removed the to 443 things because it's easier to just forward TLS on it's own tunnel.

2018-08-23 23:48:12 -04:00
parent 3ffeaa1a74
commit 4ea94d7202
5 changed files with 47 additions and 22 deletions
--- a/README.md.asc
+++ b/README.md.asc
@ -183,12 +183,12 @@ that happen eventually.
 TLS configuration is experimental. It might not be possible. But maybe.
 -----BEGIN PGP SIGNATURE-----

-iQEzBAEBCAAdFiEEcNIGBzi++AUjrK/311wDs5teFOEFAlt/e80ACgkQ11wDs5te
-FOG8oAf+LvIatfeiTtppnRw9rwfV7mI6QbfilLIZTmTf2WV65r0AZIZBSr/k8oX1
-BsQUEdsv8VccCLkcj0cLZ3vglp+Fa+23f8WTX4TRfY2Rzg7DOXot2PxeWmJnJIMP
-xrjK+5tQZnzFth4l+5Yd75R9spB3VGlbbCZ3zEKqYeEqQdU2XmW6vye11sXKVTsl
-9Yg2x4E9EZJvMRCbMW3QL2sV2kvEvWxbCmS3OfuLeH+MIeKJ1TXE2hnMYG5pUVS0
-1sLao91cXE0fW97wVXttOn6mKfpiwMMW5w4pAxuGI3KQt0oRs9NouobvLlHyDASI
-PSKveSulYgfCEwRv1RPg3QKqifCCiA==
-=6uKl
+iQEzBAEBCAAdFiEEcNIGBzi++AUjrK/311wDs5teFOEFAlt/f/gACgkQ11wDs5te
+FOEgwAf+PlVryWFgB7/5hQfBB8p1JdySqspuez/adLXszZQzVyDURKOKL5Neg/BH
+F2Q+wdLVqZyWs55+dXnKHgrj0bSBhNzUwRQzguaUVrAu8ra1K+73By80w+WiYZDD
+HxUB6zRRfW1OpzPiSl/Vu+yUI0+lwmBpRfbQc73XT/FW6oLn+bAIeAhtbX03bjt0
+Xkl+5Q9i5F6YODdceYW97iu0AMvfGtVseIHxqkq6g62imwjw5H8VVFvDU97EOqo6
+fzS4uliqYKVlTcvnSQlrYQU726cepX+7aFFabbgsNMMIxl61LoTQ+6j4miPCJRdm
+qFqN9P8nehiOt05CFBYMdfSFJtmIVA==
+=NEIK
 -----END PGP SIGNATURE-----
--- a/example/serve.go
+++ b/example/serve.go
@ -12,6 +12,18 @@ import (
 	"github.com/eyedeekay/sam-forwarder/config"
 )

+var cfg = &tls.Config{
+	MinVersion:               tls.VersionTLS12,
+	CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
+	PreferServerCipherSuites: true,
+	CipherSuites: []uint16{
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+		tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+	},
+}
+
 var (
 	host               = flag.String("a", "127.0.0.1", "hostname to serve on")
 	port               = flag.String("p", "7880", "port to serve locally on")
@ -74,6 +86,7 @@ func main() {
 	config.ReduceIdleQuantity = config.GetReduceIdleQuantity(*reduceIdleQuantity, 2)
 	config.AccessListType = config.GetAccessListType(*accessListType, "none")
 	config.Type = config.GetType(false, false, "server")
+
 	if *useTLS {
 		if i, e := strconv.Atoi(*port); e == nil {
 			j := i + 1
@ -86,15 +99,29 @@ func main() {
 			log.Fatal(e.Error())
 		}
 	}
+
 	if forwarder, err = i2ptunconf.NewSAMForwarderFromConf(config); err != nil {
 		log.Fatal(err.Error())
 	}
 	go forwarder.Serve()
+
 	http.Handle("/", http.FileServer(http.Dir(*directory)))
-	log.Printf("Serving %s on HTTP port: %s\n\t and on %s", *directory, *port,
-		forwarder.Base32())
+
 	if *useTLS {
-		go log.Fatal(http.ListenAndServe(*host+":"+tlsport, nil))
+		go http.ListenAndServeTLS(
+			*host+":"+tlsport,
+			*sdirectory+"/"+*certFile+".crt",
+			*sdirectory+"/"+*certFile+".key",
+			nil,
+		)
+		log.Printf("Serving %s on HTTPS port: %s\n\t and on %s", *directory, *tlsport, forwarder.Base32())
 	}
-	log.Fatal(http.ListenAndServe(*host+":"+*port, nil))
+
+	log.Printf("Serving %s on HTTP port: %s\n\t and on %s", *directory, *port, forwarder.Base32())
+	log.Fatal(
+		http.ListenAndServe(
+			*host+":"+*port,
+			nil,
+		),
+	)
 }
--- a/forwarder-options.go
+++ b/forwarder-options.go
@ -330,7 +330,7 @@ func SetAccessList(s []string) func(*SAMForwarder) error {
 }

