作者:raoxiangron
项目:gos
func (selector *serverSelector) OnSelected(method uint8, conn net.Conn) (net.Conn, error) {
glog.V(LDEBUG).Infof("%d %d", gosocks5.Ver5, method)
switch method {
case MethodTLS:
conn = tls.Server(conn, &tls.Config{Certificates: []tls.Certificate{selector.arg.Cert}})
case gosocks5.MethodUserPass, MethodTLSAuth:
if method == MethodTLSAuth {
conn = tls.Server(conn, &tls.Config{Certificates: []tls.Certificate{selector.arg.Cert}})
}
req, err := gosocks5.ReadUserPassRequest(conn)
if err != nil {
glog.V(LWARNING).Infoln("socks5 auth:", err)
return nil, err
}
glog.V(LDEBUG).Infoln(req.String())
var username, password string
if selector.arg.User != nil {
username = selector.arg.User.Username()
password, _ = selector.arg.User.Password()
}
if (username != "" && req.Username != username) || (password != "" && req.Password != password) {
resp := gosocks5.NewUserPassResponse(gosocks5.UserPassVer, gosocks5.Failure)
if err := resp.Write(conn); err != nil {
glog.V(LWARNING).Infoln("socks5 auth:", err)
return nil, err
}
glog.V(LDEBUG).Infoln(resp)
glog.V(LWARNING).Infoln("socks5: proxy authentication required")
return nil, gosocks5.ErrAuthFailure
}
resp := gosocks5.NewUserPassResponse(gosocks5.UserPassVer, gosocks5.Succeeded)
if err := resp.Write(conn); err != nil {
glog.V(LWARNING).Infoln("socks5 auth:", err)
return nil, err
}
glog.V(LDEBUG).Infoln(resp)
case gosocks5.MethodNoAcceptable:
return nil, gosocks5.ErrBadMethod
}
return conn, nil
}
作者:pavel-
项目:smart-prox
func (s *Server) proxyConnection(c net.Conn, front *Frontend) (err error) {
// unwrap if tls cert/key was specified
if front.TlsConfig != nil {
c = tls.Server(c, front.TlsConfig)
}
// pick the backend
backend := front.strategy.NextBackend()
if s.Interceptor != nil {
backend = *s.Interceptor(c, front, &backend)
}
// dial the backend
upConn, err := net.DialTimeout("tcp", backend.Addr+":"+s.ListenerConfig.BindPort, time.Duration(backend.ConnectTimeout)*time.Millisecond)
if err != nil {
s.Printf("Failed to dial backend connection %v: %v", backend.Addr, err)
c.Close()
return
}
s.Printf("Initiated new connection to backend: %v %v", upConn.LocalAddr(), upConn.RemoteAddr())
// join the connections
totalBytes := s.joinConnections(c, upConn)
s.TrafCounter.Count(backend.Addr, c.RemoteAddr(), totalBytes)
return
}
作者:blacklabeldat
项目:cerebru
func (y *yamuxer) listen(ctx context.Context) {
defer y.listener.Close()
OUTER:
for {
// Accepts will only block for 1s
y.listener.SetDeadline(time.Now().Add(y.deadline))
select {
// Stop server on channel receive
case <-ctx.Done():
break OUTER
default:
// Accept new connection
tcpConn, err := y.listener.Accept()
if err != nil {
if neterr, ok := err.(net.Error); ok && neterr.Timeout() {
y.logger.Trace("Connection timeout...")
