TLSify: TLS validation settings (#69)

apple · Jul 28, 2021 · 61a502f · 61a502f
1 parent 5aea3d5
commit 61a502f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/TLSify/Package.swift b/TLSify/Package.swift
@@ -6,12 +6,11 @@ import PackageDescription
 let package = Package(
     name: "TLSify",
     products: [
-        // Products define the executables and libraries produced by a package, and make them visible to other packages.
-        .library(name: "TLSify", targets: ["TLSify"]),
+        .executable(name: "TLSify", targets: ["TLSify"])
     ],
     dependencies: [
         .package(url: "https://github.com/apple/swift-nio.git", from: "2.17.0"),
-        .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.5.0"),
+        .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.14.0"),
         .package(url: "https://github.com/apple/swift-argument-parser.git", .exact("0.0.6")),
         .package(url: "https://github.com/apple/swift-log.git", from: "1.0.0"),
     ],

diff --git a/TLSify/Sources/TLSify/main.swift b/TLSify/Sources/TLSify/main.swift
@@ -22,8 +22,6 @@ import TLSifyLib
 var rootLogger = Logger(label: "TLSify")
 rootLogger.logLevel = .debug
 
-let sslContext = try NIOSSLContext(configuration: TLSConfiguration.forClient())
-
 struct TLSifyCommand: ParsableCommand {
     @Option(name: .shortAndLong, default: "localhost", help: "The host to listen to.")
     var listenHost: String
@@ -37,7 +35,20 @@ struct TLSifyCommand: ParsableCommand {
     @Argument(help: "The port to connect to.")
     var connectPort: Int
 
+    @Option(name: .long, default: "full", help: "TLS certificate verfication: full (default)/no-hostname/none.")
+    var tlsCertificateValidation: String
+
     func run() throws {
+        var tlsConfig = TLSConfiguration.makeClientConfiguration()
+        switch self.tlsCertificateValidation {
+        case "none":
+            tlsConfig.certificateVerification = .none
+        case "no-hostname":
+            tlsConfig.certificateVerification = .noHostnameVerification
+        default:
+            tlsConfig.certificateVerification = .fullVerification
+        }
+        let sslContext = try NIOSSLContext(configuration: tlsConfig)
         MultiThreadedEventLoopGroup.withCurrentThreadAsEventLoop { el in
             ServerBootstrap(group: el)
                 .serverChannelOption(ChannelOptions.socketOption(.so_reuseaddr), value: 1)
@@ -59,7 +70,6 @@ struct TLSifyCommand: ParsableCommand {
                     }
                 }
             }
-
         }
     }
 }