Upstream sync (#14)

* Set ServerName (SNI) to *hostname. Useful for spoofing our way through restrictive gateways.

* Bump actions/checkout from 2 to 3.1.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3.1.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Added --sni switch to control the ServerName when connecting with TLS. Makes 'domain fronting' possible.

* feat: dependabot workflow automation for updating dependency

Signed-off-by: Pratik Raj <rajpratik71@gmail.com>

* Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.6.0 (jpillora#389)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* UDP buffer size override with CHISEL_UDP_MAX_SIZE environment variable (jpillora#367)

* Add locking around the connection count to fix a data race. (jpillora#342)

Co-authored-by: andres-portainer <andres-portainer@users.noreply.github.com>

* fix: small typo error in main.go (jpillora#334)

* Respond to /health and /version by request path rather than by the whole url string (jpillora#328)

Co-authored-by: bar <foo@example.org>

* Update version.go (jpillora#288)

* Providing chisel's client with a logger level (jpillora#281)

Co-authored-by: Barak Sharoni <barak.sharoni@velocity.tech>
Co-authored-by: barak-sharoni-velocity <81081183+barak-sharoni-velocity@users.noreply.github.com>

* add EnvBool

* Fix jpillora#390: Use code to generate certificates for client & server (jpillora#400)

* docker alpine->google-distroless

* docker to use scratch

* Fix missing NetDialContext: c.config.DialContext (jpillora#398)

* actions: setup go v3

* switch to scratch image

* update dependabot

* move chisel to flyio

* Bump to Go 1.21 (jpillora#440)

Co-authored-by: cmeng <cmenginnz@gmail.com>

* add arm v5 builds (jpillora#395)

* Sync with upstream

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
Co-authored-by: ip-rw <s@ip.rw>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pratik Raj <Rajpratik71@gmail.com>
Co-authored-by: Jaime Pillora <jpillora@gmail.com>
Co-authored-by: fsiegmund <siegmund@slb.com>
Co-authored-by: andres-portainer <91705312+andres-portainer@users.noreply.github.com>
Co-authored-by: andres-portainer <andres-portainer@users.noreply.github.com>
Co-authored-by: 0xflotus <0xflotus@gmail.com>
Co-authored-by: BigSully <BigSully@users.noreply.github.com>
Co-authored-by: bar <foo@example.org>
Co-authored-by: invist <35263248+c-f@users.noreply.github.com>
Co-authored-by: zuzgon <zuzgon@gmail.com>
Co-authored-by: Barak Sharoni <barak.sharoni@velocity.tech>
Co-authored-by: barak-sharoni-velocity <81081183+barak-sharoni-velocity@users.noreply.github.com>
Co-authored-by: Jaime Pillora <dev@jpillora.com>
Co-authored-by: Guillaume SMAHA <GuillaumeSmaha@users.noreply.github.com>
Co-authored-by: cmeng <cmenginnz@gmail.com>
Co-authored-by: maurerr <maurerr@users.noreply.github.com>

Author: 16 people

.github/workflows/ci.yml

@@ -11,7 +11,7 @@ jobs:
     name: Build & Test
     strategy:
       matrix:
-        go-version: [1.19.x, 1.20.x]
+        go-version: [1.21.x]
         platform: [ubuntu-latest, macos-latest, windows-latest]
     runs-on: ${{ matrix.platform }}
     steps:

README.md

@@ -419,8 +419,7 @@ Since WebSockets support is required:
 - `1.6` - Added client stdio support (by @BoleynSu)
 - `1.7` - Added UDP support
 - `1.8` - Move to a `scratch`Docker image
-- `1.9` - Bump to Go 1.21. Switch from `--key` seed to P256 key strings with `--key{gen,file}` (by @cmenginnz)
-- `1.10` - Bump to Go 1.22. Add `.rpm` `.deb` and `.akp` to releases. Fix bad version comparison.
+- `1.9` - Switch from `--key` seed to P256 key strings with `--key{gen,file}` + bump to Go 1.21 (by @cmenginnz)
 
