From 20ec7e97a6e7ba205f5f1947a7658e8e75ccc23f Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Tue, 15 Jan 2019 10:30:04 +0100 Subject: [PATCH 1/9] isNet before merge --- d4-goclient.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/d4-goclient.go b/d4-goclient.go index 2b13eed..4f2af82 100644 --- a/d4-goclient.go +++ b/d4-goclient.go @@ -9,8 +9,10 @@ import ( "fmt" "io" "log" + "net" "os" "strconv" + "strings" "time" //BSD 3 @@ -209,6 +211,17 @@ func d4checkConfig(d4 *d4S) bool { return true } +func isNet(d []byte) (bool, []string) { + ss := strings.Split(string(d), ":") + if len(ss) != 1 { + if net.ParseIP(ss[0]) != nil { + infof(fmt.Sprintf("Server IP: %s, Server Port: %s\n", ss[0], ss[1])) + return true, make([]string, 0) + } + } + return false, ss +} + func generateUUIDv4() []byte { uuid, err := uuid.NewV4() if err != nil { From 130f8181103c3f93d9be4138459c3b0aefd5837f Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Tue, 15 Jan 2019 11:24:55 +0100 Subject: [PATCH 2/9] initial working tls connection --- d4-goclient.go | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/d4-goclient.go b/d4-goclient.go index f38e73f..742d60b 100644 --- a/d4-goclient.go +++ b/d4-goclient.go @@ -4,6 +4,7 @@ import ( "bytes" "crypto/hmac" "crypto/sha256" + "crypto/tls" "encoding/binary" "flag" "fmt" @@ -197,13 +198,22 @@ func d4checkConfig(d4 *d4S) bool { f, _ := os.Open("capture.pcap") (*d4).src = f } - - switch (*d4).conf.destination { - case "stdout": - (*d4).dst = newD4Writer(os.Stdout, (*d4).conf.key) - case "file": - f, _ := os.Create("test.txt") - (*d4).dst = newD4Writer(f, (*d4).conf.key) + isn, dstnet := isNet((*d4).conf.destination) + if isn { + //conn, err := net.Dial("tcp", dstnet[0]+":"+dstnet[1]) + conn, err := tls.Dial("tcp", dstnet[0]+":"+dstnet[1], &tls.Config{InsecureSkipVerify: true}) + if err != nil { + log.Fatal(err) + } + (*d4).dst = newD4Writer(conn, (*d4).conf.key) + } else { + switch (*d4).conf.destination { + case "stdout": + (*d4).dst = newD4Writer(os.Stdout, (*d4).conf.key) + case "file": + f, _ := os.Create("test.txt") + (*d4).dst = newD4Writer(f, (*d4).conf.key) + } } // Create the copy buffer @@ -213,15 +223,15 @@ func d4checkConfig(d4 *d4S) bool { return true } -func isNet(d []byte) (bool, []string) { +func isNet(d string) (bool, []string) { ss := strings.Split(string(d), ":") if len(ss) != 1 { if net.ParseIP(ss[0]) != nil { infof(fmt.Sprintf("Server IP: %s, Server Port: %s\n", ss[0], ss[1])) - return true, make([]string, 0) + return true, ss } } - return false, ss + return false, make([]string, 0) } func generateUUIDv4() []byte { From 05b5750840bf6d1b74e941d891b9ce66f6b2e4c7 Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Wed, 16 Jan 2019 15:58:45 +0100 Subject: [PATCH 3/9] nosocat without dying on disconnect --- conf.sample/destination | 2 +- d4-goclient.go | 58 +++++++++++++++++++++++++++++++---------- 2 files changed, 45 insertions(+), 15 deletions(-) diff --git a/conf.sample/destination b/conf.sample/destination index faa3a15..0af60f3 100644 --- a/conf.sample/destination +++ b/conf.sample/destination @@ -1 +1 @@ -stdout +127.0.0.1:4443 diff --git a/d4-goclient.go b/d4-goclient.go index 742d60b..1d6d408 100644 --- a/d4-goclient.go +++ b/d4-goclient.go @@ -123,15 +123,43 @@ func main() { defer fmt.Print(&buf) } - if