   443,
+		LocalAddress: "localhost",
+		Silent:       silent,
+		GetTLSConfig: func() *tls.Config {
+			return &tls.Config{
+				ServerName:         servername,
+				NextProtos:         alpns,
+				InsecureSkipVerify: insecure,
+			}
+		},
 	}

 	remote := strings.Split(remotestr, ":")
--- a/sclient.go
+++ b/sclient.go
@ -12,26 +12,19 @@ import (

 // Tunnel specifies which remote encrypted connection to make available as a plain connection locally.
 type Tunnel struct {
-	RemoteAddress      string
-	RemotePort         int
-	LocalAddress       string
-	LocalPort          int
-	InsecureSkipVerify bool
-	NextProtos         []string
-	ServerName         string
-	Silent             bool
+	RemoteAddress string
+	RemotePort    int
+	LocalAddress  string
+	LocalPort     int
+	GetTLSConfig  func() *tls.Config
+	Silent        bool
 }

 // DialAndListen will create a test TLS connection to the remote address and then
 // begin listening locally. Each local connection will result in a separate remote connection.
 func (t *Tunnel) DialAndListen() error {
 	remote := t.RemoteAddress + ":" + strconv.Itoa(t.RemotePort)
-	conn, err := tls.Dial("tcp", remote,
-		&tls.Config{
-			ServerName:         t.ServerName,
-			InsecureSkipVerify: t.InsecureSkipVerify,
-			NextProtos:         t.NextProtos,
-		})
+	conn, err := tls.Dial("tcp", remote, t.GetTLSConfig())

 	if err != nil {
 		fmt.Fprintf(os.Stderr, "[warn] '%s' may not be accepting connections: %s\n", remote, err)
@ -142,11 +135,7 @@ func pipe(r netReadWriteCloser, w netReadWriteCloser, t string) {
 }

 func (t *Tunnel) handleConnection(remote string, conn netReadWriteCloser) {
-	sclient, err := tls.Dial("tcp", remote,
-		&tls.Config{
-			ServerName:         t.ServerName,
-			InsecureSkipVerify: t.InsecureSkipVerify,
-		})
+	sclient, err := tls.Dial("tcp", remote, t.GetTLSConfig())

 	if err != nil {
 		fmt.Fprintf(os.Stderr, "[error] (remote) %s\n", err)