shw-merge
xSmurf 7 years ago
parent 7d3e31a005
commit 972f733b63

@ -41,7 +41,7 @@ func readTLSChunk(conn net.Conn) ([]byte, int, error) {
cbyte := cbytes[0] cbyte := cbytes[0]
mlen := int(int(cbytes[3])<<8 | int(cbytes[4])) mlen := int(int(cbytes[3])<<8 | int(cbytes[4]))
// fmt.Printf("TLS data chunk header read: type = %#x, maj = %v, min = %v, len = %v\n", cbyte, cbytes[1], cbytes[2], mlen) // fmt.Printf("TLS data chunk header read: type = %#x, maj = %v, min = %v, len = %v\n", cbyte, cbytes[1], cbytes[2], mlen)
conn.SetReadDeadline(time.Now().Add(TLSGUARD_READ_TIMEOUT)) conn.SetReadDeadline(time.Now().Add(TLSGUARD_READ_TIMEOUT))
cbytes2, err := readNBytes(conn, mlen) cbytes2, err := readNBytes(conn, mlen)
@ -57,7 +57,7 @@ func readTLSChunk(conn net.Conn) ([]byte, int, error) {
func TLSGuard(conn, conn2 net.Conn, fqdn string) error { func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
// Should this be a requirement? // Should this be a requirement?
// if strings.HasSuffix(request.DestAddr.FQDN, "onion") { // if strings.HasSuffix(request.DestAddr.FQDN, "onion") {
//conn client //conn client
//conn2 server //conn2 server
@ -84,7 +84,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
for 1 == 1 { for 1 == 1 {
loop++ loop++
// fmt.Printf("SSL LOOP %v; trying to read: conn2\n", loop) // fmt.Printf("SSL LOOP %v; trying to read: conn2\n", loop)
chunk, rtype, err = readTLSChunk(conn2) chunk, rtype, err = readTLSChunk(conn2)
if err != nil { if err != nil {
@ -102,7 +102,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
if rtype == SSL3_RT_CHANGE_CIPHER_SPEC || rtype == SSL3_RT_APPLICATION_DATA || if rtype == SSL3_RT_CHANGE_CIPHER_SPEC || rtype == SSL3_RT_APPLICATION_DATA ||
rtype == SSL3_RT_ALERT { rtype == SSL3_RT_ALERT {
// fmt.Println("OTHER DATA; PASSING THRU") // fmt.Println("OTHER DATA; PASSING THRU")
passthru = true passthru = true
} else if rtype == SSL3_RT_HANDSHAKE { } else if rtype == SSL3_RT_HANDSHAKE {
passthru = false passthru = false
@ -111,7 +111,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
} }
if passthru { if passthru {
// fmt.Println("passthru writing buf again and continuing:") // fmt.Println("passthru writing buf again and continuing:")
conn.Write(chunk) conn.Write(chunk)
continue continue
} }
@ -124,7 +124,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
// Message len, 3 bytes // Message len, 3 bytes
serverMessageLen := serverMsg[1:4] serverMessageLen := serverMsg[1:4]
serverMessageLenInt := int(int(serverMessageLen[0])<<16 | int(serverMessageLen[1])<<8 | int(serverMessageLen[2])) serverMessageLenInt := int(int(serverMessageLen[0])<<16 | int(serverMessageLen[1])<<8 | int(serverMessageLen[2]))
// fmt.Printf("chunk len = %v, serverMsgLen = %v, slint = %v\n", len(chunk), len(serverMsg), serverMessageLenInt) // fmt.Printf("chunk len = %v, serverMsgLen = %v, slint = %v\n", len(chunk), len(serverMsg), serverMessageLenInt)
if len(serverMsg) < serverMessageLenInt { if len(serverMsg) < serverMessageLenInt {
return errors.New(fmt.Sprintf("len(serverMsg) %v < serverMessageLenInt %v!\n", len(serverMsg), serverMessageLenInt)) return errors.New(fmt.Sprintf("len(serverMsg) %v < serverMessageLenInt %v!\n", len(serverMsg), serverMessageLenInt))
} }
@ -145,7 +145,7 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
for remaining > 0 { for remaining > 0 {
certLen := int(int(pos[0])<<16 | int(pos[1])<<8 | int(pos[2])) certLen := int(int(pos[0])<<16 | int(pos[1])<<8 | int(pos[2]))
// fmt.Printf("Certs chain len %d, cert 1 len %d:\n", certChainLen, certLen) // fmt.Printf("Certs chain len %d, cert 1 len %d:\n", certChainLen, certLen)
cert := pos[3 : 3+certLen] cert := pos[3 : 3+certLen]
certs, err := x509.ParseCertificates(cert) certs, err := x509.ParseCertificates(cert)
if remaining == certChainLen { if remaining == certChainLen {
@ -164,22 +164,22 @@ func TLSGuard(conn, conn2 net.Conn, fqdn string) error {
} }
verifyOptions.Intermediates = pool verifyOptions.Intermediates = pool
// fmt.Println("ATTEMPTING TO VERIFY: ", fqdn) // fmt.Println("ATTEMPTING TO VERIFY: ", fqdn)
_, err = c.Verify(verifyOptions) _, err = c.Verify(verifyOptions)
// fmt.Println("ATTEMPTING TO VERIFY RESULT: ", err) // fmt.Println("ATTEMPTING TO VERIFY RESULT: ", err)
if err != nil { if err != nil {
return err return err
} else { } else {
valid = true valid = true
} }
// else if s == 0x0d { fmt.Printf("found a client cert request, sending buf to client\n") } // lse if s == 0x0d { fmt.Printf("found a client cert request, sending buf to client\n") }
} else if s == SSL3_MT_SERVER_DONE { } else if s == SSL3_MT_SERVER_DONE {
conn.Write(chunk) conn.Write(chunk)
break break
} else if s == SSL3_MT_CERTIFICATE_REQUEST { } else if s == SSL3_MT_CERTIFICATE_REQUEST {
break break
} }
// fmt.Printf("Sending chunk of type %d to client.\n", s) // fmt.Printf("Sending chunk of type %d to client.\n", s)
conn.Write(chunk) conn.Write(chunk)
} }

Loading…
Cancel
Save