Skip to content

Commit

Permalink
Load certificate at startup
Browse files Browse the repository at this point in the history
  • Loading branch information
rosahaj committed Jan 7, 2024
1 parent 064f71b commit b9ceee1
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 7 deletions.
15 changes: 15 additions & 0 deletions cert.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@ package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"log"
"math/big"
"os"
"time"
Expand Down Expand Up @@ -50,3 +52,16 @@ func generateCertificate() error {
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
return nil
}

func loadCertificate() {
cert, err := tls.LoadX509KeyPair(Config.Cert, Config.Key)
if err != nil {
log.Fatal(err)
} else {
LoadedCert = cert
}
}

var (
LoadedCert tls.Certificate
)
11 changes: 4 additions & 7 deletions proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ func fileExists(filename string) bool {

func customTLSWrap(conn net.Conn, sni string) (*utls.UConn, error) {
clientHelloID := utls.ClientHelloID{
Config.TLSClient, Config.TLSVersion, nil, nil,
Client: Config.TLSClient, Version: Config.TLSVersion, Seed: nil, Weights: nil,
}

uTLSConn := utls.UClient(
Expand Down Expand Up @@ -86,14 +86,9 @@ func connect(sni string, destConn net.Conn, clientConn net.Conn) {
return
}

cert, err := tls.LoadX509KeyPair(Config.Cert, Config.Key)
if err != nil {
log.Fatal(err)
}

config := &tls.Config{
InsecureSkipVerify: true,
Certificates: []tls.Certificate{cert},
Certificates: []tls.Certificate{LoadedCert},
}

state := destTLSConn.ConnectionState()
Expand Down Expand Up @@ -172,6 +167,8 @@ func main() {
generateCertificate()
}

loadCertificate()

server := &http.Server{
Addr: Config.Addr + ":" + Config.Port,
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
Expand Down

0 comments on commit b9ceee1

Please sign in to comment.