} else {
y.logger.Warn("Connection failed", "error", err)
}
continue
}
// Handle connection
y.logger.Info("Successful TCP connection:", tcpConn.RemoteAddr().String())
y.handleConn(y.grim.New(), tls.Server(tcpConn, y.tlsConfig))
}
}
return
}
作者:carriercom
项目:syncthin
func (d *relayDialer) Dial(id protocol.DeviceID, uri *url.URL) (IntermediateConnection, error) {
inv, err := client.GetInvitationFromRelay(uri, id, d.tlsCfg.Certificates, 10*time.Second)
if err != nil {
return IntermediateConnection{}, err
}
conn, err := client.JoinSession(inv)
if err != nil {
return IntermediateConnection{}, err
}
err = dialer.SetTCPOptions(conn)
if err != nil {
conn.Close()
return IntermediateConnection{}, err
}
var tc *tls.Conn
if inv.ServerSocket {
tc = tls.Server(conn, d.tlsCfg)
} else {
tc = tls.Client(conn, d.tlsCfg)
}
err = tc.Handshake()
if err != nil {
tc.Close()
return IntermediateConnection{}, err
}
return IntermediateConnection{tc, "Relay (Client)", relayPriority}, nil
}
作者:jano
项目:httphandler
func (l TLSListener) Accept() (net.Conn, error) {
c, err := l.AcceptTCP()
if err != nil {
return nil, err
}
c.SetKeepAlive(true)
c.SetKeepAlivePeriod(3 * time.Minute)
b := make([]byte, 1)
_, err = c.Read(b)
if err != nil {
c.Close()
if err != io.EOF {
return nil, err
}
}
con := &conn{
Conn: c,
b: b[0],
e: err,
f: true,
}
if b[0] == 22 {
return tls.Server(con, l.TLSConfig), nil
}
return con, nil
}
作者:kristallize
项目:syncthin
func (l *DowngradingListener) Accept() (net.Conn, error) {
conn, err := l.Listener.Accept()
if err != nil {
return nil, err
}
br := bufio.NewReader(conn)
conn.SetReadDeadline(time.Now().Add(1 * time.Second))
bs, err := br.Peek(1)
conn.SetReadDeadline(time.Time{})
if err != nil {
// We hit a read error here, but the Accept() call succeeded so we must not return an error.
// We return the connection as is and let whoever tries to use it deal with the error.
return conn, nil
}
wrapper := &WrappedConnection{br, conn}
// 0x16 is the first byte of a TLS handshake
if bs[0] == 0x16 {
return tls.Server(wrapper, l.TLSConfig), nil
}
return wrapper, nil
}
作者:ringtai
项目:etc
func (c *tlsCreds) ServerHandshake(rawConn net.Conn) (net.Conn, AuthInfo, error) {
conn := tls.Server(rawConn, c.config)
if err := conn.Handshake(); err != nil {
return nil, nil, err
}
return conn, TLSInfo{conn.ConnectionState()}, nil
}
作者:xyz1281
项目:v2ray-cor
func (this *TCPListener) KeepAccepting() {
for this.acccepting {
conn, err := this.listener.Accept()
this.Lock()
if !this.acccepting {
this.Unlock()
break
}
if this.tlsConfig != nil {
conn = tls.Server(conn, this.tlsConfig)
}
if this.authConfig != nil {
conn = this.authConfig.Server(conn)
}
select {
case this.awaitingConns <- &ConnectionWithError{
conn: conn,
err: err,
}:
default:
if conn != nil {
conn.Close()
}
}
this.Unlock()
}
}
作者:read-late
项目:bazi
// TODO this code is ugly
// TODO test coverage for error cases
func TestNewClientNotEd(t *testing.T) {
confSrv := mustGenerateTLSConfig(t, nil, nil)
client, server := net.Pipe()
defer client.Close()
defer server.Close()
var wg sync.WaitGroup
wg.Add(1)
go func() {
defer wg.Done()
c := tls.Server(server, confSrv)
defer c.Close()
_, _ = io.Copy(ioutil.Discard, c)
}()
confClient := mustGenerateTLSConfig(t, nil, nil)
confClient.InsecureSkipVerify = true
c, err := edtls.NewClient(client, confClient, testKeyPub)
if err == nil {
c.Close()
t.Fatal("expected an error")
}
if err != edtls.ErrNotEdTLS {
t.Fatalf("expected ErrNotEdTLS, got %T: %v", err, err)
}
wg.Wait()
}
作者:majestrat
项目:nntpcha
// handle inbound STARTTLS command
func upgradeTLS(c *v1Conn, line string, hooks EventHooks) (err error) {
if c.tlsConfig == nil {
err = c.printfLine("%s TLS not supported", RPL_TLSRejected)
} else {
err = c.printfLine("%s Continue with TLS Negotiation", RPL_TLSContinue)
if err == nil {
tconn := tls.Server(c.conn, c.tlsConfig)
err = tconn.Handshake()
if err == nil {
// successful tls handshake
c.tlsConn = tconn
c.C = textproto.NewConn(c.tlsConn)
} else {
// tls failed
log.WithFields(log.Fields{
"pkg": "nntp-conn",
"addr": c.conn.RemoteAddr(),
"state": c.state,
}).Warn("TLS Handshake failed ", err)
// fall back to plaintext
err = nil
}
}
}
return
}
作者:rmoorma
项目:lipwi
func (s *Server) configure(c *net.TCPConn) net.Conn {
c.SetNoDelay(true)
if s.cfg == nil {
return c
}
return tls.Server(c, s.cfg)
}
作者:zanell
项目:noma
func startTLSServer(config *Config) (net.Conn, chan error) {
errc := make(chan error, 1)
tlsConfigServer, err := config.IncomingTLSConfig()
if err != nil {
errc <- err
return nil, errc
}
client, server := net.Pipe()
// Use yamux to buffer the reads, otherwise it's easy to deadlock
muxConf := yamux.DefaultConfig()
serverSession, _ := yamux.Server(server, muxConf)
clientSession, _ := yamux.Client(client, muxConf)
clientConn, _ := clientSession.Open()
serverConn, _ := serverSession.Accept()
go func() {
tlsServer := tls.Server(serverConn, tlsConfigServer)
if err := tlsServer.Handshake(); err != nil {
errc <- err
}
close(errc)
// Because net.Pipe() is unbuffered, if both sides
// Close() simultaneously, we will deadlock as they
// both send an alert and then block. So we make the
// server read any data from the client until error or
// EOF, which will allow the client to Close(), and
// *then* we Close() the server.
