支持非tls加密连接

CHANGELOG.md

@@ -83,4 +83,8 @@
 1. vnc支持\键
 2. 全面迁移到[https://github.com/lwch/rdesktop](https://github.com/lwch/rdesktop)，并去除robotgo库的依赖
 3. linux下统一到同一个可执行文件，并支持systemd方式启动
-4. 简化部署流程
+4. 简化部署流程
+
+# v0.8.0
+
+1. 支持非tls加密连接

code/client/global/conf.go

@@ -30,6 +30,7 @@ type Rule struct {
 type Configure struct {
 	ID               string
 	Server           string
+	UseSSL           bool
 	Enc              [md5.Size]byte
 	Links            int
 	LogDir           string
@@ -49,6 +50,7 @@ func LoadConf(dir string) *Configure {
 		ID     string `yaml:"id"`
 		Server string `yaml:"server"`
 		Secret string `yaml:"secret"`
+		SSL    bool   `yaml:"ssl"`
 		Link   struct {
 			Connections  int           `yaml:"connections"`
 			ReadTimeout  time.Duration `yaml:"read_timeout"`
@@ -92,6 +94,7 @@ func LoadConf(dir string) *Configure {
 	return &Configure{
 		ID:               cfg.ID,
 		Server:           cfg.Server,
+		UseSSL:           cfg.SSL,
 		Enc:              md5.Sum([]byte(cfg.Secret)),
 		Links:            cfg.Link.Connections,
 		ReadTimeout:      cfg.Link.ReadTimeout,

code/client/pool/pool.go

@@ -4,6 +4,7 @@ import (
 	"crypto/tls"
 	"natpass/code/client/global"
 	"natpass/code/network"
+	"net"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -78,7 +79,13 @@ func (p *Pool) connect(idx uint32) *network.Conn {
 			logging.Error("connect error: %v", err)
 		}
 	}()
-	conn, err := tls.Dial("tcp", p.cfg.Server, nil)
+	var conn net.Conn
+	var err error
+	if p.cfg.UseSSL {
+		conn, err = tls.Dial("tcp", p.cfg.Server, nil)
+	} else {
+		conn, err = net.Dial("tcp", p.cfg.Server)
+	}
 	runtime.Assert(err)
 	c := network.NewConn(conn)
 	err = p.writeHandshake(c, p.cfg, idx)

code/server/main.go

@@ -45,13 +45,20 @@ func (a *app) run() {
 	logging.SetSizeRotate(a.cfg.LogDir, "np-svr", int(a.cfg.LogSize.Bytes()), a.cfg.LogRotate, true)
 	defer logging.Flush()
 
-	cert, err := tls.LoadX509KeyPair(a.cfg.TLSCrt, a.cfg.TLSKey)
-	runtime.Assert(err)
-	l, err := tls.Listen("tcp", fmt.Sprintf(":%d", a.cfg.Listen), &tls.Config{
-		Certificates: []tls.Certificate{cert},
-	})
-	runtime.Assert(err)
-	logging.Info("listen on %d", a.cfg.Listen)
+	var l net.Listener
+	if len(a.cfg.TLSCrt) > 0 && len(a.cfg.TLSKey) > 0 {
+		cert, err := tls.LoadX509KeyPair(a.cfg.TLSCrt, a.cfg.TLSKey)
+		runtime.Assert(err)
+		l, err = tls.Listen("tcp", fmt.Sprintf(":%d", a.cfg.Listen), &tls.Config{
+			Certificates: []tls.Certificate{cert},
+		})
+		runtime.Assert(err)
+		logging.Info("listen on %d", a.cfg.Listen)
+	} else {
+		var err error
+		l, err = net.Listen("tcp", fmt.Sprintf(":%d", a.cfg.Listen))
+		runtime.Assert(err)
+	}
 
 	run(a.cfg, l)
 }

conf/client.yaml

@@ -1,5 +1,6 @@
 id: this               # 客户端ID
 server: 127.0.0.1:6154 # 服务器地址
+ssl: false             # 是否使用tls加密连接
 dashboard: # web面板
   enabled: true   # 是否开放dashboard
   listen: 0.0.0.0 # 监听地址

conf/server.yaml

@@ -1,5 +1,5 @@
 listen: 6154 # 监听端口号
 #include common.yaml
-tls:
-  key: /dir/to/tls/key/file # tls密钥
-  crt: /dir/to/tls/crt/file # tls证书
+#tls:
+#  key: /dir/to/tls/key/file # tls密钥
+#  crt: /dir/to/tls/crt/file # tls证书