matth
/
fw-daemon
mirror of https://github.com/subgraph/fw-daemon
1
1
Fork 0
Code Releases Activity

fmt..

Browse Source
shw-merge
xSmurf 7 years ago
parent 7d3e31a005
commit 972f733b63
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File

22
sgfw/tlsguard.go
Unescape View File

@ -41,7 +41,7 @@ func readTLSChunk(conn net.Conn) ([]byte, int, error) {
cbyte := cbytes[0]
mlen := int(int(cbytes[3])<<8 | int(cbytes[4]))
// fmt.Printf("TLS data chunk header read: type = %#x, maj = %v, min = %v, len = %v\n", cbyte, cbytes[1], cbytes[2], mlen)
// fmt.Printf("TLS data chunk header read: type = %#x, maj = %v, min = %v, len = %v\n", cbyte, cbytes[1], cbytes[2], mlen)
conn.SetReadDeadline(time.Now().Add(TLSGUARD_READ_TIMEOUT))
cbytes2, err := readNBytes(conn, mlen)
@ -57,7 +57,7 @@ func readTLSChunk(conn net.Conn) ([]byte, int, error) {
func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
// Should this be a requirement?
// if strings.HasSuffix(request.DestAddr.FQDN, "onion") {
// if strings.HasSuffix(request.DestAddr.FQDN, "onion") {
//conn client
//conn2 server
@ -84,7 +84,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
for 1 == 1 {
loop++
// fmt.Printf("SSL LOOP %v; trying to read: conn2\n", loop)
// fmt.Printf("SSL LOOP %v; trying to read: conn2\n", loop)
chunk, rtype, err = readTLSChunk(conn2)
if err != nil {
@ -102,7 +102,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
if rtype == SSL3_RT_CHANGE_CIPHER_SPEC || rtype == SSL3_RT_APPLICATION_DATA ||
rtype == SSL3_RT_ALERT {
// fmt.Println("OTHER DATA; PASSING THRU")
// fmt.Println("OTHER DATA; PASSING THRU")
passthru = true
} else if rtype == SSL3_RT_HANDSHAKE {
passthru = false
@ -111,7 +111,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
}
if passthru {
// fmt.Println("passthru writing buf again and continuing:")
// fmt.Println("passthru writing buf again and continuing:")
conn.Write(chunk)
continue
}
@ -124,7 +124,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
// Message len, 3 bytes
serverMessageLen := serverMsg[1:4]
serverMessageLenInt := int(int(serverMessageLen[0])<<16 | int(serverMessageLen[1])<<8 | int(serverMessageLen[2]))
// fmt.Printf("chunk len = %v, serverMsgLen = %v, slint = %v\n", len(chunk), len(serverMsg), serverMessageLenInt)
// fmt.Printf("chunk len = %v, serverMsgLen = %v, slint = %v\n", len(chunk), len(serverMsg), serverMessageLenInt)
if len(serverMsg) < serverMessageLenInt {
return errors.New(fmt.Sprintf("len(serverMsg) %v < serverMessageLenInt %v!\n", len(serverMsg), serverMessageLenInt))
}
@ -145,7 +145,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
for remaining > 0 {
certLen := int(int(pos[0])<<16 | int(pos[1])<<8 | int(pos[2]))
// fmt.Printf("Certs chain len %d, cert 1 len %d:\n", certChainLen, certLen)
// fmt.Printf("Certs chain len %d, cert 1 len %d:\n", certChainLen, certLen)
cert := pos[3 : 3+certLen]
certs, err := x509.ParseCertificates(cert)
if remaining == certChainLen {
@ -164,22 +164,22 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
}
verifyOptions.Intermediates = pool
// fmt.Println("ATTEMPTING TO VERIFY: ", fqdn)
// fmt.Println("ATTEMPTING TO VERIFY: ", fqdn)
_, err = c.Verify(verifyOptions)
// fmt.Println("ATTEMPTING TO VERIFY RESULT: ", err)
// fmt.Println("ATTEMPTING TO VERIFY RESULT: ", err)
if err != nil {
return err
} else {
valid = true
}
// else if s == 0x0d { fmt.Printf("found a client cert request, sending buf to client\n") }
// lse if s == 0x0d { fmt.Printf("found a client cert request, sending buf to client\n") }
} else if s == SSL3_MT_SERVER_DONE {
conn.Write(chunk)
break
} else if s == SSL3_MT_CERTIFICATE_REQUEST {
break
}
// fmt.Printf("Sending chunk of type %d to client.\n", s)
// fmt.Printf("Sending chunk of type %d to client.\n", s)
conn.Write(chunk)
}

Write Preview
Loading…
Cancel
Save