From 34f26d176a541122e99c936d5a160229cb9e74dc Mon Sep 17 00:00:00 2001
From: Maciek Borzecki <maciek.borzecki@gmail.com>
Date: Tue, 28 Jan 2020 08:54:00 +0100
Subject: [PATCH] protocol: update connection to TLS after sending identity

Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
---
 protocol/connection.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/protocol/connection.go b/protocol/connection.go
index ecbf2f0..fb15c53 100644
--- a/protocol/connection.go
+++ b/protocol/connection.go
@@ -23,7 +23,7 @@ import (
 )
 
 type Connection struct {
-	conn net.Conn
+	conn *tls.Conn
 }
 
 type Configuration struct {
@@ -48,7 +48,19 @@ func Dial(ctx context.Context, where string, conf *Configuration) (*Connection,
 
 	log.Debugf("identity sent")
 
-	return &Connection{conn: conn}, nil
+	// upgrade to secure connection
+
+	tlsConf := tls.Config{
+		InsecureSkipVerify: true,
+		Certificates:       []tls.Certificate{*conf.Cert},
+	}
+	tlsConn := tls.Server(conn, &tlsConf)
+	if err := tlsConn.Handshake(); err != nil {
+		log.Errorf("TLS handshake failed: %v", err)
+		return nil, err
+	}
+
+	return &Connection{conn: tlsConn}, nil
 }
 
 func (c *Connection) Close() error {