back to standard tls library

6 years ago · 0a49b118b7
parent aa9682d29c
commit 0a49b118b7
2 changed files with 20 additions and 130 deletions
--- a/handler.go
+++ b/handler.go
@ -1,8 +1,6 @@
 package main
 import (
 	"bufio"
 	"bytes"
 	"fmt"
 	"io"
 	"log"
@ -11,9 +9,7 @@ import (
 	"strings"
 	"time"
 	"github.com/fangdingjun/gnutls"
 	auth "github.com/fangdingjun/go-http-auth"
 	nghttp2 "github.com/fangdingjun/nghttp2-go"
 )
 // handler process the proxy request first(if enabled)
@ -249,107 +245,3 @@ func pipeAndClose(r1, r2 io.ReadWriteCloser) {
 	<-ch
 }
 func handleHTTPClient(c net.Conn, handler http.Handler) {
 	tlsconn := c.(*gnutls.Conn)
 	if err := tlsconn.Handshake(); err != nil {
 		log.Println(err)
 		return
 	}
 	state := tlsconn.ConnectionState()
 	if state.NegotiatedProtocol == "h2" {
 		h2conn, err := nghttp2.Server(tlsconn, handler)
 		if err != nil {
 			log.Println(err)
 		}
 		h2conn.Run()
 		h2conn = nil
 		return
 	}
 	defer c.Close()
 	r := bufio.NewReader(tlsconn)
 	buf := new(bytes.Buffer)
 	for {
 		req, err := http.ReadRequest(r)
 		if err != nil {
 			return
 		}
 		addr := tlsconn.RemoteAddr().String()
 		req.RemoteAddr = addr
 		rh := &responseHandler{
 			c:      tlsconn,
 			header: http.Header{},
 			buf:    buf,
 		}
 		handler.ServeHTTP(rh, req)
 		rh.Write(nil)
 		rh.buf.WriteTo(rh.c)
 		if req.Body != nil {
 			req.Body.Close()
 		}
 	}
 }
 type responseHandler struct {
 	c            net.Conn
 	statusCode   int
 	header       http.Header
 	responseSend bool
 	w            io.Writer
 	buf          *bytes.Buffer
 }
 func (r *responseHandler) WriteHeader(statusCode int) {
 	if r.responseSend {
 		return
 	}
 	r.buf.Reset()
 	r.statusCode = statusCode
 	cl := r.header.Get("content-length")
 	te := r.header.Get("transfer-encoding")
 	if cl == "" || te != "" {
 		if te == "" {
 			r.header.Set("transfer-encoding", "chunked")
 		}
 		r.w = &chunkWriter{r.buf}
 	} else {
 		r.w = r.buf
 	}
 	fmt.Fprintf(r.buf, "HTTP/1.1 %d %s\r\n", statusCode,
 		http.StatusText(statusCode))
 	for k, v := range r.header {
 		fmt.Fprintf(r.buf, "%s: %s\r\n", strings.Title(k), strings.Join(v, ","))
 	}
 	fmt.Fprintf(r.buf, "\r\n")
 	r.responseSend = true
 }
 func (r *responseHandler) Header() http.Header {
 	return r.header
 }
 func (r *responseHandler) Write(buf []byte) (int, error) {
 	if !r.responseSend {
 		r.WriteHeader(http.StatusOK)
 	}
 	n, err := r.w.Write(buf)
 	if r.buf.Len() > 2048 {
 		r.buf.WriteTo(r.c)
 	}
 	return n, err
 }
 var _ http.ResponseWriter = &responseHandler{}
 type chunkWriter struct {
 	w io.Writer
 }
 func (cw *chunkWriter) Write(buf []byte) (int, error) {
 	n := len(buf)
 	if n == 0 {
 		return fmt.Fprintf(cw.w, "0\r\n\r\n")
 	}
 	return fmt.Fprintf(cw.w, "%x\r\n%s\r\n", n, string(buf))
 }
--- a/routers.go
+++ b/routers.go
@ -7,15 +7,19 @@ import (
 	"net"
 	"net/http"
 	"net/http/httputil"
 	//_ "net/http/pprof"
 	"net/url"
 	"os"
 	"regexp"
 	"strings"
 	"sync"
-	"github.com/fangdingjun/gnutls"
+	"crypto/tls"
 	//"github.com/fangdingjun/gnutls"
 	auth "github.com/fangdingjun/go-http-auth"
 	"github.com/fangdingjun/gofast"
 	"github.com/fangdingjun/nghttp2-go"
 	loghandler "github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 )
@ -48,7 +52,7 @@ func initRouters(cfg conf) {
 	for _, l := range cfg {
 		router := mux.NewRouter()
 		domains := []string{}
-		certs := []*gnutls.Certificate{}
+		certs := []tls.Certificate{}
 		// initial virtual host
 		for _, h := range l.Vhost {
@ -58,7 +62,7 @@ func initRouters(cfg conf) {
 			}
 			domains = append(domains, h2)
 			if h.Cert != "" && h.Key != "" {
-				if cert, err := gnutls.LoadX509KeyPair(h.Cert, h.Key); err == nil {
+				if cert, err := tls.LoadX509KeyPair(h.Cert, h.Key); err == nil {
 					certs = append(certs, cert)
 				} else {
 					log.Fatal(err)
@ -101,7 +105,7 @@ func initRouters(cfg conf) {
 				fmt.Printf("invalid type: %s\n", rule.Type)
 			}
 		}
-
+		//router.PathPrefix("/debug/").Handler(http.DefaultServeMux)
 		router.PathPrefix("/").Handler(http.FileServer(http.Dir(l.Docroot)))
 		go func(l server) {
@ -127,30 +131,24 @@ func initRouters(cfg conf) {
 			}
 			if len(certs) > 0 {
-				tlsconfig := &gnutls.Config{
+				tlsconfig := &tls.Config{
 					Certificates: certs,
 					NextProtos:   []string{"h2", "http/1.1"},
 				}
 				listener, err := gnutls.Listen("tcp", addr, tlsconfig)
 				if err != nil {
 					log.Fatal(err)
 				}
 				handler := loghandler.CombinedLoggingHandler(w, hdlr)
 				//handler := hdlr
 				log.Printf("listen https on %s", addr)
-				go func() {
+				srv := &http.Server{
-					defer listener.Close()
+					Addr:      addr,
-					for {
+					Handler:   handler,
-						conn, err := listener.Accept()
+					TLSConfig: tlsconfig,
-						if err != nil {
+					TLSNextProto: map[string]func(*http.Server, *tls.Conn, http.Handler){
-							log.Println(err)
+						"h2": nghttp2.HTTP2Handler,
-							break
+					},
-						}
+				}
-						go handleHTTPClient(conn, handler)
+				if err := srv.ListenAndServeTLS("", ""); err != nil {
-					}
+					log.Fatal(err)
-				}()
+				}
 			} else {
 				log.Printf("listen http on %s", addr)
 				handler := loghandler.CombinedLoggingHandler(w, hdlr)