Support Signal server with TLS (#76)

* tlsEnabled flag and DialOption * Update signal client invocations
2025-06-21 02:08:40 +02:00 · 2021-08-01 12:54:35 +02:00 · 2021-08-01 12:54:35 +02:00 · 6ce5b2c815
commit 6ce5b2c815
parent ea99def502
4 changed files with 18 additions and 5 deletions
--- a/cmd/up.go
+++ b/cmd/up.go
@ -28,8 +28,10 @@ var (
 				os.Exit(ExitSetupFailed)
 			}

+			var sigTLSEnabled = false
+
 			ctx := context.Background()
-			signalClient, err := sig.NewClient(ctx, config.SignalAddr, myKey)
+			signalClient, err := sig.NewClient(ctx, config.SignalAddr, myKey, sigTLSEnabled)
 			if err != nil {
 				log.Errorf("error while connecting to the Signal Exchange Service %s: %s", config.SignalAddr, err)
 				os.Exit(ExitSetupFailed)
--- a/connection/engine_test.go
+++ b/connection/engine_test.go
@ -39,7 +39,9 @@ func Test_Start(t *testing.T) {

 	iFaceBlackList := make(map[string]struct{})

-	signalClient, err := sig.NewClient(ctx, "signal.wiretrustee.com:10000", testKey)
+	var sigTLSEnabled = false
+
+	signalClient, err := sig.NewClient(ctx, "signal.wiretrustee.com:10000", testKey, sigTLSEnabled)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/signal/client.go
+++ b/signal/client.go
@ -2,6 +2,7 @@ package signal

 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"github.com/cenkalti/backoff/v4"
 	log "github.com/sirupsen/logrus"
@ -10,6 +11,7 @@ import (
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/keepalive"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
@ -38,12 +40,18 @@ func (c *Client) Close() error {
 }

 // NewClient creates a new Signal client
-func NewClient(ctx context.Context, addr string, key wgtypes.Key) (*Client, error) {
+func NewClient(ctx context.Context, addr string, key wgtypes.Key, tlsEnabled bool) (*Client, error) {
+
+	transportOption := grpc.WithInsecure()
+
+	if tlsEnabled {
+		transportOption = grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{}))
+	}

 	conn, err := grpc.DialContext(
 		ctx,
 		addr,
-		grpc.WithInsecure(),
+		transportOption,
 		grpc.WithBlock(),
 		grpc.WithKeepaliveParams(keepalive.ClientParameters{
 			Time:    3 * time.Second,
--- a/signal/signal_test.go
+++ b/signal/signal_test.go
@ -144,7 +144,8 @@ var _ = Describe("Client", func() {
 })

 func createSignalClient(addr string, key wgtypes.Key) *signal.Client {
-	client, err := signal.NewClient(context.Background(), addr, key)
+	var sigTLSEnabled = false
+	client, err := signal.NewClient(context.Background(), addr, key, sigTLSEnabled)
 	if err != nil {
 		Fail("failed creating signal client")
 	}