various bugfixes and enhancements

.gitignore

@@ -1,6 +1,8 @@
 .env
 .env.*
 certs
+acme.d
+
 *.exe
 /telebitd
 /cmd/telebitd/telebitd

cmd/telebitd/telebitd.go

@@ -26,7 +26,10 @@ import (
 	_ "github.com/joho/godotenv/autoload"
 )
 
+// Loginfo TODO remove
 var Loginfo = log.Loginfo
+
+// Logdebug TODO remove
 var Logdebug = log.Logdebug
 
 func init() {
@@ -38,28 +41,22 @@ var (
 	configPath = "./"
 	configFile = "telebit-relay"
 
-	argWssClientListener     string
+	tcpPort           int
-	tcpPort                  int
+	argDeadTime       int
-	argServerBinding         string
+	connectionTable   *api.Table
-	argServerAdminBinding    string
+	secretKey         string
-	argServerExternalBinding string
+	wssHostName       string
-	argDeadTime              int
+	adminHostName     string
-	connectionTable          *api.Table
+	idle              int
-	secretKey                string
+	dwell             int
-	wssHostName              = "localhost.rootprojects.org"
+	cancelcheck       int
-	adminHostName            string
+	loadBalanceMethod api.LoadBalanceStrategy
-	idle                     int
+	nickname          string
-	dwell                    int
+	acmeEmail         string
-	cancelcheck              int
+	acmeStorage       string
-	lbDefaultMethod          api.LoadBalanceStrategy
+	acmeAgree         bool
-	nickname                 string
+	acmeStaging       bool
-	acmeEmail                string
+	allclients        string
-	acmeStorage              string
-	acmeAgree                bool
-	acmeStaging              bool
-	allclients               string
-	adminDomain              string
-	wssDomain                string
 )
 
 func init() {
@@ -68,8 +65,8 @@ func init() {
 	flag.StringVar(&acmeStorage, "acme-storage", "./acme.d/", "path to ACME storage directory")
 	flag.BoolVar(&acmeAgree, "acme-agree", false, "agree to the terms of the ACME service provider (required)")
 	flag.BoolVar(&acmeStaging, "staging", false, "get fake certificates for testing")
-	flag.StringVar(&adminDomain, "admin-domain", "", "the management domain")
+	flag.StringVar(&adminHostName, "admin-hostname", "", "the management domain")
-	flag.StringVar(&wssDomain, "wss-domain", "", "the wss domain for connecting devices, if different from admin")
+	flag.StringVar(&wssHostName, "wss-hostname", "", "the wss domain for connecting devices, if different from admin")
 	flag.StringVar(&configPath, "config-path", configPath, "Configuration File Path")
 	flag.StringVar(&secretKey, "secret", "", "a >= 16-character random string for JWT key signing") // SECRET
 	flag.StringVar(&logfile, "log", logfile, "Log file (or stdout/stderr; empty for none)")
@@ -143,20 +140,18 @@ func main() {
 		}
 	}
 
-	adminHostName = adminDomain
 	if 0 == len(adminHostName) {
-		adminHostName = os.Getenv("ADMIN_DOMAIN")
+		adminHostName = os.Getenv("ADMIN_HOSTNAME")
 	}
-	wssHostName = wssDomain
 	if 0 == len(wssHostName) {
-		wssHostName = os.Getenv("WSS_DOMAIN")
+		wssHostName = os.Getenv("WSS_HOSTNAME")
 	}
 	if 0 == len(wssHostName) {
 		wssHostName = adminHostName
 	}
 
 	// load balancer method
-	lbDefaultMethod = api.RoundRobin
+	loadBalanceMethod = api.RoundRobin
 	if 0 == len(nickname) {
 		nickname = os.Getenv("NICKNAME")
 	}
@@ -187,23 +182,29 @@ func main() {
 	serverStatus.WssDomain = wssHostName
 	serverStatus.Name = nickname
 	serverStatus.DeadTime = api.NewStatusDeadTime(dwell, idle, cancelcheck)
-	serverStatus.LoadbalanceDefaultMethod = string(lbDefaultMethod)
+	serverStatus.LoadbalanceDefaultMethod = string(loadBalanceMethod)
 
-	connectionTable := api.NewTable(dwell, idle, lbDefaultMethod)
+	connectionTable := api.NewTable(dwell, idle, loadBalanceMethod)
 
 	tlsConfig := &tls.Config{
 		GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
-			certbundle, err := magic.GetCertificate(hello)
+			return magic.GetCertificate(hello)
+			/*
+				if false {
+					_, _ = magic.GetCertificate(hello)
+				}
 
-			// TODO
+				// TODO
-			// 1. call out to greenlock for validation
+				// 1. call out to greenlock for validation
-			// 2. push challenges through http channel
+				// 2. push challenges through http channel
-			// 3. receive certificates (or don't)
+				// 3. receive certificates (or don't)
-			//certbundle, err := tls.LoadX509KeyPair("certs/fullchain.pem", "certs/privkey.pem")
+				certbundleT, err := tls.LoadX509KeyPair("certs/fullchain.pem", "certs/privkey.pem")
-			if err != nil {
+				certbundle := &certbundleT
-				return nil, err
+				if err != nil {
-			}
+					return nil, err
-			return certbundle, nil
+				}
+				return certbundle, nil
+			*/
 		},
 	}
 

relay/mplexy/listener.go

@@ -126,6 +126,7 @@ func (mx *MPlexy) accept(ctx context.Context, wConn *tunnel.WedgeConn) {
 
 	} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x00}) {
 		encryptMode = encryptSSLV3
+		loginfo.Println("SSLV3")
 
 	} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x01}) {
 		encryptMode = encryptTLS10
@@ -133,12 +134,15 @@ func (mx *MPlexy) accept(ctx context.Context, wConn *tunnel.WedgeConn) {
 
 	} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x02}) {
 		encryptMode = encryptTLS11
+		loginfo.Println("TLS11")
 
 	} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x03}) {
 		encryptMode = encryptTLS12
+		loginfo.Println("TLS12")
 
 	} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x04}) {
 		encryptMode = encryptTLS13
+		loginfo.Println("TLS13")
 
 	}
 
@@ -183,7 +187,7 @@ func (mx *MPlexy) acceptEncryptedStream(ctx context.Context, wConn *tunnel.Wedge
 	if sniHostName == mx.wssHostName || sniHostName == mx.adminHostName {
 		// The TLS should be terminated and handled internally
 		tlsConfig := ctx.Value(ctxConfig).(*tls.Config)
-		conn := tls.Client(wConn, tlsConfig)
+		conn := tls.Server(wConn, tlsConfig)
 		tlsWedgeConn := tunnel.NewWedgeConn(conn)
 		mx.acceptPlainStream(ctx, tlsWedgeConn, true)
 		return