From 043e473000b2a908c6b32e0869f47a5b78db278a Mon Sep 17 00:00:00 2001
From: arm64v8a <48624112+arm64v8a@users.noreply.github.com>
Date: Thu, 20 Jul 2023 17:52:08 +0900
Subject: [PATCH] rename to reject_unknown_sni

---
 common/tls/std_server.go | 44 ++++++++++++++++++++--------------------
 option/tls.go            | 28 ++++++++++++-------------
 2 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/common/tls/std_server.go b/common/tls/std_server.go
index ec7707e6..59601fd0 100644
--- a/common/tls/std_server.go
+++ b/common/tls/std_server.go
@@ -19,15 +19,15 @@ import (
 var errInsecureUnused = E.New("tls: insecure unused")
 
 type STDServerConfig struct {
-	config          *tls.Config
-	logger          log.Logger
-	acmeService     adapter.Service
-	certificate     []byte
-	key             []byte
-	certificatePath string
-	keyPath         string
-	rejectHandshake bool
-	watcher         *fsnotify.Watcher
+	config           *tls.Config
+	logger           log.Logger
+	acmeService      adapter.Service
+	certificate      []byte
+	key              []byte
+	certificatePath  string
+	keyPath          string
+	rejectUnknownSNI bool
+	watcher          *fsnotify.Watcher
 }
 
 func (c *STDServerConfig) ServerName() string {
@@ -145,7 +145,7 @@ func (c *STDServerConfig) reloadKeyPair() error {
 	}
 	setGetCertificateFunc(c.config, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		return &keyPair, nil
-	}, c.rejectHandshake)
+	}, c.rejectUnknownSNI)
 	c.logger.Info("reloaded TLS certificate")
 	return nil
 }
@@ -236,7 +236,7 @@ func NewSTDServer(ctx context.Context, router adapter.Router, logger log.Logger,
 		if certificate == nil && key == nil && options.Insecure {
 			setGetCertificateFunc(tlsConfig, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 				return GenerateKeyPair(router.TimeFunc(), info.ServerName)
-			}, options.RejectHandshake)
+			}, options.RejectUnknownSNI)
 		} else {
 			if certificate == nil {
 				return nil, E.New("missing certificate")
@@ -250,28 +250,28 @@ func NewSTDServer(ctx context.Context, router adapter.Router, logger log.Logger,
 			}
 			setGetCertificateFunc(tlsConfig, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 				return &keyPair, nil
-			}, options.RejectHandshake)
+			}, options.RejectUnknownSNI)
 		}
 	}
 	return &STDServerConfig{
-		config:          tlsConfig,
-		logger:          logger,
-		acmeService:     acmeService,
-		certificate:     certificate,
-		key:             key,
-		certificatePath: options.CertificatePath,
-		keyPath:         options.KeyPath,
-		rejectHandshake: options.RejectHandshake,
+		config:           tlsConfig,
+		logger:           logger,
+		acmeService:      acmeService,
+		certificate:      certificate,
+		key:              key,
+		certificatePath:  options.CertificatePath,
+		keyPath:          options.KeyPath,
+		rejectUnknownSNI: options.RejectUnknownSNI,
 	}, nil
 }
 
-func setGetCertificateFunc(tlsConfig *tls.Config, getCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error), rejectHandshake bool) {
+func setGetCertificateFunc(tlsConfig *tls.Config, getCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error), rejectUnknownSNI bool) {
 	tlsConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		cert, err := getCertificate(info)
 		if err != nil {
 			return nil, err
 		}
-		if rejectHandshake {
+		if rejectUnknownSNI {
 			if info.ServerName != "" && info.ServerName == tlsConfig.ServerName {
 				return cert, nil
 			}
diff --git a/option/tls.go b/option/tls.go
index 07d8f1ce..429a3203 100644
--- a/option/tls.go
+++ b/option/tls.go
@@ -1,20 +1,20 @@
 package option
 
 type InboundTLSOptions struct {
-	Enabled         bool                   `json:"enabled,omitempty"`
-	ServerName      string                 `json:"server_name,omitempty"`
-	Insecure        bool                   `json:"insecure,omitempty"`
-	RejectHandshake bool                   `json:"reject_handshake,omitempty"`
-	ALPN            Listable[string]       `json:"alpn,omitempty"`
-	MinVersion      string                 `json:"min_version,omitempty"`
-	MaxVersion      string                 `json:"max_version,omitempty"`
-	CipherSuites    Listable[string]       `json:"cipher_suites,omitempty"`
-	Certificate     string                 `json:"certificate,omitempty"`
-	CertificatePath string                 `json:"certificate_path,omitempty"`
-	Key             string                 `json:"key,omitempty"`
-	KeyPath         string                 `json:"key_path,omitempty"`
-	ACME            *InboundACMEOptions    `json:"acme,omitempty"`
-	Reality         *InboundRealityOptions `json:"reality,omitempty"`
+	Enabled          bool                   `json:"enabled,omitempty"`
+	ServerName       string                 `json:"server_name,omitempty"`
+	Insecure         bool                   `json:"insecure,omitempty"`
+	RejectUnknownSNI bool                   `json:"reject_unknown_sni,omitempty"`
+	ALPN             Listable[string]       `json:"alpn,omitempty"`
+	MinVersion       string                 `json:"min_version,omitempty"`
+	MaxVersion       string                 `json:"max_version,omitempty"`
+	CipherSuites     Listable[string]       `json:"cipher_suites,omitempty"`
+	Certificate      string                 `json:"certificate,omitempty"`
+	CertificatePath  string                 `json:"certificate_path,omitempty"`
+	Key              string                 `json:"key,omitempty"`
+	KeyPath          string                 `json:"key_path,omitempty"`
+	ACME             *InboundACMEOptions    `json:"acme,omitempty"`
+	Reality          *InboundRealityOptions `json:"reality,omitempty"`
 }
 
 type OutboundTLSOptions struct {