service an incoming HTTPS connection on conn by sending a request out to the world through dst.
(dst http.RoundTripper, conn net.Conn, root *certin.KeyAndCert)
| 140 | |
| 141 | // service an incoming HTTPS connection on conn by sending a request out to the world through dst. |
| 142 | func proxyHTTPS(dst http.RoundTripper, conn net.Conn, root *certin.KeyAndCert) { |
| 143 | defer handlePanic() |
| 144 | defer conn.Close() |
| 145 | |
| 146 | verbosef("intercepted a connection to %v", conn.LocalAddr()) |
| 147 | |
| 148 | // wrap the connection with a byte counter |
| 149 | counts := countBytesConn{Conn: conn} |
| 150 | conn = &counts |
| 151 | |
| 152 | // create a tls server with certificates generated on-the-fly from our root CA |
| 153 | var serverName string |
| 154 | tlsconn := tls.Server(conn, &tls.Config{ |
| 155 | GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { |
| 156 | verbosef("got challenge for %q", hello.ServerName) |
| 157 | serverName = hello.ServerName |
| 158 | |
| 159 | altNames := []string{ipFromAddr(conn.LocalAddr()).String()} |
| 160 | onthefly, err := certin.NewCert(root, certin.Request{CN: hello.ServerName, SANs: altNames}) |
| 161 | if err != nil { |
| 162 | errorf("error creating cert: %v", err) |
| 163 | return nil, fmt.Errorf("error creating on-the-fly certificate for %q: %w", hello.ServerName, err) |
| 164 | } |
| 165 | |
| 166 | tlscert := onthefly.TLSCertificate() |
| 167 | return &tlscert, nil |
| 168 | }, |
| 169 | }) |
| 170 | defer tlsconn.Close() |
| 171 | |
| 172 | verbosef("reading request sent to %v (%v) ...", conn.LocalAddr(), serverName) |
| 173 | |
| 174 | proxyHTTPScheme(dst, tlsconn, "https") |
| 175 | } |
| 176 | |
| 177 | // Service an incoming HTTP connection on conn by sending a request out to the world through dst. |
| 178 | // All HTTP requests sent to dst will have a context containing a value for the key dialToContextKey. |
no test coverage detected