|
|
@@ -17,16 +17,48 @@
|
|
|
*
|
|
|
*/
|
|
|
|
|
|
+/*
|
|
|
+Copyright (c) 2012 The Go Authors. All rights reserved.
|
|
|
+
|
|
|
+Redistribution and use in source and binary forms, with or without
|
|
|
+modification, are permitted provided that the following conditions are
|
|
|
+met:
|
|
|
+
|
|
|
+ * Redistributions of source code must retain the above copyright
|
|
|
+notice, this list of conditions and the following disclaimer.
|
|
|
+ * Redistributions in binary form must reproduce the above
|
|
|
+copyright notice, this list of conditions and the following disclaimer
|
|
|
+in the documentation and/or other materials provided with the
|
|
|
+distribution.
|
|
|
+ * Neither the name of Google Inc. nor the names of its
|
|
|
+contributors may be used to endorse or promote products derived from
|
|
|
+this software without specific prior written permission.
|
|
|
+
|
|
|
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
+*/
|
|
|
+
|
|
|
package psiphon
|
|
|
|
|
|
import (
|
|
|
"crypto/rand"
|
|
|
+ "crypto/tls"
|
|
|
"crypto/x509"
|
|
|
"encoding/base64"
|
|
|
"errors"
|
|
|
"fmt"
|
|
|
"math/big"
|
|
|
"net"
|
|
|
+ "net/http"
|
|
|
"net/url"
|
|
|
"os"
|
|
|
"runtime"
|
|
|
@@ -249,3 +281,36 @@ func TruncateTimestampToHour(timestamp string) string {
|
|
|
}
|
|
|
return t.Truncate(1 * time.Hour).Format(time.RFC3339)
|
|
|
}
|
|
|
+
|
|
|
+// HTTPSServer is a wrapper around http.Server which adds the
|
|
|
+// ServeTLS function.
|
|
|
+type HTTPSServer struct {
|
|
|
+ http.Server
|
|
|
+}
|
|
|
+
|
|
|
+// ServeTLS is a offers the equivalent interface as http.Serve.
|
|
|
+// The http package has both ListenAndServe and ListenAndServeTLS higher-
|
|
|
+// level interfaces, but only Serve (not TLS) offers a lower-level interface that
|
|
|
+// allows the caller to keep a refererence to the Listener, allowing for external
|
|
|
+// shutdown. ListenAndServeTLS also requires the TLS cert and key to be in files
|
|
|
+// and we avoid that here.
|
|
|
+// tcpKeepAliveListener is used in http.ListenAndServeTLS but not exported,
|
|
|
+// so we use a copy from https://golang.org/src/net/http/server.go.
|
|
|
+func (server *HTTPSServer) ServeTLS(listener net.Listener) error {
|
|
|
+ tlsListener := tls.NewListener(tcpKeepAliveListener{listener.(*net.TCPListener)}, server.TLSConfig)
|
|
|
+ return server.Serve(tlsListener)
|
|
|
+}
|
|
|
+
|
|
|
+type tcpKeepAliveListener struct {
|
|
|
+ *net.TCPListener
|
|
|
+}
|
|
|
+
|
|
|
+func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {
|
|
|
+ tc, err := ln.AcceptTCP()
|
|
|
+ if err != nil {
|
|
|
+ return
|
|
|
+ }
|
|
|
+ tc.SetKeepAlive(true)
|
|
|
+ tc.SetKeepAlivePeriod(3 * time.Minute)
|
|
|
+ return tc, nil
|
|
|
+}
|
Rod Hynes