use tls for connections

introduced are the --key and --cert options for the server
and the --no-verify-cert option on the client

6 files changed, 34 insertions, 13 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..cd7de26
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+talk.crt
+talk.key
+talk.db
diff --git a/client/application.go b/client/application.go
index ad5f2c6..0debedd 100644
--- a/client/application.go
+++ b/client/application.go
@@ -27,9 +27,9 @@ type application struct {
 	activePaste <-chan string
 }
 
-func newApplication(serverAddress string) *application {
+func newApplication(serverAddress string, insecure bool) *application {
 	var app application
-	app.Client = client.New(serverAddress)
+	app.Client = client.New(serverAddress, insecure)
 	app.cache = object.NewCache(&app)
 	app.windowCache = window.NewCache()
 	app.goTo(app.cmdWindow.Location())
diff --git a/client/client/client.go b/client/client/client.go
index 0f0fb03..f22abc6 100644
--- a/client/client/client.go
+++ b/client/client/client.go
@@ -3,6 +3,7 @@ package client
 import (
 	"citrons.xyz/talk/proto"
 	"net"
+	"crypto/tls"
 	"time"
 	"bufio"
 	"math/rand"
@@ -26,6 +27,7 @@ type Message struct {
 
 type Client struct {
 	Address string
+	insecure bool
 	stop chan struct{}
 	message chan Message
 	send chan proto.Line
@@ -35,9 +37,10 @@ type Client struct {
 	reconnectWait time.Duration
 }
 
-func New(address string) Client {
+func New(address string, insecure bool) Client {
 	return Client {
 		Address: address,
+		insecure: insecure,
 		stop: make(chan struct{}),
 		message: make(chan Message, 1),
 		activeRequests: make(map[string]func(proto.Command)),
@@ -48,7 +51,10 @@ func New(address string) Client {
 func (c *Client) RunClient() {
 	c.reconnectWait = time.Second / 4
 	for {
-		conn, err := net.DialTimeout("tcp", c.Address, 30 * time.Second)
+		dialer := &net.Dialer { Timeout: 30 * time.Second }
+		config := &tls.Config { InsecureSkipVerify: c.insecure }
+		conn, err := tls.DialWithDialer(dialer, "tcp", c.Address, config)
+
 		if err != nil {
 			c.message <- Message {func(mh MessageHandler) {
 				mh.OnDisconnect(err)
diff --git a/client/main.go b/client/main.go
index e4a9f6b..dc3070c 100644
--- a/client/main.go
+++ b/client/main.go
@@ -12,6 +12,7 @@ import (
 var globalApp *application
 
 func main() {
+	insecure := flag.Bool("no-verify-cert", false, "don't verify tls certificate (INSECURE, for testing only!)")
 	flag.Parse()
 	address := flag.Arg(0)
 	if address == "" {
@@ -30,7 +31,7 @@ func main() {
 		fmt.Println("bye!")
 	}()
 
-	globalApp = newApplication(address)
+	globalApp = newApplication(address, *insecure)
 	go globalApp.RunClient()
 	defer globalApp.Stop()
 
diff --git a/server/main.go b/server/main.go
index 948de08..da8fd91 100644
--- a/server/main.go
+++ b/server/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"citrons.xyz/talk/server/server"
+	"crypto/tls"
 	"flag"
 	"log"
 	bolt "go.etcd.io/bbolt"
@@ -10,6 +11,8 @@ import (
 func main() {
 	dbFile := flag.String("db", "./talk.db", "database file location")
 	address := flag.String("listen", ":27508", "address to listen on")
+	certFile := flag.String("cert", "./talk.crt", "tls server certificate (pem)")
+	keyFile := flag.String("key", "./talk.key", "tls private key (pem)")
 	flag.Parse()
 
 	db, err := bolt.Open(*dbFile, 0600, nil)
@@ -18,5 +21,19 @@ func main() {
 	}
 	defer db.Close()
 
-	server.Serve(db, *address)
+	cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+	config := &tls.Config {
+		Certificates: []tls.Certificate{ cert },
+	}
+	ln, err := tls.Listen("tcp", *address, config)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer ln.Close()
+
+	log.Print("talk is listening upon ",*address)
+	server.Serve(db, ln)
 }
diff --git a/server/server/server.go b/server/server/server.go
index babc7e7..acd390d 100644
--- a/server/server/server.go
+++ b/server/server/server.go
@@ -65,13 +65,7 @@ func (s *server) Data() proto.Object {
 	return proto.Object {}
 }
 
-func Serve(db *bolt.DB, address string) {
-	ln, err := net.Listen("tcp", address)
-	if err != nil {
-		log.Fatal("Listen: ", err)
-	}
-	defer ln.Close()
-
+func Serve(db *bolt.DB, ln net.Listener) {
 	var srv server
 	srv.requests = make(chan session.Request)
 	srv.clients = make(chan *session.Session)