Add support for TLS backends
Closes: https://todo.sr.ht/~emersion/tlstunnel/6
This commit is contained in:
parent
43f434be84
commit
7b0912cf3c
|
@ -94,6 +94,15 @@ func parseBackend(backend *Backend, d *scfg.Directive) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
switch u.Scheme {
|
switch u.Scheme {
|
||||||
|
case "tls":
|
||||||
|
host, _, err := net.SplitHostPort(u.Host)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to parse backend address %q: %v", u.Host, err)
|
||||||
|
}
|
||||||
|
backend.TLSConfig = &tls.Config{
|
||||||
|
ServerName: host,
|
||||||
|
}
|
||||||
|
fallthrough
|
||||||
case "", "tcp":
|
case "", "tcp":
|
||||||
backend.Network = "tcp"
|
backend.Network = "tcp"
|
||||||
backend.Address = u.Host
|
backend.Address = u.Host
|
||||||
|
|
10
server.go
10
server.go
|
@ -172,6 +172,9 @@ func (fe *Frontend) handle(downstream net.Conn, tlsState *tls.ConnectionState) e
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to dial backend: %v", err)
|
return fmt.Errorf("failed to dial backend: %v", err)
|
||||||
}
|
}
|
||||||
|
if be.TLSConfig != nil {
|
||||||
|
upstream = tls.Client(upstream, be.TLSConfig)
|
||||||
|
}
|
||||||
defer upstream.Close()
|
defer upstream.Close()
|
||||||
|
|
||||||
if be.Proxy {
|
if be.Proxy {
|
||||||
|
@ -199,9 +202,10 @@ func (fe *Frontend) handle(downstream net.Conn, tlsState *tls.ConnectionState) e
|
||||||
}
|
}
|
||||||
|
|
||||||
type Backend struct {
|
type Backend struct {
|
||||||
Network string
|
Network string
|
||||||
Address string
|
Address string
|
||||||
Proxy bool
|
Proxy bool
|
||||||
|
TLSConfig *tls.Config // nil if no TLS
|
||||||
}
|
}
|
||||||
|
|
||||||
func duplexCopy(a, b io.ReadWriter) error {
|
func duplexCopy(a, b io.ReadWriter) error {
|
||||||
|
|
|
@ -50,6 +50,7 @@ The following directives are supported:
|
||||||
The following URIs are supported:
|
The following URIs are supported:
|
||||||
|
|
||||||
- _[tcp://]<host>:<port>_ connects to a TCP server
|
- _[tcp://]<host>:<port>_ connects to a TCP server
|
||||||
|
- _tls://<host>:<port>_ connects to a TLS over TCP server
|
||||||
- _unix://<path>_ connects to a Unix socket
|
- _unix://<path>_ connects to a Unix socket
|
||||||
|
|
||||||
The _+proxy_ suffix can be added to the URI scheme to forward
|
The _+proxy_ suffix can be added to the URI scheme to forward
|
||||||
|
|
Loading…
Reference in New Issue