use tls for connections

introduced are the --key and --cert options for the server and the --no-verify-cert option on the client
author: rebecca <ubq323@ubq323.website> 2026-02-10 21:59:42 +0000
committer: rebecca <ubq323@ubq323.website> 2026-02-10 22:02:06 +0000
commit: 9766e0f10f3f19ce8343a3573b6de7ebeb7cfe95 (patch)
tree: 0a06d713247f762f139ef4c7f5100c1a9d01876b /server/main.go
parent: d3835e6bbb5633b4fc2b2439978defa1d91dece6 (diff)
1 files changed, 18 insertions, 1 deletions
diff --git a/server/main.go b/server/main.go
index 948de08..da8fd91 100644
--- a/server/main.go
+++ b/server/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"citrons.xyz/talk/server/server"
+	"crypto/tls"
 	"flag"
 	"log"
 	bolt "go.etcd.io/bbolt"
@@ -10,6 +11,8 @@ import (
 func main() {
 	dbFile := flag.String("db", "./talk.db", "database file location")
 	address := flag.String("listen", ":27508", "address to listen on")
+	certFile := flag.String("cert", "./talk.crt", "tls server certificate (pem)")
+	keyFile := flag.String("key", "./talk.key", "tls private key (pem)")
 	flag.Parse()
 
 	db, err := bolt.Open(*dbFile, 0600, nil)
@@ -18,5 +21,19 @@ func main() {
 	}
 	defer db.Close()
 
-	server.Serve(db, *address)
+	cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+	config := &tls.Config {
+		Certificates: []tls.Certificate{ cert },
+	}
+	ln, err := tls.Listen("tcp", *address, config)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer ln.Close()
+
+	log.Print("talk is listening upon ",*address)
+	server.Serve(db, ln)
 }
author	rebecca <ubq323@ubq323.website>	2026-02-10 21:59:42 +0000
committer	rebecca <ubq323@ubq323.website>	2026-02-10 22:02:06 +0000
commit	9766e0f10f3f19ce8343a3573b6de7ebeb7cfe95 (patch)
tree	0a06d713247f762f139ef4c7f5100c1a9d01876b /server/main.go
parent	d3835e6bbb5633b4fc2b2439978defa1d91dece6 (diff)