io.Copy(ioutil.Discard, tlsServer)
tlsServer.Close()
}()
return clientConn, errc
}
作者:MindFlavo
项目:ftpserver
func (c *conn) SwitchToTLS() error {
log.WithFields(log.Fields{"c": c}).Debug("securableConn::conn::SwitchToTLS called")
sslConfig := tls.Config{Certificates: []tls.Certificate{*c.cert}}
log.WithFields(log.Fields{"c": c, "sslConfig": sslConfig}).Debug("securableConn::conn::SwitchToTLS sslConfig created")
srv := tls.Server(c.plain, &sslConfig)
log.WithFields(log.Fields{"c": c, "sslConfig": sslConfig, "srv": srv}).Debug("securableConn::conn::SwitchToTLS tls.Server created")
// err := srv.Handshake()
// if err != nil {
// return err
// }
log.WithFields(log.Fields{"c": c, "sslConfig": sslConfig}).Debug("securableConn::conn::SwitchToTLS done")
c.secure = srv
c.bufr = bufio.NewReader(c.secure)
c.bufw = bufio.NewWriter(c.secure)
log.WithFields(log.Fields{"c": c, "sslConfig": sslConfig}).Debug("securableConn::conn::SwitchToTLS ending")
return nil
}
作者:skriptbl
项目:nin
func (t *TCP) startTLS() (el element.Element, err error) {
var tlsConn *tls.Conn
if t.mode == stream.Initiating {
err = t.WriteElement(element.StartTLS)
if err != nil {
return
}
el, err = t.Next()
if err != nil || el.Tag != element.TLSProceed.Tag {
return
}
tlsConn = tls.Client(t.Conn, t.conf)
} else {
err = t.WriteElement(element.TLSProceed)
if err != nil {
return
}
tlsConn = tls.Server(t.Conn, t.conf)
}
err = tlsConn.Handshake()
if err != nil {
return
}
conn := net.Conn(tlsConn)
t.Conn = conn
t.Decoder = xml.NewDecoder(conn)
el = element.Element{}
err = stream.ErrRequireRestart
t.secure = true
log.Println("Done upgrading connection")
return
}
作者:borgstro
项目:reev
// HandleStartTLS is the companion to StartTLS, and will do the connection upgrade. It assumes
// that the TLS command byte has already been read. Like StartTLS it returns the peer name, or
// an error
func (p *Protocol) HandleStartTLS(identity *security.Identity, caCertificate *security.Certificate) (string, error) {
var (
err error
tlsConn *tls.Conn
)
// Build the config
config := new(tls.Config)
config.ClientAuth = tls.RequireAndVerifyClientCert
// Setup the tls connection
if err := p.tlsSetup(config, identity, caCertificate); err != nil {
return "", err
}
// Upgrade the connection to TLS
// TODO: Add a deadline here?
tlsConn = tls.Server(p.conn, config)
if err = tlsConn.Handshake(); err != nil {
return "", err
}
// Capture the connection state
cs := tlsConn.ConnectionState()
// And replace the original connection
p.conn = net.Conn(tlsConn)
p.setupBuffers()
// Send an Ack
p.Ack()
return cs.PeerCertificates[0].Subject.CommonName, nil
}
作者:achand
项目:g
// smtp server, finely tailored to deal with our own client only!
