[0.4.1] expose cacerts to tunnel

client/.gitignore

@@ -1,4 +1,4 @@
-resources/meektunnels.txt
+firefly
 Firefly.app
 firefly_darwin_amd64
 firefly_linux_amd64

client/main.go

@@ -154,14 +154,14 @@ func (c *fireflyClient) loadUpdateKey() (*rsa.PublicKey, error) {
 	return pubkey.(*rsa.PublicKey), nil
 }
 
-func (c *fireflyClient) loadUpdateCaCerts() *x509.CertPool {
+func (c *fireflyClient) loadCaCerts() *x509.CertPool {
 	var certs []byte
 	var err error
 	path := c.options.updateCaCerts
 	if path != "" {
 		certs, err = ioutil.ReadFile(path)
 	} else {
-		certs, err = c.fs.Get("keys/updateca.pem")
+		certs, err = c.fs.Get("keys/cacerts.pem")
 	}
 	if err != nil {
 		return nil
@@ -244,7 +244,7 @@ func (c *fireflyClient) startUpdater() {
 	proxyURL, _ := url.Parse("http://" + c.httpListener.Addr().String())
 	privKey, e := c.loadUpdateKey()
 	if e == nil {
-		caCerts := c.loadUpdateCaCerts()
+		caCerts := c.loadCaCerts()
 		c.updater = newUpdater(FIREFLY_VERSION, 2*time.Hour, privKey, caCerts, c.options.updateURL, proxyURL)
 		go c.updater.run()
 	}
@@ -472,6 +472,7 @@ func (c *fireflyClient) _main() {
 		os.Exit(1)
 	}
 	handler := &tunnelHandler{
+		caCerts: c.loadCaCerts(),
 		appData: c.appData,
 		ch:      make(chan *tunnelRequest),
 		quit:    make(chan bool),

client/resources/keys/updateca.pem → client/resources/keys/cacerts.pem

@@ -1,4 +1,34 @@
 -----BEGIN CERTIFICATE-----
+MIIFKjCCBBKgAwIBAgIQJYla65BEyOYXYEoVLPiPpjANBgkqhkiG9w0BAQUFADBv
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
+ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
+eHRlcm5hbCBDQSBSb290MB4XDTE0MDkyNTAwMDAwMFoXDTI5MDkyNDIzNTk1OVow
+gY4xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTQwMgYD
+VQQDEytDT01PRE8gRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQSAy
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh31AajrKG6I0R3CRaGy/
+JDAl1xhErYyt3odIYDRtNXY6r0oIUqVfZu4trlbNyOeNO/SYytNeI5JN90bEP2Nw
+RXYdcDGtMWHjUIpu/lInJSW0K6MYxDCVVXgl5sd5NRnyKsEDNzK33wXA2v6aZM2W
+MgSwwK9vJs2z4FCuP03e7/k2sURapbpcQMP0IIgIH7wWB3kYS7Nn0DY2X+0tHT3w
+JU3Q9JK6L7bHejDluQq/p3zqsUBaSb1Z+b+H7O5XgwDQ70snohIAuw6l5r4V743E
+K6ZJIuj9pLpTpaNpTjtPJ+PAhj/Aa9o6UB161TCFTDXbG29mvgo2hBu8mcAo/jRk
+tQIDAQABo4IBoDCCAZwwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBow
+HQYDVR0OBBYEFGx3kOtsaJn2rmFG1WmlVeCFcjBLMA4GA1UdDwEB/wQEAwIBhjAS
+BgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQIBMEQGA1UdHwQ9MDswOaA3oDWG
+M2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290
+LmNybDCBswYIKwYBBQUHAQEEgaYwgaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQu
+dXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEF
+BQcwAoYtaHR0cDovL2NydC51c2VydHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0Eu
+Y3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC5jb21vZG9jYTQuY29tMA0GCSqG
+SIb3DQEBBQUAA4IBAQA/kHteQlmgUT7Ww4gZo2aKZ/AuimGKE0GpxaWvYaz5lXpf
+gDU38oG1rc68TR2pZpKqm3QxWMsUc+pT7Cq6uabVeGAAPargT9WQkLa8QITIFMRA
+jCIWVjApYSZYZE9PUP2U8gXSFKYzXQrB3iLq9xAcskrbOkzbUV9LZAy1VkvZlyvZ
+Dvo3/McvbgBaxBCJBN8ctkePoOOfaW6CIve9FF6R3723fEZPknq/GOTR406iSF/D
+blzEooHFaIm5wJrVYOpL303cax5Vu9QiYMTKi5WnzSVY6L2F651Jq3AIkw1s0zYS
+LAK2t+wwyOBp+63Z746hdn2LheojjN95w/8+G88V
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
 MIIDnzCCAyWgAwIBAgIQWyXOaQfEJlVm0zkMmalUrTAKBggqhkjOPQQDAzCBhTEL
 MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
 BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT

client/resources/meektunnels.txt

@@ -0,0 +1,2 @@
+# format:  front_url,real_host
+https://a0.awsstatic.com,d288jep9bb0hx9.cloudfront.net

client/tunnel.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/x509"
 	"encoding/json"
 	"log"
 	"math/rand"
@@ -24,6 +25,7 @@ type tunnelPeer interface {
 }
 
 type tunnelHandler struct {
+	caCerts *x509.CertPool
 	appData *utils.AppData
 
 	quit chan bool