dialer

package
v3.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 6, 2023 License: GPL-3.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Quad9Provider     = "https://dns11.quad9.net/dns-query"
	Quad9PortProvider = "https://dns11.quad9.net:5053/dns-query"
	GoogleProvider    = "https://dns.google/dns-query"
)
View Source 
const TLSReportURI = "https://reports.protonmail.ch/reports/tls"

TLSReportURI is the address where TLS reports should be sent.

Variables

View Source 
var DoHProviders = []string{
	Quad9Provider,
	Quad9PortProvider,
	GoogleProvider,
}
View Source 
var ErrNoConnection = errors.New("no connection")
View Source 
var ErrTLSMismatch = errors.New("no TLS fingerprint match found")

ErrTLSMismatch indicates that no TLS fingerprint match could be found.

View Source 
var TrustedAPIPins = []string{

	`pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="`,
	`pin-sha256="YRGlaY0jyJ4Jw2/4M8FIftwbDIQfh8Sdro96CeEel54="`,
	`pin-sha256="AfMENBVvOS8MnISprtvyPsjKlPooqh8nMB/pvCrpJpw="`,

	`pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="`,
	`pin-sha256="JMI8yrbc6jB1FYGyyWRLFTmDNgIszrNEMGlgy972e7w="`,
	`pin-sha256="Iu44zU84EOCZ9vx/vz67/MRVrxF1IO4i4NIa8ETwiIY="`,

	`pin-sha256="CT56BhOTmj5ZIPgb/xD5mH8rY3BLo/MlhP7oPyJUEDo="`,
	`pin-sha256="35Dx28/uzN3LeltkCBQ8RHK0tlNSa2kCpCRGNp34Gxc="`,
	`pin-sha256="qYIukVc63DEITct8sFT7ebIq5qsWmuscaIKeJx+5J5A="`,

	`pin-sha256="EU6TS9MO0L/GsDHvVc9D5fChYLNy5JdGYpJw0ccgetM="`,
	`pin-sha256="iKPIHPnDNqdkvOnTClQ8zQAIKG0XavaPkcEo0LBAABA="`,
	`pin-sha256="MSlVrBCdL0hKyczvgYVSRNm88RicyY04Q2y5qrBt0xA="`,
	`pin-sha256="C2UxW0T1Ckl9s+8cXfjXxlEqwAfPM4HiW2y3UdtBeCw="`,
}

TrustedAPIPins contains trusted public keys of the protonmail API and proxies. NOTE: the proxy pins are the same for all proxy servers, guaranteed by infra team ;).

Functions

func CreateTransportWithDialer 

func CreateTransportWithDialer(dialer TLSDialer) *http.Transport

CreateTransportWithDialer creates an http.Transport that uses the given dialer to make TLS connections.

Types

type BasicTLSDialer 

type BasicTLSDialer struct {
	// contains filtered or unexported fields
}

BasicTLSDialer implements TLSDialer.

func NewBasicTLSDialer 

func NewBasicTLSDialer(hostURL string) *BasicTLSDialer

NewBasicTLSDialer returns a new BasicTLSDialer.

func (*BasicTLSDialer) DialTLSContext 

func (d *BasicTLSDialer) DialTLSContext(ctx context.Context, network, address string) (conn net.Conn, err error)

DialTLSContext returns a connection to the given address using the given network.

type PinChecker 

type PinChecker interface {
	CheckCertificate(conn net.Conn) error
}

PinChecker is used to check TLS keys of connections.

type PinningTLSDialer 

type PinningTLSDialer struct {
	// contains filtered or unexported fields
}

PinningTLSDialer wraps a TLSDialer to check fingerprints after connecting and to report errors if the fingerprint check fails.

func NewPinningTLSDialer 

func NewPinningTLSDialer(dialer TLSDialer, reporter Reporter, pinChecker PinChecker) *PinningTLSDialer

NewPinningTLSDialer constructs a new dialer which only returns TCP connections to servers which present known certificates. It checks pins using the given pinChecker and reports issues using the given reporter.

func (*PinningTLSDialer) DialTLSContext 

func (p *PinningTLSDialer) DialTLSContext(ctx context.Context, network, address string) (net.Conn, error)

DialTLSContext dials the given network/address, returning an error if the certificates don't match the trusted pins.

func (*PinningTLSDialer) GetTLSIssueCh 

func (p *PinningTLSDialer) GetTLSIssueCh() <-chan struct{}

GetTLSIssueCh returns a channel which notifies when a TLS issue is reported.

type ProxyTLSDialer 

type ProxyTLSDialer struct {
	// contains filtered or unexported fields
}

ProxyTLSDialer wraps a TLSDialer to switch to a proxy if the initial dial fails.

func NewProxyTLSDialer 

func NewProxyTLSDialer(dialer TLSDialer, hostURL string, panicHandler async.PanicHandler) *ProxyTLSDialer

NewProxyTLSDialer constructs a dialer which provides a proxy-managing layer on top of an underlying dialer.

func (*ProxyTLSDialer) AllowProxy 

func (d *ProxyTLSDialer) AllowProxy()

AllowProxy allows the dialer to switch to a proxy if need be.

func (*ProxyTLSDialer) DialTLSContext 

func (d *ProxyTLSDialer) DialTLSContext(ctx context.Context, network, address string) (net.Conn, error)

DialTLSContext dials the given network/address. If it fails, it retries using a proxy.

func (*ProxyTLSDialer) DisallowProxy 

func (d *ProxyTLSDialer) DisallowProxy()

DisallowProxy prevents the dialer from switching to a proxy if need be.

type Reporter 

type Reporter interface {
	ReportCertIssue(reportURI, host, port string, state tls.ConnectionState)
}

Reporter is used to report TLS issues.

type TLSDialer 

type TLSDialer interface {
	DialTLSContext(ctx context.Context, network, address string) (conn net.Conn, err error)
}

type TLSPinChecker 

type TLSPinChecker struct {
	// contains filtered or unexported fields
}

func NewTLSPinChecker 

func NewTLSPinChecker(trustedPins []string) *TLSPinChecker

func (*TLSPinChecker) CheckCertificate 

func (p *TLSPinChecker) CheckCertificate(conn net.Conn) error

CheckCertificate returns whether the connection presents a known TLS certificate.

type TLSReporter 

type TLSReporter struct {
	// contains filtered or unexported fields
}

func NewTLSReporter 

func NewTLSReporter(hostURL, appVersion string, userAgent *useragent.UserAgent, trustedPins []string) *TLSReporter

func (*TLSReporter) ReportCertIssue 

func (r *TLSReporter) ReportCertIssue(remoteURI, host, port string, connState tls.ConnectionState)

ReportCertIssue reports a TLS key mismatch.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.