Add TLS connection support for tty-proxy connections

main.go

@@ -67,6 +67,7 @@ Flags:
 	proxyServerAddress := flag.String("tty-proxy", "localhost:9000", "Address of the proxy for public facing connections")
 	readOnly := flag.Bool("readonly", false, "Start a read only session")
 	publicSession := flag.Bool("public", false, "Create a public session")
+	noTLS := flag.Bool("no-tls", false, "Don't use TLS to connect to the tty-proxy server. Useful for local debugging")
 	flag.Usage = func() {
 		fmt.Fprintf(flag.CommandLine.Output(), "%s", usageString)
 		flag.PrintDefaults()
@@ -114,7 +115,7 @@ Flags:
 
 	sessionID := "local"
 	if *publicSession {
-		proxy, err := proxy.NewProxyConnection(*listenAddress, *proxyServerAddress)
+		proxy, err := proxy.NewProxyConnection(*listenAddress, *proxyServerAddress, *noTLS)
 		if err != nil {
 			fmt.Printf("Can't connect to the proxy: %s\n", err.Error())
 			return

proxy/proxy.go

@@ -1,6 +1,8 @@
 package proxy
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"io"
 	"net"
@@ -28,10 +30,24 @@ type proxyConnection struct {
 	PublicURL       string
 }
 
-func NewProxyConnection(backConnAddrr, proxyAddr string) (*proxyConnection, error) {
-	conn, err := net.Dial("tcp", proxyAddr)
-	if err != nil {
-		return nil, err
+func NewProxyConnection(backConnAddrr, proxyAddr string, noTLS bool) (*proxyConnection, error) {
+	var conn net.Conn
+	var err error
+
+	if noTLS {
+		conn, err = net.Dial("tcp", proxyAddr)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		roots, err := x509.SystemCertPool()
+		if err != nil {
+			return nil, err
+		}
+		conn, err = tls.Dial("tcp", proxyAddr, &tls.Config{RootCAs: roots})
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	// C -> S: HelloCLient