Implement HTTPS requests from client to upstreams

Can now put "https://" in front of Client Address to force it to use TLS. It doesn't do any verification of the upstream cert. This is intended to work similarly to the way ngrok does it: https://ngrok.com/docs#http-local-https
2025-02-25 18:55:29 -06:00 · 2020-11-22 13:49:48 -07:00 · 2020-11-22 13:49:48 -07:00 · 58e38d7f19
commit 58e38d7f19
parent 4b4dc94222
1 changed files with 31 additions and 3 deletions
--- a/client.go
+++ b/client.go
@ -2,6 +2,7 @@ package main

 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"flag"
@ -13,6 +14,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"strings"
 	"sync"
 	"time"
 )
@ -240,15 +242,35 @@ func (c *BoringProxyClient) BoreTunnel(tunnel Tunnel) context.CancelFunc {
 	return cancelFunc
 }

-func (c *BoringProxyClient) handleConnection(conn net.Conn, addr string, port int) {
+func (c *BoringProxyClient) handleConnection(conn net.Conn, upstreamAddr string, port int) {

 	defer conn.Close()

-	upstreamConn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", addr, port))
+	useTls := false
+	addr := upstreamAddr
+
+	if strings.HasPrefix(upstreamAddr, "https://") {
+		addr = upstreamAddr[len("https://"):]
+		useTls = true
+	}
+
+	var upstreamConn net.Conn
+	var err error
+
+	if useTls {
+		tlsConfig := &tls.Config{
+			InsecureSkipVerify: true,
+		}
+		upstreamConn, err = tls.Dial("tcp", fmt.Sprintf("%s:%d", addr, port), tlsConfig)
+	} else {
+		upstreamConn, err = net.Dial("tcp", fmt.Sprintf("%s:%d", addr, port))
+	}
+
 	if err != nil {
 		log.Print(err)
 		return
 	}
+
 	defer upstreamConn.Close()

 	var wg sync.WaitGroup
@ -260,7 +282,13 @@ func (c *BoringProxyClient) handleConnection(conn net.Conn, addr string, port in
 		if err != nil {
 			log.Println(err.Error())
 		}
-		upstreamConn.(*net.TCPConn).CloseWrite()
+
+		if c, ok := upstreamConn.(*net.TCPConn); ok {
+			c.CloseWrite()
+		} else if c, ok := upstreamConn.(*tls.Conn); ok {
+			c.CloseWrite()
+		}
+
 		wg.Done()
 	}()