refactor: simplify TLS configuration by removing unnecessary parameters and ensuring proper usage throughout the codebase

Author: 𝐘𝐨𝐬𝐞𝐛𝐲𝐭𝐞

cmd/nodepass/core.go

@@ -71,7 +71,7 @@ func createCore(parsedURL *url.URL, logger *logs.Logger) (interface{ Run() }, er
 }
 
 func getTLSProtocol(parsedURL *url.URL, logger *logs.Logger) (string, *tls.Config) {
-	tlsConfig, err := internal.NewTLSConfig(version)
+	tlsConfig, err := internal.NewTLSConfig()
 	if err != nil {
 		logger.Error("Generate TLS config failed: %v", err)
 		logger.Warn("TLS code-0: nil cert")

internal/client.go

@@ -2,6 +2,7 @@ package internal
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -224,16 +225,18 @@ func (c *Client) initTunnelPool() error {
 }
 
 func (c *Client) tunnelHandshake() error {
-	scheme := "http"
-	if c.serverPort == "443" {
-		scheme = "https"
-	}
-
-	req, _ := http.NewRequest(http.MethodGet, scheme+"://"+c.tunnelAddr+"/", nil)
+	req, _ := http.NewRequest(http.MethodGet, "https://"+c.tunnelAddr+"/", nil)
 	req.Host = c.serverName
 	req.Header.Set("Authorization", "Bearer "+c.generateAuthToken())
 
-	client := &http.Client{}
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true,
+			},
+		},
+	}
+
 	resp, err := client.Do(req)
 	if err != nil {
 		return fmt.Errorf("tunnelHandshake: %w", err)

internal/common.go

@@ -11,7 +11,6 @@ import (
 	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
-	"crypto/x509/pkix"
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
@@ -245,7 +244,7 @@ func getEnvAsDuration(name string, defaultValue time.Duration) time.Duration {
 	return defaultValue
 }
 
-func NewTLSConfig(name string) (*tls.Config, error) {
+func NewTLSConfig() (*tls.Config, error) {
 	private, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		return nil, err
@@ -258,13 +257,10 @@ func NewTLSConfig(name string) (*tls.Config, error) {
 
 	template := x509.Certificate{
 		SerialNumber: serialNumber,
-		Subject: pkix.Name{
-			Organization: []string{name},
-		},
-		NotBefore:   time.Now(),
-		NotAfter:    time.Now().AddDate(1, 0, 0),
-		KeyUsage:    x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		NotBefore:    time.Now(),
+		NotAfter:     time.Now().AddDate(1, 0, 0),
+		KeyUsage:     x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 	}
 
 	crtBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &private.PublicKey, private)

internal/server.go

@@ -233,15 +233,24 @@ func (s *Server) tunnelHandshake() error {
 		close(done)
 	})
 
-	server := &http.Server{Handler: handler}
-	go server.Serve(s.tunnelListener)
+	tlsConfig := s.tlsConfig
+	if tlsConfig == nil {
+		tlsConfig, _ = NewTLSConfig()
+	}
+
+	server := &http.Server{
+		Handler:   handler,
+		TLSConfig: tlsConfig,
+		ErrorLog:  s.logger.StdLogger(),
+	}
+	go server.ServeTLS(s.tunnelListener, "", "")
 
 	select {
 	case <-done:
 		server.Close()
 		s.clientIP = clientIP
 		if s.tlsCode == "1" {
-			if newTLSConfig, err := NewTLSConfig(""); err == nil {
+			if newTLSConfig, err := NewTLSConfig(); err == nil {
 				newTLSConfig.MinVersion = tls.VersionTLS13
 				s.tlsConfig = newTLSConfig
 				s.logger.Info("TLS code-1: RAM cert regenerated with TLS 1.3")