I love being right, verified with wireshark for local+remote stun

main.go

@@ -8,8 +8,6 @@ import (
 	"io"
 	"io/ioutil"
 	"local1/logger"
-	"log"
-	"net"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
@@ -27,7 +25,10 @@ func NewServer(addr, clientcrt, clientkey, servercrt string, whitelist []string)
 	if err != nil {
 		return nil, err
 	}
-	rootCAs := x509.NewCertPool()
+	rootCAs, err := x509.SystemCertPool()
+	if err != nil {
+		return nil, err
+	}
 	rootCAs.AppendCertsFromPEM(caCert)
 	clientCert, err := tls.LoadX509KeyPair(clientcrt, clientkey)
 	if err != nil {
@@ -42,39 +43,11 @@ func NewServer(addr, clientcrt, clientkey, servercrt string, whitelist []string)
 				RootCAs:      rootCAs,
 				Certificates: []tls.Certificate{clientCert},
 			},
-			//DialTLS: dialtls,
 		},
 		whitelist: whitelist,
 	}, nil
 }
 
-func dialtls(network, addr string) (net.Conn, error) {
-	conn, err := net.Dial(network, addr)
-	if err != nil {
-		return nil, err
-	}
-
-	host, _, err := net.SplitHostPort(addr)
-	if err != nil {
-		return nil, err
-	}
-	cfg := &tls.Config{ServerName: host}
-
-	tlsConn := tls.Client(conn, cfg)
-	if err := tlsConn.Handshake(); err != nil {
-		conn.Close()
-		return nil, err
-	}
-
-	cs := tlsConn.ConnectionState()
-	cert := cs.PeerCertificates[0]
-
-	// Verify here
-	cert.VerifyHostname(host)
-	log.Println(cert.Subject)
-	return tlsConn, nil
-}
-
 func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// fix scheme if necessary
 	fixScheme(r.URL)
@@ -95,22 +68,8 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 func (s *Server) handleHTTP(w http.ResponseWriter, r *http.Request) {
 	proxy := httputil.NewSingleHostReverseProxy(pathlessURL(r.URL))
 	proxy.Transport = s.transport
-	director := proxy.Director
-	proxy.Director = func(req *http.Request) {
-		director(req)
-		req.Host = r.URL.Host
-	}
 	proxy.ServeHTTP(w, r)
 	return
-	resp, err := s.transport.RoundTrip(r)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusServiceUnavailable)
-		return
-	}
-	defer resp.Body.Close()
-	copyHeader(w.Header(), resp.Header)
-	w.WriteHeader(resp.StatusCode)
-	io.Copy(w, resp.Body)
 }
 
 func copyHeader(dst, src http.Header) {
@@ -124,15 +83,16 @@ func copyHeader(dst, src http.Header) {
 func fixScheme(u *url.URL) {
 	if u.Scheme == "" {
 		u.Scheme = "http"
-		if strings.Contains(u.Host, "443") {
-			u.Scheme = "https"
-		}
+	}
+	if strings.HasSuffix(u.Host, ":443") {
+		u.Scheme = "https"
+		u.Host = u.Host[:len(u.Host)-len(":443")]
 	}
 }
 
 func toWhitelist(okay []string, host string) bool {
 	host = strings.Split(host, ":")[0]
-	host = strings.Replace(host, "www", "", -1)
+	host = strings.Replace(host, "www.", "", -1)
 	for i := range okay {
 		if strings.Contains(okay[i], host) {
 			return true
@@ -193,7 +153,7 @@ func main() {
 		"clientkey": "/Volumes/bldisk/client.key",
 		"servercrt": "/Volumes/bldisk/server.crt",
 		"port":      "8888",
-		"whitelist": "192.168.0.86,,bel.house,,gcp.blapointe.com",
+		"whitelist": "192.168.0.86,,bel.house,,minio.gcp.blapointe.com",
 	})
 	if !strings.HasPrefix(conf["port"], ":") {
 		conf["port"] = ":" + conf["port"]