d4loadConfig(d4p) == true { - if d4.dst.initHeader(d4p) == true { - io.CopyBuffer(&d4.dst, d4.src, d4.dst.pb) + // TODO add flags for timeouts / fail on disconnect + c := make(chan string) + for { + if set(d4p) { + go d4Copy(d4p, c) + } else { + go func() { + time.Sleep(5 * time.Second) + fmt.Println("Sleeping.. before retry") + c <- "done waiting" + }() } + <-c + } +} + +func set(d4 *d4S) bool { + if d4loadConfig(d4) { + if setReaderWriters(d4) { + if d4.dst.initHeader(d4) { + return true + } + } + } + return false +} + +func d4Copy(d4 *d4S, c chan string) { + _, err := io.CopyBuffer(&d4.dst, d4.src, d4.dst.pb) + if err != nil { + c <- fmt.Sprintf("%s", err) } } func readConfFile(d4 *d4S, fileName string) []byte { f, err := os.Open((*d4).confdir + "/" + fileName) + defer f.Close() if err != nil { log.Fatal(err) } @@ -161,12 +189,12 @@ func d4loadConfig(d4 *d4S) bool { (*d4).conf.uuid = generateUUIDv4() // And push it into the conf file f, err := os.OpenFile((*d4).confdir+"/uuid", os.O_WRONLY|os.O_CREATE, 0666) + defer f.Close() if err != nil { log.Fatal(err) } // store as canonical representation f.WriteString(fmt.Sprintf("%s", uuid.FromBytesOrNil((*d4).conf.uuid)) + "\n") - f.Close() } else { (*d4).conf.uuid = tmpu.Bytes() } @@ -180,7 +208,7 @@ func d4loadConfig(d4 *d4S) bool { // parse type to uint8 tmp, _ = strconv.ParseUint(string(readConfFile(d4, "type")), 10, 8) (*d4).conf.ttype = uint8(tmp) - return d4checkConfig(d4) + return true } func newD4Writer(writer io.Writer, key []byte) d4Writer { @@ -188,7 +216,7 @@ func newD4Writer(writer io.Writer, key []byte) d4Writer { } // TODO QUICK IMPLEM, REVISE -func d4checkConfig(d4 *d4S) bool { +func setReaderWriters(d4 *d4S) bool { //TODO implement other destination file, fifo unix_socket ... switch (*d4).conf.source { @@ -200,10 +228,15 @@ func d4checkConfig(d4 *d4S) bool { } isn, dstnet := isNet((*d4).conf.destination) if isn { - //conn, err := net.Dial("tcp", dstnet[0]+":"+dstnet[1]) - conn, err := tls.Dial("tcp", dstnet[0]+":"+dstnet[1], &tls.Config{InsecureSkipVerify: true}) - if err != nil { - log.Fatal(err) + dial := net.Dialer{ + DualStack: true, + Timeout: 5 * time.Second, + KeepAlive: 2 * time.Hour, + FallbackDelay: 0, + } + conn, errc := tls.DialWithDialer(&dial, "tcp", dstnet[0]+":"+dstnet[1], &tls.Config{InsecureSkipVerify: true}) + if errc != nil { + return false } (*d4).dst = newD4Writer(conn, (*d4).conf.key) } else { @@ -256,10 +289,7 @@ func (d4w *d4Writer) Write(bs []byte) (int, error) { d4w.updateHMAC(len(bs)) // Eventually write binary in the sink err := binary.Write(d4w.w, binary.LittleEndian, d4w.fb[:62+len(bs)]) - if err != nil { - log.Fatal(err) - } - return len(bs), nil + return len(bs), err } // TODO write go idiomatic err return values From 6291fa12579d98a8fbe03d5fd23eeb3078c148fe Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Tue, 15 Jan 2019 10:30:04 +0100 Subject: [PATCH 4/9] isNet before merge --- d4-goclient.