root/sclient
1
1
Fork 0
mirror of https://github.com/therootcompany/sclient synced 2025-08-18 16:16:31 +00:00
Code Issues Releases Wiki Activity

ref!: supply a full *tls.Config for each connection

Browse Source
This commit is contained in:
AJ ONeal 2025-08-06 15:21:47 -06:00
parent bc4aeb3124
commit 6d07f5f663
No known key found for this signature in database
GPG Key ID: 9334E610B1ED6FBF
2 changed files with 19 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cmd/sclient/main.go
View File

@ -1,6 +1,7 @@
package main package main
import ( import (
"crypto/tls"
"flag" "flag"
"fmt" "fmt"
"os" "os"
@ -79,12 +80,16 @@ func main() {
} }
sclient := &sclient.Tunnel{ sclient := &sclient.Tunnel{
RemotePort: 443, RemotePort: 443,
LocalAddress: "localhost", LocalAddress: "localhost",
InsecureSkipVerify: insecure, Silent: silent,
ServerName: servername, GetTLSConfig: func() *tls.Config {
Silent: silent, return &tls.Config{
NextProtos: alpns, ServerName: servername,
NextProtos: alpns,
InsecureSkipVerify: insecure,
}
},
} }
remote := strings.Split(remotestr, ":") remote := strings.Split(remotestr, ":")

27
sclient.go
View File

@ -12,26 +12,19 @@ import (
// Tunnel specifies which remote encrypted connection to make available as a plain connection locally. // Tunnel specifies which remote encrypted connection to make available as a plain connection locally.
type Tunnel struct { type Tunnel struct {
RemoteAddress string RemoteAddress string
RemotePort int RemotePort int
LocalAddress string LocalAddress string
LocalPort int LocalPort int
InsecureSkipVerify bool GetTLSConfig func() *tls.Config
NextProtos []string Silent bool
ServerName string
Silent bool
} }
// DialAndListen will create a test TLS connection to the remote address and then // DialAndListen will create a test TLS connection to the remote address and then
// begin listening locally. Each local connection will result in a separate remote connection. // begin listening locally. Each local connection will result in a separate remote connection.
func (t *Tunnel) DialAndListen() error { func (t *Tunnel) DialAndListen() error {
remote := t.RemoteAddress + ":" + strconv.Itoa(t.RemotePort) remote := t.RemoteAddress + ":" + strconv.Itoa(t.RemotePort)
conn, err := tls.Dial("tcp", remote, conn, err := tls.Dial("tcp", remote, t.GetTLSConfig())
&tls.Config{
ServerName: t.ServerName,
InsecureSkipVerify: t.InsecureSkipVerify,
NextProtos: t.NextProtos,
})
if err != nil { if err != nil {
fmt.Fprintf(os.Stderr, "[warn] '%s' may not be accepting connections: %s\n", remote, err) fmt.Fprintf(os.Stderr, "[warn] '%s' may not be accepting connections: %s\n", remote, err)
@ -142,11 +135,7 @@ func pipe(r netReadWriteCloser, w netReadWriteCloser, t string) {
} }
func (t *Tunnel) handleConnection(remote string, conn netReadWriteCloser) { func (t *Tunnel) handleConnection(remote string, conn netReadWriteCloser) {
sclient, err := tls.Dial("tcp", remote, sclient, err := tls.Dial("tcp", remote, t.GetTLSConfig())
&tls.Config{
ServerName: t.ServerName,
InsecureSkipVerify: t.InsecureSkipVerify,
})
if err != nil { if err != nil {
fmt.Fprintf(os.Stderr, "[error] (remote) %s\n", err) fmt.Fprintf(os.Stderr, "[error] (remote) %s\n", err)