func serverHandle(c net.Conn, t *testing.T) error {
send := smtpSender{c}.send
send("220 127.0.0.1 ESMTP service ready")
s := bufio.NewScanner(c)
for s.Scan() {
switch s.Text() {
case "EHLO localhost":
send("250-127.0.0.1 ESMTP offers a warm hug of welcome")
send("250-STARTTLS")
send("250 Ok")
case "STARTTLS":
send("220 Go ahead")
keypair, err := tls.X509KeyPair(localhostCert, localhostKey)
if err != nil {
return err
}
config := &tls.Config{Certificates: []tls.Certificate{keypair}}
c = tls.Server(c, config)
defer c.Close()
return serverHandleTLS(c, t)
default:
t.Fatalf("unrecognized command: %q", s.Text())
}
}
return s.Err()
}
作者:eolex
项目:martia
// Hijack takes a net.Conn and the host name to create the SSL
// certificate for and returns a tls.Conn that can read and write
// to the given host over TLS.
func (mitm *MITM) Hijack(conn net.Conn, host string) (*tls.Conn, *bufio.ReadWriter, error) {
// Ensure the certificate we create is valid within a window of time to allow
// for clock skew.
start := time.Now().Add(-mitm.Validity)
end := time.Now().Add(mitm.Validity)
tpl, err := NewTemplate(mitm.Organization, host, start, end, mitm.PublicKey)
if err != nil {
return nil, nil, err
}
cb, err := x509.CreateCertificate(rand.Reader, tpl, mitm.Authority, mitm.PublicKey, mitm.PrivateKey)
if err != nil {
return nil, nil, err
}
config := &tls.Config{
Certificates: []tls.Certificate{
{
PrivateKey: mitm.PrivateKey,
Certificate: [][]byte{cb},
},
},
}
tlsConn := tls.Server(conn, config)
r := bufio.NewReader(tlsConn)
w := bufio.NewWriter(tlsConn)
return tlsConn, bufio.NewReadWriter(r, w), nil
}
作者:ylywy
项目:v2ray-cor
func (v *TCPListener) KeepAccepting() {
for v.acccepting {
conn, err := v.listener.Accept()
v.Lock()
if !v.acccepting {
v.Unlock()
break
}
if v.tlsConfig != nil {
conn = tls.Server(conn, v.tlsConfig)
}
if v.authConfig != nil {
conn = v.authConfig.Server(conn)
}
select {
case v.awaitingConns <- &ConnectionWithError{
conn: conn,
err: err,
}:
default:
if conn != nil {
conn.Close()
}
}
v.Unlock()
}
}
作者:edward
项目:reig
// FIXME: This ought to be refactored with the node
func (ic *incomingConnection) sslHandshake() error {
ic.Trace("Listener for %d in sslHandshake", ic.server.ID)
// FIXME: Demeter is yelling at me here.
if ic.nodeListener.failOnSSLHandshake {
ic.Trace("But I've been told to fail the handshake hard")
ic.terminate()
return errors.New("ssl handshake simulating failure")
}
tlsConfig := ic.nodeListener.connectionServer.Cluster.tlsConfig(ic.server.ID)
tls := tls.Server(ic.conn, tlsConfig)
ic.Trace("Listener for %d made the tlsConn, handshaking", ic.server.ID)
err := tls.Handshake()
ic.Trace("Listener for %d handshook err: %s", ic.server.ID, myString(err))
if err != nil {
return err
}
ic.tls = tls
ic.conn = tls
ic.output = gob.NewEncoder(ic.conn)
ic.input = gob.NewDecoder(ic.conn)
return nil
}
作者:gitHubOffica
项目:gos
func serverMethodSelected(method uint8, conn net.Conn) (net.Conn, error) {
switch method {
case MethodTLS:
var cert tls.Certificate
var err error
if len(CertFile) == 0 || len(KeyFile) == 0 {
cert, err = tls.X509KeyPair([]byte(rawCert), []byte(rawKey))
} else {
cert, err = tls.LoadX509KeyPair(CertFile, KeyFile)
}
if err != nil {
return nil, err
}
conn = tls.Server(conn, &tls.Config{Certificates: []tls.Certificate{cert}})
if err := svrTLSAuth(conn); err != nil {
return nil, err
}
case MethodAES128, MethodAES192, MethodAES256,
MethodDES, MethodBF, MethodCAST5, MethodRC4MD5, MethodRC4, MethodTable:
cipher, err := shadowsocks.NewCipher(Methods[method], Password)
if err != nil {
return nil, err
}
conn = shadowsocks.NewConn(conn, cipher)
case gosocks5.MethodNoAcceptable:
return nil, gosocks5.ErrBadMethod
}
return conn, nil
}