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/d4-goclient.go b/d4-goclient.go index ce2002a..f38e73f 100644 --- a/d4-goclient.go +++ b/d4-goclient.go @@ -9,8 +9,10 @@ import ( "fmt" "io" "log" + "net" "os" "strconv" + "strings" "time" //BSD 3 @@ -211,6 +213,17 @@ func d4checkConfig(d4 *d4S) bool { return true } +func isNet(d []byte) (bool, []string) { + ss := strings.Split(string(d), ":") + if len(ss) != 1 { + if net.ParseIP(ss[0]) != nil { + infof(fmt.Sprintf("Server IP: %s, Server Port: %s\n", ss[0], ss[1])) + return true, make([]string, 0) + } + } + return false, ss +} + func generateUUIDv4() []byte { uuid, err := uuid.NewV4() if err != nil { From 2287794be21dca6f1223fe2a1d6807b76e2eed03 Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Tue, 15 Jan 2019 11:24:55 +0100 Subject: [PATCH 5/9] initial working tls connection --- d4-goclient.go | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/d4-goclient.go b/d4-goclient.go index f38e73f..742d60b 100644 --- a/d4-goclient.go +++ b/d4-goclient.go @@ -4,6 +4,7 @@ import ( "bytes" "crypto/hmac" "crypto/sha256" + "crypto/tls" "encoding/binary" "flag" "fmt" @@ -197,13 +198,22 @@ func d4checkConfig(d4 *d4S) bool { f, _ := os.Open("capture.pcap") (*d4).src = f } - - switch (*d4).conf.destination { - case "stdout": - (*d4).dst = newD4Writer(os.Stdout, (*d4).conf.key) - case "file": - f, _ := os.Create("test.txt") - (*d4).dst = newD4Writer(f, (*d4).conf.key) + isn, dstnet := isNet((*d4).conf.destination) + if isn { + //conn, err := net.Dial("tcp", dstnet[0]+":"+dstnet[1]) + conn, err := tls.Dial("tcp", dstnet[0]+":"+dstnet[1], &tls.Config{InsecureSkipVerify: true}) + if err != nil { + log.Fatal(err) + } + (*d4).dst = newD4Writer(conn, (*d4).conf.key) + } else { + switch (*d4).conf.destination { + case "stdout": + (*d4).dst = newD4Writer(os.Stdout, (*d4).conf.key) + case "file": + f, _ := os.Create("test.txt") + (*d4).dst = newD4Writer(f, (*d4).conf.key) + } } // Create the copy buffer @@ -213,15 +223,15 @@ func d4checkConfig(d4 *d4S) bool { return true } -func isNet(d []byte) (bool, []string) { +func isNet(d string) (bool, []string) { ss := strings.Split(string(d), ":") if len(ss) != 1 { if net.ParseIP(ss[0]) != nil { infof(fmt.Sprintf("Server IP: %s, Server Port: %s\n", ss[0], ss[1])) - return true, make([]string, 0) + return true, ss } } - return false, ss + return false, make([]string, 0) } func generateUUIDv4() []byte { From fec9fd7a13527d9d7a8d8be9164c2247624a53a7 Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Wed, 16 Jan 2019 15:58:45 +0100 Subject: [PATCH 6/9] nosocat without dying on disconnect --- conf.sample/destination | 2 +- d4-goclient.go | 58 +++++++++++++++++++++++++++++++---------- 2 files changed, 45 insertions(+), 15 deletions(-) diff --git a/conf.sample/destination b/conf.sample/destination index faa3a15..0af60f3 100644 --- a/conf.sample/destination +++ b/conf.sample/destination @@ -1 +1 @@ -stdout +127.0.0.1:4443 diff --git a/d4-goclient.go b/d4-goclient.go index 742d60b..1d6d408 100644 --- a/d4-goclient.go +++ b/d4-goclient.go @@ -123,15 +123,43 @@ func main() { defer fmt.Print(&buf) } - if d4loadConfig(d4p) == true { - if d4.dst.initHeader(d4p) == true { - io.CopyBuffer(&d4.dst, d4.src, d4.dst.pb) + // TODO add flags for timeouts / fail on disconnect + c := make(chan string) + for { + if set(d4p) { + go d4Copy(d4p, c) + } else { + go func() { + time.Sleep(5 * time.Second) + fmt.Println("Sleeping.. before retry") + c <- "done waiting" + }() } + <-c + } +} + +func set(d4 *d4S) bool { + if d4loadConfig(d4) { + if setReaderWriters(d4) { + if d4.dst.initHeader(d4) { + return true + } + } + } + return false +} + +func d4Copy(d4 *d4S, c chan string) { + _, err := io.CopyBuffer(&d4.dst, d4.src, d4.dst.pb) + if err != nil { + c <- fmt.Sprintf("%s", err) } } func readConfFile(d4 *d4S, fileName string) []byte { f, err := os.Open((*d4).confdir + "/" + fileName) + defer f.Close() if err != nil { log.Fatal(err) } @@ -161,12 +189,12 @@ func d4loadConfig(d4 *d4S) bool { (*d4).conf.uuid = generateUUIDv4() // And push it into the conf file f, err := os.OpenFile((*d4).confdir+"/uuid", os.O_WRONLY|os.O_CREATE, 0666) + defer f.Close() if err != nil { log.Fatal(err) } // store as canonical representation f.WriteString(fmt.Sprintf("%s", uuid.FromBytesOrNil((*d4).conf.uuid)) + "\n") - f.Close() } else { (*d4).conf.uuid = tmpu.Bytes() } @@ -180,7 +208,7 @@ func d4loadConfig(d4 *d4S) bool { // parse type to uint8 tmp, _ = strconv.ParseUint(string(readConfFile(d4, "type")), 10, 8) (*d4).conf.ttype = uint8(tmp) - return d4checkConfig(d4) + return true } func newD4Writer(writer io.Writer, key []byte) d4Writer { @@ -188,7 +216,7 @@ func newD4Writer(writer io.Writer, key []byte) d4Writer { } // TODO QUICK IMPLEM, REVISE -func d4checkConfig(d4 *d4S) bool { +func setReaderWriters(d4 *d4S) bool { //TODO implement other destination file, fifo unix_socket ... switch (*d4).conf.source { @@ -200,10 +228,15 @@ func d4checkConfig(d4 *d4S) bool { } isn, dstnet := isNet((*d4).conf.destination) if isn { - //conn, err := net.Dial("tcp", dstnet[0]+":"+dstnet[1]) - conn, err := tls.Dial("tcp", dstnet[0]+":"+dstnet[1], &tls.Config{InsecureSkipVerify: true}) - if err != nil { - log.Fatal(err) + dial := net.Dialer{ + DualStack: true, + Timeout: 5 * time.Second, + KeepAlive: 2 * time.Hour, + FallbackDelay: 0, + } + conn, errc := tls.DialWithDialer(&dial, "tcp", dstnet[0]+":"+dstnet[1], &tls.Config{InsecureSkipVerify: true}) + if errc != nil { + return false } (*d4).dst = newD4Writer(conn, (*d4).conf.key) } else { @@ -256,10 +289,7 @@ func (d4w *d4Writer) Write(bs []byte) (int, error) { d4w.updateHMAC(len(bs)) // Eventually write binary in the sink err := binary.Write(d4w.w, binary.LittleEndian, d4w.fb[:62+len(bs)]) - if err != nil { - log.Fatal(err) - } - return len(bs), nil + return len(bs), err } // TODO write go idiomatic err return values From e035adb07fd8798dfb40bd314554c118a1aa9bf5 Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Thu, 17 Jan 2019 10:52:22 +0100 Subject: [PATCH 7/9] new Flags for timeout, keep alive, and retry + downgrade ssl --- d4-goclient.go | 44 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/d4-goclient.go b/d4-goclient.go index 1d6d408..44f2956 100644 --- a/d4-goclient.go +++ b/d4-goclient.go @@ -52,6 +52,10 @@ type ( src io.Reader dst d4Writer confdir string + cka time.Duration + ct time.Duration + ce bool + retry time.Duration d4error uint8 errnoCopy uint8 debug bool @@ -77,8 +81,16 @@ var ( logger.Output(2, info) } + tmpct, _ = time.ParseDuration("5mn") + tmpcka, _ = time.ParseDuration("2h") + tmpretry, _ = time.ParseDuration("30s") + confdir = flag.String("c", "", "configuration directory") debug = flag.Bool("v", false, "Set to True, true, TRUE, 1, or t to enable verbose output on stdout") + ce = flag.Bool("ce", true, "Set to True, true, TRUE, 1, or t to enable TLS on network destination") + ct = flag.Duration("ct", tmpct, "Set timeout in human format") + cka = flag.Duration("cka", tmpcka, "Keep Alive