 ## License
 

client/client_test.go

@@ -44,81 +44,56 @@ func TestCustomHeaders(t *testing.T) {
 	c.Close()
 }
 
-// with the update Go to 1.20, these Unit Tests start failing,
-// since this test is related to client side, and the "fingerprint" flag is not available in cloud-connector
-// we can remove/comment these 3 Unit Tests, until fixed in upstream
-
-// func TestFallbackLegacyFingerprint(t *testing.T) {
-// 	config := Config{
-// 		Fingerprint: "a5:32:92:c6:56:7a:9e:61:26:74:1b:81:a6:f5:1b:44",
-// 	}
-// 	c, err := NewClient(&config)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// 	r := ccrypto.NewDetermRand([]byte("test123"))
-// 	priv, err := ecdsa.GenerateKey(elliptic.P256(), r)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// 	pub, err := ssh.NewPublicKey(&priv.PublicKey)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// 	err = c.verifyServer("", nil, pub)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// }
-
-// func TestVerifyLegacyFingerprint(t *testing.T) {
-// 	config := Config{
-// 		Fingerprint: "a5:32:92:c6:56:7a:9e:61:26:74:1b:81:a6:f5:1b:44",
-// 	}
-// 	c, err := NewClient(&config)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// 	r := ccrypto.NewDetermRand([]byte("test123"))
-// 	priv, err := ecdsa.GenerateKey(elliptic.P256(), r)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// 	pub, err := ssh.NewPublicKey(&priv.PublicKey)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// 	err = c.verifyLegacyFingerprint(pub)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// }
+func TestFallbackLegacyFingerprint(t *testing.T) {
+	config := Config{
+		Fingerprint: "a5:32:92:c6:56:7a:9e:61:26:74:1b:81:a6:f5:1b:44",
+	}
+	c, err := NewClient(&config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	r := ccrypto.NewDetermRand([]byte("test123"))
+	priv, err := ccrypto.GenerateKeyGo119(elliptic.P256(), r)
+	if err != nil {
+		t.Fatal(err)
+	}
+	pub, err := ssh.NewPublicKey(&priv.PublicKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = c.verifyServer("", nil, pub)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
 
-// func TestVerifyFingerprint(t *testing.T) {
-// 	config := Config{
-// 		Fingerprint: "qmrRoo8MIqePv3jC8+wv49gU6uaFgD3FASQx9V8KdmY=",
-// 	}
-// 	c, err := NewClient(&config)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// 	r := ccrypto.NewDetermRand([]byte("test123"))
-// 	priv, err := ecdsa.GenerateKey(elliptic.P256(), r)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// 	pub, err := ssh.NewPublicKey(&priv.PublicKey)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// 	err = c.verifyServer("", nil, pub)
-// 	if err != nil {
-// 		t.Fatal(err)
-// 	}
-// }
+func TestVerifyLegacyFingerprint(t *testing.T) {
+	config := Config{
+		Fingerprint: "a5:32:92:c6:56:7a:9e:61:26:74:1b:81:a6:f5:1b:44",
+	}
+	c, err := NewClient(&config)
+	if err != nil {
+		t.Fatal(err)
+	}
+	r := ccrypto.NewDetermRand([]byte("test123"))
+	priv, err := ccrypto.GenerateKeyGo119(elliptic.P256(), r)
+	if err != nil {
+		t.Fatal(err)
+	}
+	pub, err := ssh.NewPublicKey(&priv.PublicKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = c.verifyLegacyFingerprint(pub)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
 
-func TestVerifyEmptyFingerprint(t *testing.T) {
-	config := Config{}
+func TestVerifyFingerprint(t *testing.T) {
+	config := Config{
+		Fingerprint: "qmrRoo8MIqePv3jC8+wv49gU6uaFgD3FASQx9V8KdmY=",
+	}
 	c, err := NewClient(&config)
 	if err != nil {
 		t.Fatal(err)

go.mod

@@ -1,6 +1,6 @@
 module github.com/jpillora/chisel
 
-go 1.20
+go 1.21
 
 require (
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
@@ -9,17 +9,17 @@ require (
 	github.com/jpillora/backoff v1.0.0
 	github.com/jpillora/requestlog v1.0.0
 	github.com/jpillora/sizestr v1.0.0
-	golang.org/x/crypto v0.8.0
-	golang.org/x/net v0.9.0
-	golang.org/x/sync v0.1.0
+	golang.org/x/crypto v0.12.0
+	golang.org/x/net v0.14.0
+	golang.org/x/sync v0.3.0
 )
 
 require (
 	github.com/andrew-d/go-termutil v0.0.0-20150726205930-009166a695a2 // indirect
 	github.com/jpillora/ansi v1.0.3 // indirect
 	github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce // indirect
-	golang.org/x/sys v0.7.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/text v0.12.0 // indirect
 )
 
 replace github.com/jpillora/chisel => ../chisel

go.sum

@@ -16,15 +16,16 @@ github.com/jpillora/sizestr v1.0.0 h1:4tr0FLxs1Mtq3TnsLDV+GYUWG7Q26a6s+tV5Zfw2yg
 github.com/jpillora/sizestr v1.0.0/go.mod h1:bUhLv4ctkknatr6gR42qPxirmd5+ds1u7mzD+MZ33f0=
 github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce h1:fb190+cK2Xz/dvi9Hv8eCYJYvIGUTN2/KLq1pT6CjEc=
 github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4=
-golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
-golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
-golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=

main.go

@@ -240,9 +240,6 @@ func server(args []string) {
 	} else if config.KeySeed == "" {
 		config.KeySeed = settings.Env("KEY")
 	}
-	if config.Auth == "" {
-		config.Auth = os.Getenv("AUTH")
-	}
 	s, err := chserver.NewServer(config)
 	if err != nil {
 		log.Fatal(err)