2 files changed, 64 insertions, 1 deletions

diff --git a/finger/serve.go b/finger/serve.go
index f959373..cb8f0fd 100644
--- a/finger/serve.go
+++ b/finger/serve.go
@@ -2,6 +2,7 @@ package finger
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"io"
 	"net"
@@ -41,6 +42,31 @@ func NewServer(
 	return fs, nil
 }
 
+func NewTLSServer(
+	ctx context.Context,
+	hostname string,
+	network string,
+	address string,
+	handler types.Handler,
+	baseLog logging.Logger,
+	tlsConfig *tls.Config,
+) (types.Server, error) {
+	fs := &fingerServer{handler: handler}
+
+	hostname = internal.JoinDefaultPort(hostname, "79")
+	address = internal.JoinDefaultPort(address, "79")
+
+	var err error
+	fs.Server, err = internal.NewServer(ctx, hostname, network, address, baseLog, fs.handleConn)
+	if err != nil {
+		return nil, err
+	}
+
+	fs.Listener = tls.NewListener(fs.Listener, tlsConfig)
+
+	return fs, nil
+}
+
 func (fs *fingerServer) handleConn(conn net.Conn) {
 	request, err := ParseRequest(conn)
 	if err != nil {
@@ -51,6 +77,11 @@ func (fs *fingerServer) handleConn(conn net.Conn) {
 	request.Server = fs
 	request.RemoteAddr = conn.RemoteAddr()
 
+	if tlsconn, ok := conn.(*tls.Conn); ok {
+		state := tlsconn.ConnectionState()
+		request.TLSState = &state
+	}
+
 	defer func() {
 		if r := recover(); r != nil {
 			_ = fs.LogError("msg", "panic in handler", "err", r)
diff --git a/gopher/serve.go b/gopher/serve.go
index 67c889a..79ed7f8 100644
--- a/gopher/serve.go
+++ b/gopher/serve.go
@@ -2,13 +2,14 @@ package gopher
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
 	"net"
 
-	"tildegit.org/tjp/sliderule/internal/types"
 	"tildegit.org/tjp/sliderule/internal"
+	"tildegit.org/tjp/sliderule/internal/types"
 	"tildegit.org/tjp/sliderule/logging"
 )
 
@@ -42,6 +43,32 @@ func NewServer(
 	return gs, nil
 }
 
+// NewTLSServer builds a gopher server which serves gopher over tls-encrypted connections.
+func NewTLSServer(
+	ctx context.Context,
+	hostname string,
+	network string,
+	address string,
+	handler types.Handler,
+	baseLog logging.Logger,
+	tlsConfig *tls.Config,
+) (types.Server, error) {
+	gs := &gopherServer{handler: handler}
+
+	hostname = internal.JoinDefaultPort(hostname, "70")
+	address = internal.JoinDefaultPort(address, "70")
+
+	var err error
+	gs.Server, err = internal.NewServer(ctx, hostname, network, address, baseLog, gs.handleConn)
+	if err != nil {
+		return nil, err
+	}
+
+	gs.Listener = tls.NewListener(gs.Listener, tlsConfig)
+
+	return gs, nil
+}
+
 func (gs *gopherServer) handleConn(conn net.Conn) {
 	var response *types.Response
 	request, err := ParseRequest(conn)
@@ -52,6 +79,11 @@ func (gs *gopherServer) handleConn(conn net.Conn) {
 		request.RemoteAddr = conn.RemoteAddr()
 		request.Host = gs.Host
 
+		if tlsconn, ok := conn.(*tls.Conn); ok {
+			state := tlsconn.ConnectionState()
+			request.TLSState = &state
+		}
+
 		defer func() {
 			if r := recover(); r != nil {
 				err := fmt.Errorf("%s", r)