VHSgunzo
diff --git a/‎Makefile
Lines changed: 3 additions & 3 deletions b/‎Makefile
Lines changed: 3 additions & 3 deletions
diff --git a/‎README.md
Lines changed: 4 additions & 47 deletions b/‎README.md
Lines changed: 4 additions & 47 deletions
diff --git a/‎client/client.go
Lines changed: 6 additions & 55 deletions b/‎client/client.go
Lines changed: 6 additions & 55 deletions
diff --git a/‎client/client_connect.go
Lines changed: 0 additions & 1 deletion b/‎client/client_connect.go
Lines changed: 0 additions & 1 deletion
diff --git a/‎go.mod
Lines changed: 7 additions & 8 deletions b/‎go.mod
Lines changed: 7 additions & 8 deletions
diff --git a/‎go.sum
Lines changed: 14 additions & 17 deletions b/‎go.sum
Lines changed: 14 additions & 17 deletions
@@ -3,7 +3,7 @@ BUILD=$(shell git rev-parse HEAD)
 DIRBASE=./build
 DIR=${DIRBASE}/${VERSION}/${BUILD}/bin
 
-LDFLAGS=-ldflags "-s -w ${XBUILD} -buildid=${BUILD} -X github.com/jpillora/chisel/share.BuildVersion=${VERSION}"
+LDFLAGS=-ldflags "-s -w ${XBUILD} -buildid= -X github.com/jpillora/chisel/share.BuildVersion=${VERSION}"
 
 GOFILES=`go list ./...`
 GOFILESNOTEST=`go list ./... | grep -v test`
@@ -18,7 +18,7 @@ freebsd: lint
 	env CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -trimpath ${LDFLAGS} ${GCFLAGS} ${ASMFLAGS} -o ${DIR}/chisel-freebsd_amd64 .
 
 linux: lint
-	env CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -trimpath ${LDFLAGS} ${GCFLAGS} ${ASMFLAGS} -o ${DIR}/chisel-linux_amd64 .
+	env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath ${LDFLAGS} ${GCFLAGS} ${ASMFLAGS} -o ${DIR}/chisel-linux_amd64 .
 
 windows: lint
 	env CGO_ENABLED=1 GOOS=windows GOARCH=amd64 go build -trimpath ${LDFLAGS} ${GCFLAGS} ${ASMFLAGS} -o ${DIR}/chisel-windows_amd64 .
@@ -51,4 +51,4 @@ release: lint test
 clean:
 	rm -rf ${DIRBASE}/*
 
-.PHONY: all freebsd linux windows docker dep lint test release clean
+.PHONY: all freebsd linux windows docker dep lint test release clean
@@ -87,7 +87,7 @@ and then visit [localhost:3000](http://localhost:3000/), we should see a directo
     with $ md-tmpl -w README.md -->
 
 <!--tmpl,code=plain:echo "$ chisel --help" && go run main.go --help | sed 's#0.0.0-src (go1\..*)#X.Y.Z#' -->
-``` plain 
+``` plain
 $ chisel --help
 
   Usage: chisel [command] [--help]
@@ -106,7 +106,7 @@ $ chisel --help
 
 
 <!--tmpl,code=plain:echo "$ chisel server --help" && go run main.go server --help | cat | sed 's#0.0.0-src (go1\..*)#X.Y.Z#' -->
-``` plain 
+``` plain
 $ chisel server --help
 
   Usage: chisel server [options]
@@ -169,27 +169,6 @@ $ chisel server --help
     --reverse, Allow clients to specify reverse port forwarding remotes
     in addition to normal remotes.
 
-    --tls-key, Enables TLS and provides optional path to a PEM-encoded
-    TLS private key. When this flag is set, you must also set --tls-cert,
-    and you cannot set --tls-domain.
-
-    --tls-cert, Enables TLS and provides optional path to a PEM-encoded
-    TLS certificate. When this flag is set, you must also set --tls-key,
-    and you cannot set --tls-domain.
-
-    --tls-domain, Enables TLS and automatically acquires a TLS key and
-    certificate using LetsEncrypt. Setting --tls-domain requires port 443.
-    You may specify multiple --tls-domain flags to serve multiple domains.
-    The resulting files are cached in the "$HOME/.cache/chisel" directory.
-    You can modify this path by setting the CHISEL_LE_CACHE variable,
-    or disable caching by setting this variable to "-". You can optionally
-    provide a certificate notification email by setting CHISEL_LE_EMAIL.
-
-    --tls-ca, a path to a PEM encoded CA certificate bundle or a directory
-    holding multiple PEM encode CA certificate bundle files, which is used to 
-    validate client connections. The provided CA certificates will be used 
-    instead of the system roots. This is commonly used to implement mutual-TLS. 
-
     --pid Generate pid file in current working directory
 
     -v, Enable verbose logging
@@ -212,7 +191,7 @@ $ chisel server --help
 
 
 <!--tmpl,code=plain:echo "$ chisel client --help" && go run main.go client --help | sed 's#0.0.0-src (go1\..*)#X.Y.Z#' -->
-``` plain 
+``` plain
 $ chisel client --help
 
   Usage: chisel client [options] <server> <remote> [remote] [remote] ...
@@ -267,7 +246,7 @@ $ chisel client --help
     client's internal SOCKS5 proxy.
 
