Add support for TLS backends

Closes: https://todo.sr.ht/~emersion/tlstunnel/6
This commit is contained in:
Simon Ser 2020-10-31 10:34:02 +01:00
parent 43f434be84
commit 7b0912cf3c
No known key found for this signature in database
GPG Key ID: 0FDE7BE0E88F5E48
3 changed files with 17 additions and 3 deletions

View File

@ -94,6 +94,15 @@ func parseBackend(backend *Backend, d *scfg.Directive) error {
} }
switch u.Scheme { switch u.Scheme {
case "tls":
host, _, err := net.SplitHostPort(u.Host)
if err != nil {
return fmt.Errorf("failed to parse backend address %q: %v", u.Host, err)
}
backend.TLSConfig = &tls.Config{
ServerName: host,
}
fallthrough
case "", "tcp": case "", "tcp":
backend.Network = "tcp" backend.Network = "tcp"
backend.Address = u.Host backend.Address = u.Host

View File

@ -172,6 +172,9 @@ func (fe *Frontend) handle(downstream net.Conn, tlsState *tls.ConnectionState) e
if err != nil { if err != nil {
return fmt.Errorf("failed to dial backend: %v", err) return fmt.Errorf("failed to dial backend: %v", err)
} }
if be.TLSConfig != nil {
upstream = tls.Client(upstream, be.TLSConfig)
}
defer upstream.Close() defer upstream.Close()
if be.Proxy { if be.Proxy {
@ -202,6 +205,7 @@ type Backend struct {
Network string Network string
Address string Address string
Proxy bool Proxy bool
TLSConfig *tls.Config // nil if no TLS
} }
func duplexCopy(a, b io.ReadWriter) error { func duplexCopy(a, b io.ReadWriter) error {

View File

@ -50,6 +50,7 @@ The following directives are supported:
The following URIs are supported: The following URIs are supported:
- _[tcp://]<host>:<port>_ connects to a TCP server - _[tcp://]<host>:<port>_ connects to a TCP server
- _tls://<host>:<port>_ connects to a TLS over TCP server
- _unix://<path>_ connects to a Unix socket - _unix://<path>_ connects to a Unix socket
The _+proxy_ suffix can be added to the URI scheme to forward The _+proxy_ suffix can be added to the URI scheme to forward