From b5e1a03cedf143b671e1180bb97d01700d11dbae Mon Sep 17 00:00:00 2001
From: PinkP4nther <0x0090@protonmail.com>
Date: Fri, 8 Oct 2021 21:37:36 -0700
Subject: [PATCH] Can now specify no cert or key for when the listening side of
 the Relay is in RAW TCP mode.

---
 Cargo.toml                 |  2 +-
 README.md                  |  3 ++-
 examples/basic/src/main.rs |  4 ++--
 src/lib.rs                 |  4 ++--
 src/relay.rs               | 49 +++++++++++++++++++++++++-------------
 5 files changed, 39 insertions(+), 23 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 0922357..c2eeeff 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "sslrelay"
-version = "0.4.31"
+version = "0.4.4"
 authors = ["PinkP4nther <pinkp4nther@protonmail.com> @Pink_P4nther"]
 edition = "2018"
 description = "A TCP relay library for relaying/modifying/spoofing TCP traffic by implementing callback code."
diff --git a/README.md b/README.md
index dfd9be2..1ec62f2 100644
--- a/README.md
+++ b/README.md
@@ -27,4 +27,5 @@ A TCP relay library that can handle raw TCP and SSL/TLS connections. You can rea
 > 
 > 10/06/2021 | **v0.4.2** | Added documentation.
 >
-> 10/07/2021 | **v0.4.3** | Blocking callbacks now pass self as a mutable reference. This can allow the developer to create structures that can be accessed every stream write ONLY in the BLOCKING callback. The self object is refreshed per TCP connection. Separate TCP connections can not touch eachothers data.
+> 10/07/2021 | **v0.4.3** | Blocking callbacks now pass self as a mutable reference. This can allow the developer to create structures that can be accessed every stream write. (ONLY in the BLOCKING callback). The self object is refreshed per TCP connection. Separate TCP connections can not touch eachothers data.
+> 10/08/2021 | **v0.4.4** | Added ability to set TLS certificate and certificate private key to nothing. When passing RelayConfig to the relay object use the 'None' variant of Option<T> enum. In a config file put the cert path and key path as an empty 'String' to specify 'None'.
\ No newline at end of file
diff --git a/examples/basic/src/main.rs b/examples/basic/src/main.rs
index 50f7cd4..4117c4e 100644
--- a/examples/basic/src/main.rs
+++ b/examples/basic/src/main.rs
@@ -45,8 +45,8 @@ fn main() {
             bind_port: "443".to_string(),
             remote_host: "remote.com".to_string(),
             remote_port: "443".to_string(),
-            ssl_private_key_path: "./remote.com.key".to_string(),
-            ssl_cert_path: "./remote.com.crt".to_string(),
+            ssl_private_key_path: Some("./remote.com.key".to_string()),
+            ssl_cert_path: Some("./remote.com.crt".to_string()),
         })
     );
     // Start listening
diff --git a/src/lib.rs b/src/lib.rs
index 15ad268..6715a95 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -176,8 +176,8 @@ pub struct RelayConfig {
     pub bind_port: String,
     pub remote_host: String,
     pub remote_port: String,
-    pub ssl_private_key_path: String,
-    pub ssl_cert_path: String,
+    pub ssl_private_key_path: Option<String>,
+    pub ssl_cert_path: Option<String>,
 }
 
 /// CallbackRet for blocking callback functions
diff --git a/src/relay.rs b/src/relay.rs
index c4c65e4..71ee2f9 100644
--- a/src/relay.rs
+++ b/src/relay.rs
@@ -149,8 +149,8 @@ impl<H: HandlerCallbacks + std::marker::Sync + std::marker::Send + Clone + 'stat
         } else if upstream_tls_conf == "raw" {
             upstream_data_type = TCPDataType::RAW;
         } else {
-            println!("[SSLRelay Error] Unrecognized TCPDataType for upstream_data_type. Data type received was not 'tcp' or 'tls'!");
-            process::exit(1); // Create error handling for load_relay_config()
+            panic!("[SSLRelay Error] Unrecognized TCPDataType for upstream_data_type. Data type received was not 'tcp' or 'tls'!");
+// Create error handling for load_relay_config()
         }
 
         if downstream_tls_conf == "tls" {
@@ -158,8 +158,19 @@ impl<H: HandlerCallbacks + std::marker::Sync + std::marker::Send + Clone + 'stat
         } else if downstream_tls_conf == "raw" {
             downstream_data_type = TCPDataType::RAW;
         } else {
-            println!("[SSLRelay Error] Unrecognized TCPDataType for downstream_data_type. Data type received was not 'tcp' or 'tls'!");
-            process::exit(1); // Create error handling for load_relay_config()
+            panic!("[SSLRelay Error] Unrecognized TCPDataType for downstream_data_type. Data type received was not 'tcp' or 'tls'!");
+// Create error handling for load_relay_config()
+        }
+
+        let mut ssl_pk_path = None;
+        let mut ssl_c_path = None;
+
+        if !ssl_private_key_path.is_empty() {
+            ssl_pk_path = Some(ssl_private_key_path.clone());
+        }
+
+        if !ssl_cert_path.is_empty() {
+            ssl_c_path = Some(ssl_cert_path.clone());
         }
 
         RelayConfig {
@@ -167,26 +178,30 @@ impl<H: HandlerCallbacks + std::marker::Sync + std::marker::Send + Clone + 'stat
             downstream_data_type,
             bind_host: bind_host.clone(),
             bind_port: bind_port.clone(),
-            ssl_private_key_path: ssl_private_key_path.clone(),
-            ssl_cert_path: ssl_cert_path.clone(),
+            ssl_private_key_path: ssl_pk_path,
+            ssl_cert_path: ssl_c_path,
             remote_host: remote_host.clone(),
             remote_port: remote_port.clone(),
         }
     }
 
-    fn setup_ssl_config(&self, priv_key: String, cert: String) -> Arc<SslAcceptor> {
-        
-        if !Path::new(priv_key.as_str()).exists() {
-            println!("[-] [{}] does not exist!", priv_key);
-            process::exit(-1);
-        } else if !Path::new(cert.as_str()).exists() {
-            println!("[-] [{}] does not exist!", cert);
-            process::exit(-1);
-        }
+    fn setup_ssl_config(&self, priv_key: Option<String>, cert: Option<String>) -> Arc<SslAcceptor> {
 
         let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
-        acceptor.set_private_key_file(priv_key, SslFiletype::PEM).unwrap();
-        acceptor.set_certificate_chain_file(cert).unwrap();
+
+        let private_key = priv_key.expect("[SSLRelay Error] No private key file specified!");
+        let certificate = cert.expect("[SSLRelay Error] No certificate file specified!");
+        
+        if !Path::new(&private_key).exists() {
+            panic!("[-] [{}] does not exist!", private_key);
+        }
+        acceptor.set_private_key_file(private_key, SslFiletype::PEM).unwrap();
+
+        if !Path::new(&certificate).exists() {
+            panic!("[-] [{}] does not exist!", certificate);
+        }
+        acceptor.set_certificate_chain_file(certificate).unwrap();
+
         acceptor.check_private_key().unwrap();
         Arc::new(acceptor.build())
     }