@@ -2,7 +2,6 @@ package cli
22
33import (
44"context"
5- cryptotls "crypto/tls"
65"fmt"
76"log/slog"
87"os"
@@ -21,9 +20,8 @@ import (
2120
2221// Config holds all configuration for the CLI
2322type Config struct {
24- AllowStrings []string
25- NoTLSIntercept bool
26- LogLevel string
23+ AllowStrings []string
24+ LogLevel string
2725}
2826
2927// NewCommand creates and returns the root serpent command
@@ -53,13 +51,6 @@ Examples:
5351Description : "Allow rule (can be specified multiple times). Format: 'pattern' or 'METHOD[,METHOD] pattern'." ,
5452Value : serpent .StringArrayOf (& config .AllowStrings ),
5553},
56- {
57- Name : "no-tls-intercept" ,
58- Flag : "no-tls-intercept" ,
59- Env : "JAIL_NO_TLS_INTERCEPT" ,
60- Description : "Disable HTTPS interception." ,
61- Value : serpent .BoolOf (& config .NoTLSIntercept ),
62- },
6354{
6455Name : "log-level" ,
6556Flag : "log-level" ,
@@ -139,33 +130,30 @@ func Run(config Config, args []string) error {
139130return fmt .Errorf ("failed to create network namespace: %v" , err )
140131}
141132
142- // Create certificate manager (if TLS interception is enabled)
143- var tlsConfig * cryptotls.Config
144- if ! config .NoTLSIntercept {
145- certManager , err := tls .NewCertificateManager (logger )
146- if err != nil {
147- logger .Error ("Failed to create certificate manager" , "error" , err )
148- return fmt .Errorf ("failed to create certificate manager: %v" , err )
149- }
150-
151- // Setup TLS config and write CA certificate to file
152- var caCertPath , configDir string
153- tlsConfig , caCertPath , configDir , err = certManager .SetupTLSAndWriteCACert ()
154- if err != nil {
155- logger .Error ("Failed to setup TLS and CA certificate" , "error" , err )
156- return fmt .Errorf ("failed to setup TLS and CA certificate: %v" , err )
157- }
133+ // Create certificate manager
134+ certManager , err := tls .NewCertificateManager (logger )
135+ if err != nil {
136+ logger .Error ("Failed to create certificate manager" , "error" , err )
137+ return fmt .Errorf ("failed to create certificate manager: %v" , err )
138+ }
158139
159- // Set standard CA certificate environment variables for common tools
160- // This makes tools like curl, git, etc. trust our dynamically generated CA
161- commander .SetEnv ("SSL_CERT_FILE" , caCertPath ) // OpenSSL/LibreSSL-based tools
162- commander .SetEnv ("SSL_CERT_DIR" , configDir ) // OpenSSL certificate directory
163- commander .SetEnv ("CURL_CA_BUNDLE" , caCertPath ) // curl
164- commander .SetEnv ("GIT_SSL_CAINFO" , caCertPath ) // Git
165- commander .SetEnv ("REQUESTS_CA_BUNDLE" , caCertPath ) // Python requests
166- commander .SetEnv ("NODE_EXTRA_CA_CERTS" , caCertPath ) // Node.js
140+ // Setup TLS config and write CA certificate to file
141+ var caCertPath , configDir string
142+ tlsConfig , caCertPath , configDir , err := certManager .SetupTLSAndWriteCACert ()
143+ if err != nil {
144+ logger .Error ("Failed to setup TLS and CA certificate" , "error" , err )
145+ return fmt .Errorf ("failed to setup TLS and CA certificate: %v" , err )
167146}
168147
148+ // Set standard CA certificate environment variables for common tools
149+ // This makes tools like curl, git, etc. trust our dynamically generated CA
150+ commander .SetEnv ("SSL_CERT_FILE" , caCertPath ) // OpenSSL/LibreSSL-based tools
151+ commander .SetEnv ("SSL_CERT_DIR" , configDir ) // OpenSSL certificate directory
152+ commander .SetEnv ("CURL_CA_BUNDLE" , caCertPath ) // curl
153+ commander .SetEnv ("GIT_SSL_CAINFO" , caCertPath ) // Git
154+ commander .SetEnv ("REQUESTS_CA_BUNDLE" , caCertPath ) // Python requests
155+ commander .SetEnv ("NODE_EXTRA_CA_CERTS" , caCertPath ) // Node.js
156+
169157// Create proxy server
170158proxyServer := proxy .NewProxyServer (proxy.Config {
171159HTTPPort : 8040 ,
0 commit comments