Skip to content

Commit 2b7fc41

Browse files
f0sself0ssel
committed
fix
1 parent a4aa649 commit 2b7fc41

File tree

2 files changed

+37
-44
lines changed

2 files changed

+37
-44
lines changed

cli/cli.go

Lines changed: 37 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,19 @@ func Run(config Config, args []string) error {
134134
return fmt.Errorf("failed to get config directory: %v", err)
135135
}
136136

137+
// Create network namespace configuration
138+
nsConfig := namespace.Config{
139+
HTTPPort: 8040,
140+
HTTPSPort: 8043,
141+
}
142+
143+
// Create network namespace instance
144+
networkInstance, err := namespace.New(nsConfig, logger)
145+
if err != nil {
146+
logger.Error("Failed to create network namespace", "error", err)
147+
return fmt.Errorf("failed to create network namespace: %v", err)
148+
}
149+
137150
// Create certificate manager (if TLS interception is enabled)
138151
var certManager *tls.CertificateManager
139152
var tlsConfig *cryptotls.Config
@@ -145,19 +158,31 @@ func Run(config Config, args []string) error {
145158
return fmt.Errorf("failed to create certificate manager: %v", err)
146159
}
147160
tlsConfig = certManager.GetTLSConfig()
148-
}
149161

150-
// Create network namespace configuration
151-
nsConfig := namespace.Config{
152-
HTTPPort: 8040,
153-
HTTPSPort: 8043,
154-
}
162+
// Get CA certificate for environment
163+
caCertPEM, err := certManager.GetCACertPEM()
164+
if err != nil {
165+
logger.Error("Failed to get CA certificate", "error", err)
166+
return fmt.Errorf("failed to get CA certificate: %v", err)
167+
}
155168

156-
// Create network namespace instance
157-
networkInstance, err := namespace.New(nsConfig, logger)
158-
if err != nil {
159-
logger.Error("Failed to create network namespace", "error", err)
160-
return fmt.Errorf("failed to create network namespace: %v", err)
169+
// Write CA certificate to a temporary file for tools that need a file path
170+
caCertPath := filepath.Join(configDir, "ca-cert.pem")
171+
err = os.WriteFile(caCertPath, caCertPEM, 0644)
172+
if err != nil {
173+
logger.Error("Failed to write CA certificate file", "error", err)
174+
return fmt.Errorf("failed to write CA certificate file: %v", err)
175+
}
176+
177+
// Set standard CA certificate environment variables for common tools
178+
// This makes tools like curl, git, etc. trust our dynamically generated CA
179+
networkInstance.SetEnv("SSL_CERT_FILE", caCertPath) // OpenSSL/LibreSSL-based tools
180+
networkInstance.SetEnv("SSL_CERT_DIR", configDir) // OpenSSL certificate directory
181+
networkInstance.SetEnv("CURL_CA_BUNDLE", caCertPath) // curl
182+
networkInstance.SetEnv("GIT_SSL_CAINFO", caCertPath) // Git
183+
networkInstance.SetEnv("REQUESTS_CA_BUNDLE", caCertPath) // Python requests
184+
networkInstance.SetEnv("NODE_EXTRA_CA_CERTS", caCertPath) // Node.js
185+
networkInstance.SetEnv("JAIL_CA_CERT", string(caCertPEM)) // Keep for backward compatibility
161186
}
162187

163188
// Create proxy server
@@ -215,34 +240,6 @@ func Run(config Config, args []string) error {
215240
return fmt.Errorf("failed to open jail: %v", err)
216241
}
217242

218-
// Setup CA certificate environment variables if TLS interception is enabled
219-
if !config.NoTLSIntercept && certManager != nil {
220-
// Get CA certificate for environment
221-
caCertPEM, err := certManager.GetCACertPEM()
222-
if err != nil {
223-
logger.Error("Failed to get CA certificate", "error", err)
224-
return fmt.Errorf("failed to get CA certificate: %v", err)
225-
}
226-
227-
// Write CA certificate to a temporary file for tools that need a file path
228-
caCertPath := filepath.Join(configDir, "ca-cert.pem")
229-
err = os.WriteFile(caCertPath, caCertPEM, 0644)
230-
if err != nil {
231-
logger.Error("Failed to write CA certificate file", "error", err)
232-
return fmt.Errorf("failed to write CA certificate file: %v", err)
233-
}
234-
235-
// Set standard CA certificate environment variables for common tools
236-
// This makes tools like curl, git, etc. trust our dynamically generated CA
237-
jailInstance.CommandExecutor().SetEnv("SSL_CERT_FILE", caCertPath) // OpenSSL/LibreSSL-based tools
238-
jailInstance.CommandExecutor().SetEnv("SSL_CERT_DIR", configDir) // OpenSSL certificate directory
239-
jailInstance.CommandExecutor().SetEnv("CURL_CA_BUNDLE", caCertPath) // curl
240-
jailInstance.CommandExecutor().SetEnv("GIT_SSL_CAINFO", caCertPath) // Git
241-
jailInstance.CommandExecutor().SetEnv("REQUESTS_CA_BUNDLE", caCertPath) // Python requests
242-
jailInstance.CommandExecutor().SetEnv("NODE_EXTRA_CA_CERTS", caCertPath) // Node.js
243-
jailInstance.CommandExecutor().SetEnv("JAIL_CA_CERT", string(caCertPEM)) // Keep for backward compatibility
244-
}
245-
246243
// Create context for graceful shutdown
247244
ctx, cancel := context.WithCancel(context.Background())
248245
defer cancel()
@@ -267,4 +264,4 @@ func Run(config Config, args []string) error {
267264
}
268265

269266
return nil
270-
}
267+
}

jail.go

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,10 +68,6 @@ func (j *Jail) Command(command []string) *exec.Cmd {
6868
return j.commandExecutor.Command(command)
6969
}
7070

71-
func (j *Jail) CommandExecutor() Commander {
72-
return j.commandExecutor
73-
}
74-
7571
func (j *Jail) Close() error {
7672
// Cancel context to stop proxy server
7773
if j.cancel != nil {

0 commit comments

Comments
 (0)