time human format, 0 to disable") + retry = flag.Duration("rt", tmpretry, "Time in human format before retry after connection failure, set to 0 to exit on failure") ) func main() { @@ -107,6 +119,10 @@ func main() { fmt.Printf("destination - the destination where the data is written to\n") fmt.Printf("\n") fmt.Printf("-v [TRUE] for verbose output on stdout") + fmt.Printf("-ce [TRUE] if destination is set to ip:port, use of tls") + fmt.Printf("-ct [300] if destination is set to ip:port, timeout in seconds") + fmt.Printf("-cka [3600] if destination is set to ip:port, keepalive in seconds") + fmt.Printf("-retry [5] if destination is set to ip:port, keepalive in seconds") flag.PrintDefaults() } @@ -116,6 +132,10 @@ func main() { os.Exit(1) } d4.confdir = *confdir + d4.ce = *ce + d4.ct = *ct + d4.cka = *cka + d4.retry = *retry // Output logging before closing if debug is enabled if *debug == true { @@ -130,8 +150,8 @@ func main() { go d4Copy(d4p, c) } else { go func() { - time.Sleep(5 * time.Second) - fmt.Println("Sleeping.. before retry") + time.Sleep(d4.retry) + infof(fmt.Sprintf("Sleeping for %f seconds before retry.\n", d4.retry.Seconds())) c <- "done waiting" }() } @@ -230,15 +250,23 @@ func setReaderWriters(d4 *d4S) bool { if isn { dial := net.Dialer{ DualStack: true, - Timeout: 5 * time.Second, - KeepAlive: 2 * time.Hour, + Timeout: (*d4).ct, + KeepAlive: (*d4).cka, FallbackDelay: 0, } - conn, errc := tls.DialWithDialer(&dial, "tcp", dstnet[0]+":"+dstnet[1], &tls.Config{InsecureSkipVerify: true}) - if errc != nil { - return false + if (*d4).ce == true { + conn, errc := tls.DialWithDialer(&dial, "tcp", dstnet[0]+":"+dstnet[1], &tls.Config{InsecureSkipVerify: true}) + if errc != nil { + return false + } + (*d4).dst = newD4Writer(conn, (*d4).conf.key) + } else { + conn, errc := dial.Dial("tcp", dstnet[0]+":"+dstnet[1]) + if errc != nil { + return false + } + (*d4).dst = newD4Writer(conn, (*d4).conf.key) } - (*d4).dst = newD4Writer(conn, (*d4).conf.key) } else { switch (*d4).conf.destination { case "stdout": From 59c834c5c6c11a577bcb383b0e253766a838ea99 Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Thu, 17 Jan 2019 14:41:40 +0100 Subject: [PATCH 8/9] panics and retry 0 --- d4-goclient.go | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/d4-goclient.go b/d4-goclient.go index 969120a..6ee3edd 100644 --- a/d4-goclient.go +++ b/d4-goclient.go @@ -120,9 +120,9 @@ func main() { fmt.Printf("\n") fmt.Printf("-v [TRUE] for verbose output on stdout") fmt.Printf("-ce [TRUE] if destination is set to ip:port, use of tls") - fmt.Printf("-ct [300] if destination is set to ip:port, timeout in seconds") - fmt.Printf("-cka [3600] if destination is set to ip:port, keepalive in seconds") - fmt.Printf("-retry [5] if destination is set to ip:port, keepalive in seconds") + fmt.Printf("-ct [300] if destination is set to ip:port, timeout") + fmt.Printf("-cka [3600] if destination is set to ip:port, keepalive") + fmt.Printf("-retry [5] if destination is set to ip:port, retry period ") flag.PrintDefaults() } @@ -143,17 +143,18 @@ func main() { defer fmt.Print(&buf) } - // TODO add flags for timeouts / fail on disconnect c := make(chan string) for { if set(d4p) { go d4Copy(d4p, c) - } else { + } else if d4.retry > 0 { go func() { time.Sleep(d4.retry) infof(fmt.Sprintf("Sleeping for %f seconds before retry.