feat: add --alpn <proto-list> (for h2, ssh, etc)

chore: fix typo in --servername help
chore: update goreleaser builds
2024-11-16 17:09:00 +00:00 · 2023-10-27 19:19:00 -06:00 · 2023-10-27 15:14:30 -06:00 · 2023-10-27 14:38:41 -06:00 · 2021-06-21 23:30:56 -06:00 · 2021-06-21 23:28:41 -06:00
5 changed files with 92 additions and 25 deletions
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@ -3,25 +3,34 @@ before:
    - go mod download
    - go generate ./...
 builds:
-  - main: ./cmd/sclient/main.go
+  - main: ./cmd/sclient/
    env:
      - CGO_ENABLED=0
    goos:
-      - linux
-      - windows
      - darwin
+      - linux
+      - freebsd
+      - windows
+      - js
    goarch:
-      - 386
      - amd64
      - arm
      - arm64
+      - wasm
    goarm:
-      - 6
      - 7
+    goamd64:
+      - v2
+    ignore:
+      - goos: windows
+        goarch: 386
+      - goos: windows
+        goarm: 6
+      - goos: windows
+        goarm: 7
 archives:
-  - replacements:
-      386: i386
-      amd64: x86_64
+  - id: sclient-binary
+    format: tar.xz
    format_overrides:
      - goos: windows
        format: zip
--- a/.prettierrc.json
+++ b/.prettierrc.json
@ -0,0 +1,8 @@
+{
+  "printWidth": 80,
+  "tabWidth": 2,
+  "singleQuote": false,
+  "bracketSpacing": true,
+  "proseWrap": "always",
+  "semi": true
+}
--- a/README.md
+++ b/README.md
@ -1,6 +1,7 @@
 # sclient

-Secure Client for exposing TLS (aka SSL) secured services as plain-text connections locally.
+Secure Client for exposing TLS (aka SSL) secured services as plain-text
+connections locally.

 Also ideal for multiplexing a single port with multiple protocols using SNI.

@ -30,7 +31,8 @@ cURL
 curl http://localhost:3000 -H 'Host: whatever.com'
 ```

-A poor man's (or Windows user's) makeshift replacement for `openssl s_client`, `stunnel`, or `socat`.
+A poor man's (or Windows user's) makeshift replacement for `openssl s_client`,
+`stunnel`, or `socat`.

 # Table of Contents

@ -53,9 +55,11 @@ curl.exe -A MS https://webinstall.dev/sclient | powershell

 ### Downloads

-Check the [Github Releases](https://github.com/therootcompany/sclient/releases) for
+Check the [Github Releases](https://github.com/therootcompany/sclient/releases)
+for

- macOS (x64) Apple Silicon [coming soon](https://github.com/golang/go/issues/39782)
+- macOS (x64) Apple Silicon
+  [coming soon](https://github.com/golang/go/issues/39782)
 - Linux (x64, i386, arm64, arm6, arm7)
 - Windows 10 (x64, i386)

@ -66,8 +70,11 @@ sclient [flags] <remote> <local>
 ```

 - flags
-  - -k, --insecure ignore invalid TLS (SSL/HTTPS) certificates
-  - --servername <string> spoof SNI (to disable use IP as &lt;remote&gt; and do not use this option)
+  - `-s`, `--silent` less verbose logging
+  - `-k`, `--insecure` ignore invalid TLS (SSL/HTTPS) certificates
+  - `--servername <domain>` spoof SNI (to disable use IP as &lt;remote&gt; and do
+    not use this option)
+  - `--alpn <protocol-list>`
 - remote
  - must have servername (i.e. example.com)
  - port is optional (default is 443)
@ -75,6 +82,17 @@ sclient [flags] <remote> <local>
  - address is optional (default is localhost)
  - must have port (i.e. 3000)

+  -alpn string
+    	acceptable protocols, ex: 'h2,http/1.1' 'http/1.1' (default) 'ssh' (default "http/1.1")
+  -insecure
+    	ignore bad TLS/SSL/HTTPS certificates
+  -k	alias for --insecure
+  -s	alias of --silent
+  -servername string
+    	specify a servername different from <remote> (to disable SNI use an IP as <remote> and do use this option)
+  -silent
+    	less verbose output
+
 # Examples

 Bridge between `telebit.cloud` and local port `3000`.
@ -121,10 +139,14 @@ sclient --servername "Robert'); DROP TABLE Students;" -k example.com localhost:3
 sclient --servername "../../../.hidden/private.txt" -k example.com localhost:3000
 ```

+# API
+
+See [Go Docs](https://pkg.go.dev/github.com/therootcompany/sclient).
+
 # Build from source

-You'll need to install [Go](https://golang.org).
-See [webinstall.dev/golang](https://webinstall.dev/golang) for install instructions.
+You'll need to install [Go](https://golang.org). See
+[webinstall.dev/golang](https://webinstall.dev/golang) for install instructions.

