From 9766e0f10f3f19ce8343a3573b6de7ebeb7cfe95 Mon Sep 17 00:00:00 2001
From: rebecca <ubq323@ubq323.website>
Date: Tue, 10 Feb 2026 21:59:42 +0000
Subject: use tls for connections

introduced are the --key and --cert options for the server
and the --no-verify-cert option on the client
---
 server/main.go | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'server/main.go')

diff --git a/server/main.go b/server/main.go
index 948de08..da8fd91 100644
--- a/server/main.go
+++ b/server/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"citrons.xyz/talk/server/server"
+	"crypto/tls"
 	"flag"
 	"log"
 	bolt "go.etcd.io/bbolt"
@@ -10,6 +11,8 @@ import (
 func main() {
 	dbFile := flag.String("db", "./talk.db", "database file location")
 	address := flag.String("listen", ":27508", "address to listen on")
+	certFile := flag.String("cert", "./talk.crt", "tls server certificate (pem)")
+	keyFile := flag.String("key", "./talk.key", "tls private key (pem)")
 	flag.Parse()
 
 	db, err := bolt.Open(*dbFile, 0600, nil)
@@ -18,5 +21,19 @@ func main() {
 	}
 	defer db.Close()
 
-	server.Serve(db, *address)
+	cert, err := tls.LoadX509KeyPair(*certFile, *keyFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+	config := &tls.Config {
+		Certificates: []tls.Certificate{ cert },
+	}
+	ln, err := tls.Listen("tcp", *address, config)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer ln.Close()
+
+	log.Print("talk is listening upon ",*address)
+	server.Serve(db, ln)
 }
-- 
cgit v1.2.3