\n", d4.retry.Seconds())) c <- "done waiting" }() + } else { + panic("Unrecoverable error without retry.") } <-c } @@ -274,6 +275,8 @@ func setReaderWriters(d4 *d4S) bool { case "file": f, _ := os.Create("test.txt") (*d4).dst = newD4Writer(f, (*d4).conf.key) + default: + panic(fmt.Sprintf("No suitable destination found, given :%q", (*d4).conf.destination)) } } From 1e06039b853aa55fd3f1212129c94200f2c47358 Mon Sep 17 00:00:00 2001 From: Jean-Louis Huynen Date: Fri, 18 Jan 2019 10:12:52 +0100 Subject: [PATCH 9/9] Add server certificate verification --- d4-goclient.go | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/d4-goclient.go b/d4-goclient.go index 6ee3edd..86f8feb 100644 --- a/d4-goclient.go +++ b/d4-goclient.go @@ -5,10 +5,12 @@ import ( "crypto/hmac" "crypto/sha256" "crypto/tls" + "crypto/x509" "encoding/binary" "flag" "fmt" "io" + "io/ioutil" "log" "net" "os" @@ -56,6 +58,8 @@ type ( ct time.Duration ce bool retry time.Duration + cc bool + ca x509.CertPool d4error uint8 errnoCopy uint8 debug bool @@ -91,6 +95,7 @@ var ( ct = flag.Duration("ct", tmpct, "Set timeout in human format") cka = flag.Duration("cka", tmpcka, "Keep Alive time human format, 0 to disable") retry = flag.Duration("rt", tmpretry, "Time in human format before retry after connection failure, set to 0 to exit on failure") + cc = flag.Bool("cc", false, "Check TLS certificate againt rootCA.crt") ) func main() { @@ -120,6 +125,7 @@ func main() { fmt.Printf("\n") fmt.Printf("-v [TRUE] for verbose output on stdout") fmt.Printf("-ce [TRUE] if destination is set to ip:port, use of tls") + fmt.Printf("-cc [FALSE] if destination is set to ip:port, verification of server's tls certificate againt rootCA.crt") fmt.Printf("-ct [300] if destination is set to ip:port, timeout") fmt.Printf("-cka [3600] if destination is set to ip:port, keepalive") fmt.Printf("-retry [5] if destination is set to ip:port, retry period ") @@ -134,6 +140,7 @@ func main() { d4.confdir = *confdir d4.ce = *ce d4.ct = *ct + d4.cc = *cc d4.cka = *cka d4.retry = *retry @@ -195,7 +202,7 @@ func readConfFile(d4 *d4S, fileName string) []byte { if err := f.Close(); err != nil { log.Fatal(err) } - // removes 1 for \n + // trim \n if present return bytes.TrimSuffix(data[:count], []byte("\n")) } @@ -229,6 +236,15 @@ func d4loadConfig(d4 *d4S) bool { // parse type to uint8 tmp, _ = strconv.ParseUint(string(readConfFile(d4, "type")), 10, 8) (*d4).conf.ttype = uint8(tmp) + // Add the custom CA cert in D4 certpool + if (*d4).cc { + certb, _ := ioutil.ReadFile((*d4).confdir + "rootCA.crt") + (*d4).ca = *x509.NewCertPool() + ok := (*d4).ca.AppendCertsFromPEM(certb) + if !ok { + panic("Failed to parse provided root certificate.") + } + } return true } @@ -255,9 +271,19 @@ func setReaderWriters(d4 *d4S) bool { KeepAlive: (*d4).cka, FallbackDelay: 0, } + tlsc := tls.Config{ + InsecureSkipVerify: true, + } + if (*d4).cc { + tlsc = tls.Config{ + InsecureSkipVerify: false, + RootCAs: &(*d4).ca, + } + } if (*d4).ce == true { - conn, errc := tls.DialWithDialer(&dial, "tcp", dstnet[0]+":"+dstnet[1], &tls.Config{InsecureSkipVerify: true}) + conn, errc := tls.DialWithDialer(&dial, "tcp", dstnet[0]+":"+dstnet[1], &tlsc) if errc != nil { + fmt.Println(errc) return false } (*d4).dst = newD4Writer(conn, (*d4).conf.key)