 ```bash
 curl -sS https://webinstall.dev/golang | bash
--- a/cmd/sclient/main.go
+++ b/cmd/sclient/main.go
@ -40,20 +40,30 @@ func usage() {

 func main() {
 	if len(os.Args) >= 2 {
-		if "version" == strings.TrimLeft(os.Args[1], "-") {
+		if os.Args[1] == "-V" || strings.TrimLeft(os.Args[1], "-") == "version" {
 			fmt.Printf("%s\n", ver())
 			os.Exit(0)
 			return
 		}
 	}

+	var alpnList string
+	var insecure bool
+	var servername string
+	var silent bool
+
 	flag.Usage = usage
-	insecure := flag.Bool("k", false, "alias for --insecure")
-	silent := flag.Bool("s", false, "alias of --silent")
-	servername := flag.String("servername", "", "specify a servername different from <remote> (to disable SNI use an IP as <remote> and do use this option)")
-	flag.BoolVar(insecure, "insecure", false, "ignore bad TLS/SSL/HTTPS certificates")
-	flag.BoolVar(silent, "silent", false, "less verbose output")
+
+	flag.StringVar(&alpnList, "alpn", "", "acceptable protocols, ex: 'h2,http/1.1' 'http/1.1' 'ssh'")
+	flag.BoolVar(&insecure, "k", false, "alias for --insecure")
+	flag.BoolVar(&silent, "s", false, "alias of --silent")
+	flag.StringVar(&servername, "servername", "", "specify a servername different from <remote> (to disable SNI use an IP as <remote> and do not use this option)")
+	flag.BoolVar(&insecure, "insecure", false, "ignore bad TLS/SSL/HTTPS certificates")
+	flag.BoolVar(&silent, "silent", false, "less verbose output")
+
 	flag.Parse()
+
+	alpns := parseOptionList(alpnList)
 	remotestr := flag.Arg(0)
 	localstr := flag.Arg(1)

@ -71,9 +81,10 @@ func main() {
 	sclient := &sclient.Tunnel{
 		RemotePort:         443,
 		LocalAddress:       "localhost",
-		InsecureSkipVerify: *insecure,
-		ServerName:         *servername,
-		Silent:             *silent,
+		InsecureSkipVerify: insecure,
+		ServerName:         servername,
+		Silent:             silent,
+		NextProtos:         alpns,
 	}

 	remote := strings.Split(remotestr, ":")
@ -124,3 +135,18 @@ func main() {
 		//os.Exit(6)
 	}
 }
+
+// parsers "a,b,c" "a b c" and "a, b, c" all the same
+func parseOptionList(optionList string) []string {
+	optionList = strings.TrimSpace(optionList)
+
+	if len(optionList) == 0 {
+		return nil
+	}
+
+	options := []string{}
+	optionList = strings.ReplaceAll(optionList, ",", " ")
+	options = strings.Fields(optionList)
+
+	return options
+}
--- a/sclient.go
+++ b/sclient.go
@ -17,6 +17,7 @@ type Tunnel struct {
 	LocalAddress       string
 	LocalPort          int
 	InsecureSkipVerify bool
+	NextProtos         []string
 	ServerName         string
 	Silent             bool
 }
@ -29,6 +30,7 @@ func (t *Tunnel) DialAndListen() error {
 		&tls.Config{
 			ServerName:         t.ServerName,
 			InsecureSkipVerify: t.InsecureSkipVerify,
+			NextProtos:         t.NextProtos,
 		})

 	if err != nil {
Author	SHA1	Message	Date
AJ ONeal	bc4aeb3124	feat: add --alpn <proto-list> (for h2, ssh, etc)	2023-10-27 19:19:00 -06:00
AJ ONeal	8783d46849	chore: fix typo in --servername help	2023-10-27 15:14:30 -06:00
AJ ONeal	b27b32700c	chore: update goreleaser builds	2023-10-27 14:38:41 -06:00
AJ ONeal	aac3959dc7	add link to Go Docs	2021-06-21 23:30:56 -06:00
AJ ONeal	acaa3d3537	make Prettier, document --silent	2021-06-21 23:28:41 -06:00