     When stdio is used as local-host, the tunnel will connect standard
-    input/output of this program with the remote. This is useful when 
+    input/output of this program with the remote. This is useful when
     combined with ssh ProxyCommand. You can use
       ssh -o ProxyCommand='chisel client chiselserver stdio:%h:%p' \
           [email protected]
@@ -311,28 +290,6 @@ $ chisel client --help
     --hostname, Optionally set the 'Host' header (defaults to the host
     found in the server url).
 
-    --sni, Override the ServerName when using TLS (defaults to the 
-    hostname).
-
-    --tls-ca, An optional root certificate bundle used to verify the
-    chisel server. Only valid when connecting to the server with
-    "https" or "wss". By default, the operating system CAs will be used.
-
-    --tls-skip-verify, Skip server TLS certificate verification of
-    chain and host name (if TLS is used for transport connections to
-    server). If set, client accepts any TLS certificate presented by
-    the server and any host name in that certificate. This only affects
-    transport https (wss) connection. Chisel server's public key
-    may be still verified (see --fingerprint) after inner connection
-    is established.
-
-    --tls-key, a path to a PEM encoded private key used for client 
-    authentication (mutual-TLS).
-
-    --tls-cert, a path to a PEM encoded certificate matching the provided 
-    private key. The certificate must have client authentication 
-    enabled (mutual-TLS).
-
     --pid Generate pid file in current working directory
 
     -v, Enable verbose logging
 
@@ -3,15 +3,12 @@ package chclient
 import (
 	"context"
 	"crypto/md5"
-	"crypto/tls"
-	"crypto/x509"
 	"encoding/base64"
 	"errors"
 	"fmt"
 	"net"
 	"net/http"
 	"net/url"
-	"os"
 	"regexp"
 	"strings"
 	"time"
@@ -40,27 +37,16 @@ type Config struct {
 	Proxy            string
 	Remotes          []string
 	Headers          http.Header
-	TLS              TLSConfig
 	DialContext      func(ctx context.Context, network, addr string) (net.Conn, error)
 	Verbose          bool
 }
 
-// TLSConfig for a Client
-type TLSConfig struct {
-	SkipVerify bool
-	CA         string
-	Cert       string
-	Key        string
-	ServerName string
-}
-
 // Client represents a client instance
 type Client struct {
 	*cio.Logger
 	config    *Config
 	computed  settings.Config
 	sshConfig *ssh.ClientConfig
-	tlsConfig *tls.Config
 	proxyURL  *url.URL
 	server    string
 	connCount cnet.ConnCount
@@ -72,7 +58,8 @@ type Client struct {
 // NewClient creates a new client instance
 func NewClient(c *Config) (*Client, error) {
 	//apply default scheme
-	if !strings.HasPrefix(c.Server, "http") {
+	if !strings.HasPrefix(c.Server, "http") &&
+		!strings.HasPrefix(c.Server, "ws") {
 		c.Server = "http://" + c.Server
 	}
 	if c.MaxRetryInterval < time.Second {
@@ -83,14 +70,12 @@ func NewClient(c *Config) (*Client, error) {
 		return nil, err
 	}
 	//swap to websockets scheme
+	// if !strings.HasPrefix(c.Server, "ws") {
 	u.Scheme = strings.Replace(u.Scheme, "http", "ws", 1)
+	// }
 	//apply default port
 	if !regexp.MustCompile(`:\d+$`).MatchString(u.Host) {
-		if u.Scheme == "wss" {
-			u.Host = u.Host + ":443"
-		} else {
-			u.Host = u.Host + ":80"
-		}
+		u.Host = u.Host + ":2871"
 	}
 	hasReverse := false
 	hasSocks := false
@@ -101,44 +86,10 @@ func NewClient(c *Config) (*Client, error) {
 		computed: settings.Config{
 			Version: chshare.BuildVersion,
 		},
-		server:    u.String(),
-		tlsConfig: nil,
+		server: u.String(),
 	}
 	//set default log level
 	client.Logger.Info = true
-	//configure tls
-	if u.Scheme == "wss" {
-		tc := &tls.Config{}
-		if c.TLS.ServerName != "" {
-			tc.ServerName = c.TLS.ServerName
-		}
-		//certificate verification config
-		if c.TLS.SkipVerify {
-			client.Infof("TLS verification disabled")
-			tc.InsecureSkipVerify = true
-		} else if c.TLS.CA != "" {
-			rootCAs := x509.NewCertPool()
-			if b, err := os.ReadFile(c.TLS.CA); err != nil {
-				return nil, fmt.Errorf("Failed to load file: %s", c.TLS.CA)
-			} else if ok := rootCAs.AppendCertsFromPEM(b); !ok {
-				return nil, fmt.Errorf("Failed to decode PEM: %s", c.TLS.CA)
-			} else {
-				client.Infof("TLS verification using CA %s", c.TLS.CA)
-				tc.RootCAs = rootCAs
-			}
-		}
-		//provide client cert and key pair for mtls
-		if c.TLS.Cert != "" && c.TLS.Key != "" {
-			c, err := tls.LoadX509KeyPair(c.TLS.Cert, c.TLS.Key)
-			if err != nil {
-				return nil, fmt.Errorf("Error loading client cert and key pair: %v", err)
-			}
-			tc.Certificates = []tls.Certificate{c}
-		} else if c.TLS.Cert != "" || c.TLS.Key != "" {
-			return nil, fmt.Errorf("Please specify client BOTH cert and key")
-		}
-		client.tlsConfig = tc
-	}
 	//validate remotes
 	for _, s := range c.Remotes {
 		r, err := settings.DecodeRemote(s)
 