 //SetTargetForPort sets the port of the SAMForwarder's SAM bridge using a string
-func SetTargetForPort443(s string) func(*SAMForwarder) error {
+/*func SetTargetForPort443(s string) func(*SAMForwarder) error {
 	return func(c *SAMForwarder) error {
 		port, err := strconv.Atoi(s)
 		if err != nil {
@ -343,3 +343,4 @@ func SetTargetForPort443(s string) func(*SAMForwarder) error {
 		return fmt.Errorf("Invalid port")
 	}
 }
+*/
--- a/forwarder.go
+++ b/forwarder.go
@ -52,8 +52,6 @@ type SAMForwarder struct {
 	reduceIdle         string
 	reduceIdleTime     string
 	reduceIdleQuantity string
-	TargetForPort443   string
-
 	//Streaming Library options
 	accessListType string
 	accessList     []string
@ -61,12 +59,12 @@ type SAMForwarder struct {

 var err error

-func (f *SAMForwarder) targetForPort443() string {
+/*func (f *SAMForwarder) targetForPort443() string {
 	if f.TargetForPort443 != "" {
-		return "targetForPort.4443=" + f.TargetHost +":"+ f.TargetForPort443
+		return "targetForPort.4443=" + f.TargetHost + ":" + f.TargetForPort443
 	}
 	return ""
-}
+}*/

 func (f *SAMForwarder) accesslisttype() string {
 	if f.accessListType == "whitelist" {
@ -131,7 +129,7 @@ func (f *SAMForwarder) Base64() string {
 func (f *SAMForwarder) Serve() error {
 	if f.publishStream, err = f.samConn.NewStreamSession(f.TunName, f.SamKeys,
 		[]string{
-			f.targetForPort443(),
+			//f.targetForPort443(),
 			"inbound.length=" + f.inLength,
 			"outbound.length=" + f.outLength,
 			"inbound.lengthVariance=" + f.inVariance,
@ -205,7 +203,6 @@ func NewSAMForwarderFromOptions(opts ...func(*SAMForwarder) error) (*SAMForwarde
 	s.reduceIdleQuantity = "4"
 	s.closeIdle = "false"
 	s.closeIdleTime = "300000"
-	s.TargetForPort443 = ""
 	for _, o := range opts {
 		if err := o(&s); err != nil {
 			return nil, err
--- a/forwarder_test.go
+++ b/forwarder_test.go
@ -277,10 +277,10 @@ func TestClientOptionSaveFile(t *testing.T) {
 	log.Println(client.Base32())
 }

-func TestOptionTargetForPort443(t *testing.T) {
+/*func TestOptionTargetForPort443(t *testing.T) {
 	client, err := NewSAMForwarderFromOptions(SetTargetForPort443("443"))
 	if err != nil {
 		t.Fatalf("NewSAMForwarder() Error: %q\n", err)
 	}
 	log.Println(client.Base32())
-}
+}*/