use raw base64 encoder to avoid padding characters

IrineSistiana · Apr 6, 2020 · c96942c · c96942c
1 parent 9c2b0f0
commit c96942c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@
 
     # 客户端模式
     -cca string
-        客户端用于验证服务器的base64编码的PEM格式CA证书。
+        客户端用于验证服务器的无补全的base64编码的PEM格式CA证书。
         如果服务端证书是合法证书的话一般不需要此参数，
         simple-tls会使用系统的证书池去验证证书。
     -n string
@@ -39,7 +39,9 @@
 
     # 其他
     -gen-cert
-        [This is a helper function]: generate a certificate, store it's key to [-key] and cert to [-cert], print cert in base64 format
+        [This is a helper function]: generate a certificate, 
+        store it's key to [-key] and cert to [-cert],
+        print cert in base64 format without padding characters
     -cpu int
         the maximum number of CPUs that can be executing simultaneously
     -fast-open
@@ -76,7 +78,9 @@ simple-tls-android是[shadowsocks-android](https://github.com/shadowsocks/shadow
 
 ## Tips
 
-`-gen-cert` 可以快速的生成一个ECC证书，并打印出base64编码后的cert的用于客户端用`-cca`导入。证书DNSName取自`-n`参数或随机生成。key和cert文件会放在`-key`，`-cert`指定的位置或当前目录`./`。
+无补全的base64编码： 可以理解为：如果编码末尾有`=`，去掉它们。
+
+`-gen-cert` 可以快速的生成一个ECC证书，并打印出无补全的base64编码后的cert的用于客户端用`-cca`导入。证书DNSName取自`-n`参数或随机生成。key和cert文件会放在`-key`，`-cert`指定的位置或当前目录`./`。
 
 条件允许的话还是建议从[Let's Encrypt](https://letsencrypt.org/)整一个合法的证书。
 

diff --git a/main.go b/main.go
@@ -58,7 +58,7 @@ func main() {
 
 	// client only
 	commandLine.StringVar(&serverName, "n", "", "server name")
-	commandLine.StringVar(&cca, "cca", "", "PEM encoded CA in base64 format, client will use it to varify the server")
+	commandLine.StringVar(&cca, "cca", "", "PEM encoded CA in base64 format without padding characters, client will use it to varify the server")
 
 	// server only
 	commandLine.BoolVar(&isServer, "s", false, "is server")
@@ -70,7 +70,7 @@ func main() {
 	commandLine.BoolVar(&tfo, "fast-open", false, "enable tfo, only available on linux 4.11+")
 	commandLine.IntVar(&cpu, "cpu", runtime.NumCPU(), "the maximum number of CPUs that can be executing simultaneously")
 
-	commandLine.BoolVar(&genCert, "gen-cert", false, "[This is a helper function]: generate a certificate, store it's key to [-key] and cert to [-cert], print cert in base64 format")
+	commandLine.BoolVar(&genCert, "gen-cert", false, "[This is a helper function]: generate a certificate, store it's key to [-key] and cert to [-cert], print cert in base64 format without padding characters")
 
 	sip003Args, err := GetSIP003Args()
 	if err != nil {
@@ -147,7 +147,7 @@ func main() {
 			log.Fatalf("main: writing cert file [%s]: %v", cert, err)
 		}
 
-		certBase64 := base64.StdEncoding.EncodeToString(certPEM)
+		certBase64 := base64.RawStdEncoding.EncodeToString(certPEM)
 		fmt.Printf("Your new cert dns name is: %s\n", dnsName)
 		fmt.Print("Your new cert base64 string is:\n")
 		fmt.Printf("%s\n", certBase64)
@@ -197,7 +197,7 @@ func main() {
 			tlsConfig.ServerName = strings.SplitN(bindAddr, ":", 2)[0]
 		}
 		if len(cca) != 0 {
-			pem, err := base64.StdEncoding.DecodeString(cca)
+			pem, err := base64.RawStdEncoding.DecodeString(cca)
 			if err != nil {
 				log.Fatalf("main: base64.StdEncoding.DecodeString: %v", err)
 			}