@@ -79,7 +79,6 @@ func (c *Client) connectionOnce(ctx context.Context) (connected bool, err error)
 	d := websocket.Dialer{
 		HandshakeTimeout: settings.EnvDuration("WS_TIMEOUT", 45*time.Second),
 		Subprotocols:     []string{chshare.ProtocolVersion},
-		TLSClientConfig:  c.tlsConfig,
 		ReadBufferSize:   settings.EnvInt("WS_BUFF_SIZE", 0),
 		WriteBufferSize:  settings.EnvInt("WS_BUFF_SIZE", 0),
 		NetDialContext:   c.config.DialContext,
 
@@ -1,23 +1,22 @@
 module github.com/jpillora/chisel
 
-go 1.21
+go 1.22.3
 
 require (
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
-	github.com/fsnotify/fsnotify v1.6.0
-	github.com/gorilla/websocket v1.5.0
+	github.com/fsnotify/fsnotify v1.7.0
+	github.com/gorilla/websocket v1.5.3
 	github.com/jpillora/backoff v1.0.0
 	github.com/jpillora/requestlog v1.0.0
 	github.com/jpillora/sizestr v1.0.0
-	golang.org/x/crypto v0.16.0
-	golang.org/x/net v0.14.0
-	golang.org/x/sync v0.5.0
+	golang.org/x/crypto v0.24.0
+	golang.org/x/net v0.26.0
+	golang.org/x/sync v0.7.0
 )
 
 require (
 	github.com/andrew-d/go-termutil v0.0.0-20150726205930-009166a695a2 // indirect
 	github.com/jpillora/ansi v1.0.3 // indirect
 	github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce // indirect
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
 )
@@ -2,10 +2,10 @@ github.com/andrew-d/go-termutil v0.0.0-20150726205930-009166a695a2 h1:axBiC50cNZ
 github.com/andrew-d/go-termutil v0.0.0-20150726205930-009166a695a2/go.mod h1:jnzFpU88PccN/tPPhCpnNU8mZphvKxYM9lLNkd8e+os=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
-github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/jpillora/ansi v1.0.3 h1:nn4Jzti0EmRfDxm7JtEs5LzCbNwd5sv+0aE+LdS9/ZQ=
 github.com/jpillora/ansi v1.0.3/go.mod h1:D2tT+6uzJvN1nBVQILYWkIdq7zG+b5gcFN5WI/VyjMY=
 github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=
@@ -16,16 +16,13 @@ github.com/jpillora/sizestr v1.0.0 h1:4tr0FLxs1Mtq3TnsLDV+GYUWG7Q26a6s+tV5Zfw2yg
 github.com/jpillora/sizestr v1.0.0/go.mod h1:bUhLv4ctkknatr6gR42qPxirmd5+ds1u7mzD+MZ33f0=
 github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce h1:fb190+cK2Xz/dvi9Hv8eCYJYvIGUTN2/KLq1pT6CjEc=
 github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4=
-golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
-golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
-golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
-golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=