Beispiel #1
0
// tlsConfig builds a tls.Config for dialing the upstream host. Constructed
// tls.Configs are cached on a per-masquerade basis to enable client session
// caching and reduce the amount of PEM certificate parsing.
func (serverInfo *ServerInfo) tlsConfig(masquerade *Masquerade) *tls.Config {
	serverInfo.tlsConfigsMutex.Lock()
	defer serverInfo.tlsConfigsMutex.Unlock()

	if serverInfo.tlsConfigs == nil {
		serverInfo.tlsConfigs = make(map[string]*tls.Config)
	}

	configKey := ""
	serverName := serverInfo.Host
	if masquerade != nil {
		configKey = masquerade.Domain + "|" + masquerade.RootCA
		serverName = masquerade.Domain
	}
	tlsConfig := serverInfo.tlsConfigs[configKey]
	if tlsConfig == nil {
		tlsConfig = &tls.Config{
			ClientSessionCache: tls.NewLRUClientSessionCache(1000),
			InsecureSkipVerify: serverInfo.InsecureSkipVerify,
			ServerName:         serverName,
		}
		if masquerade != nil && masquerade.RootCA != "" {
			caCert, err := keyman.LoadCertificateFromPEMBytes([]byte(masquerade.RootCA))
			if err != nil {
				log.Fatalf("Unable to load root ca cert: %s", err)
			}
			tlsConfig.RootCAs = caCert.PoolContainingCert()
		}
		serverInfo.tlsConfigs[configKey] = tlsConfig
	}

	return tlsConfig
}
Beispiel #2
0
// InConfigDir returns the path to the given filename inside of the configDir.
func InConfigDir(filename string) string {
	if *configDir == "" {
		return filename
	} else {
		if _, err := os.Stat(*configDir); err != nil {
			if os.IsNotExist(err) {
				// Create config dir
				if err := os.MkdirAll(*configDir, 0755); err != nil {
					log.Fatalf("Unable to create configDir at %s: %s", *configDir, err)
				}
			}
		}
		return fmt.Sprintf("%s%c%s", *configDir, os.PathSeparator, filename)
	}
}