Can now specify no cert or key for when the listening side of the Relay is in RAW TCP mode.

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "sslrelay"
-version = "0.4.31"
+version = "0.4.4"
 authors = ["PinkP4nther <pinkp4nther@protonmail.com> @Pink_P4nther"]
 edition = "2018"
 description = "A TCP relay library for relaying/modifying/spoofing TCP traffic by implementing callback code."

README.md

@@ -27,4 +27,5 @@ A TCP relay library that can handle raw TCP and SSL/TLS connections. You can rea
 > 
 > 10/06/2021 | **v0.4.2** | Added documentation.
 >
-> 10/07/2021 | **v0.4.3** | Blocking callbacks now pass self as a mutable reference. This can allow the developer to create structures that can be accessed every stream write ONLY in the BLOCKING callback. The self object is refreshed per TCP connection. Separate TCP connections can not touch eachothers data.
+> 10/07/2021 | **v0.4.3** | Blocking callbacks now pass self as a mutable reference. This can allow the developer to create structures that can be accessed every stream write. (ONLY in the BLOCKING callback). The self object is refreshed per TCP connection. Separate TCP connections can not touch eachothers data.
+> 10/08/2021 | **v0.4.4** | Added ability to set TLS certificate and certificate private key to nothing. When passing RelayConfig to the relay object use the 'None' variant of Option<T> enum. In a config file put the cert path and key path as an empty 'String' to specify 'None'.

examples/basic/src/main.rs

@@ -45,8 +45,8 @@ fn main() {
             bind_port: "443".to_string(),
             remote_host: "remote.com".to_string(),
             remote_port: "443".to_string(),
-            ssl_private_key_path: "./remote.com.key".to_string(),
+            ssl_private_key_path: Some("./remote.com.key".to_string()),
-            ssl_cert_path: "./remote.com.crt".to_string(),
+            ssl_cert_path: Some("./remote.com.crt".to_string()),
         })
     );
     // Start listening

src/lib.rs

@@ -176,8 +176,8 @@ pub struct RelayConfig {
     pub bind_port: String,
     pub remote_host: String,
     pub remote_port: String,
-    pub ssl_private_key_path: String,
+    pub ssl_private_key_path: Option<String>,
-    pub ssl_cert_path: String,
+    pub ssl_cert_path: Option<String>,
 }
 
 /// CallbackRet for blocking callback functions

src/relay.rs

@@ -149,8 +149,8 @@ impl<H: HandlerCallbacks + std::marker::Sync + std::marker::Send + Clone + 'stat
         } else if upstream_tls_conf == "raw" {
             upstream_data_type = TCPDataType::RAW;
         } else {
-            println!("[SSLRelay Error] Unrecognized TCPDataType for upstream_data_type. Data type received was not 'tcp' or 'tls'!");
+            panic!("[SSLRelay Error] Unrecognized TCPDataType for upstream_data_type. Data type received was not 'tcp' or 'tls'!");
-            process::exit(1); // Create error handling for load_relay_config()
+// Create error handling for load_relay_config()
         }
 
         if downstream_tls_conf == "tls" {
@@ -158,8 +158,19 @@ impl<H: HandlerCallbacks + std::marker::Sync + std::marker::Send + Clone + 'stat
         } else if downstream_tls_conf == "raw" {
             downstream_data_type = TCPDataType::RAW;
         } else {
-            println!("[SSLRelay Error] Unrecognized TCPDataType for downstream_data_type. Data type received was not 'tcp' or 'tls'!");
+            panic!("[SSLRelay Error] Unrecognized TCPDataType for downstream_data_type. Data type received was not 'tcp' or 'tls'!");
-            process::exit(1); // Create error handling for load_relay_config()
+// Create error handling for load_relay_config()
+        }
+
+        let mut ssl_pk_path = None;
+        let mut ssl_c_path = None;
+
+        if !ssl_private_key_path.is_empty() {
+            ssl_pk_path = Some(ssl_private_key_path.clone());
+        }
+
+        if !ssl_cert_path.is_empty() {
+            ssl_c_path = Some(ssl_cert_path.clone());
         }
 
         RelayConfig {
@@ -167,26 +178,30 @@ impl<H: HandlerCallbacks + std::marker::Sync + std::marker::Send + Clone + 'stat
             downstream_data_type,
             bind_host: bind_host.clone(),
             bind_port: bind_port.clone(),
-            ssl_private_key_path: ssl_private_key_path.clone(),
+            ssl_private_key_path: ssl_pk_path,
-            ssl_cert_path: ssl_cert_path.clone(),
+            ssl_cert_path: ssl_c_path,
             remote_host: remote_host.clone(),
             remote_port: remote_port.clone(),
         }
     }
 
-    fn setup_ssl_config(&self, priv_key: String, cert: String) -> Arc<SslAcceptor> {
+    fn setup_ssl_config(&self, priv_key: Option<String>, cert: Option<String>) -> Arc<SslAcceptor> {
-        
-        if !Path::new(priv_key.as_str()).exists() {
-            println!("[-] [{}] does not exist!", priv_key);
-            process::exit(-1);
-        } else if !Path::new(cert.as_str()).exists() {
-            println!("[-] [{}] does not exist!", cert);
-            process::exit(-1);
-        }
 
         let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
-        acceptor.set_private_key_file(priv_key, SslFiletype::PEM).unwrap();
+
-        acceptor.set_certificate_chain_file(cert).unwrap();
+        let private_key = priv_key.expect("[SSLRelay Error] No private key file specified!");
+        let certificate = cert.expect("[SSLRelay Error] No certificate file specified!");
+        
+        if !Path::new(&private_key).exists() {
+            panic!("[-] [{}] does not exist!", private_key);
+        }
+        acceptor.set_private_key_file(private_key, SslFiletype::PEM).unwrap();
+
+        if !Path::new(&certificate).exists() {
+            panic!("[-] [{}] does not exist!", certificate);
+        }
+        acceptor.set_certificate_chain_file(certificate).unwrap();
+
         acceptor.check_private_key().unwrap();
         Arc::new(acceptor.build())
     }