chunyu/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2025-06-13 21:54:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

rename to reject_unknown_sni

Browse Source
This commit is contained in:
arm64v8a 2023-07-20 17:52:08 +09:00
parent bb451ab74d
commit 043e473000
2 changed files with 36 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
common/tls/std_server.go
View File

@ -19,15 +19,15 @@ import (
var errInsecureUnused = E.New("tls: insecure unused") var errInsecureUnused = E.New("tls: insecure unused")
type STDServerConfig struct { type STDServerConfig struct {
config *tls.Config config *tls.Config
logger log.Logger logger log.Logger
acmeService adapter.Service acmeService adapter.Service
certificate []byte certificate []byte
key []byte key []byte
certificatePath string certificatePath string
keyPath string keyPath string
rejectHandshake bool rejectUnknownSNI bool
watcher *fsnotify.Watcher watcher *fsnotify.Watcher
} }
func (c *STDServerConfig) ServerName() string { func (c *STDServerConfig) ServerName() string {
@ -145,7 +145,7 @@ func (c *STDServerConfig) reloadKeyPair() error {
} }
setGetCertificateFunc(c.config, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) { setGetCertificateFunc(c.config, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
return &keyPair, nil return &keyPair, nil
}, c.rejectHandshake) }, c.rejectUnknownSNI)
c.logger.Info("reloaded TLS certificate") c.logger.Info("reloaded TLS certificate")
return nil return nil
} }
@ -236,7 +236,7 @@ func NewSTDServer(ctx context.Context, router adapter.Router, logger log.Logger,
if certificate == nil && key == nil && options.Insecure { if certificate == nil && key == nil && options.Insecure {
setGetCertificateFunc(tlsConfig, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) { setGetCertificateFunc(tlsConfig, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
return GenerateKeyPair(router.TimeFunc(), info.ServerName) return GenerateKeyPair(router.TimeFunc(), info.ServerName)
}, options.RejectHandshake) }, options.RejectUnknownSNI)
} else { } else {
if certificate == nil { if certificate == nil {
return nil, E.New("missing certificate") return nil, E.New("missing certificate")
@ -250,28 +250,28 @@ func NewSTDServer(ctx context.Context, router adapter.Router, logger log.Logger,
} }
setGetCertificateFunc(tlsConfig, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) { setGetCertificateFunc(tlsConfig, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
return &keyPair, nil return &keyPair, nil
}, options.RejectHandshake) }, options.RejectUnknownSNI)
} }
} }
return &STDServerConfig{ return &STDServerConfig{
config: tlsConfig, config: tlsConfig,
logger: logger, logger: logger,
acmeService: acmeService, acmeService: acmeService,
certificate: certificate, certificate: certificate,
key: key, key: key,
certificatePath: options.CertificatePath, certificatePath: options.CertificatePath,
keyPath: options.KeyPath, keyPath: options.KeyPath,
rejectHandshake: options.RejectHandshake, rejectUnknownSNI: options.RejectUnknownSNI,
}, nil }, nil
} }
func setGetCertificateFunc(tlsConfig *tls.Config, getCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error), rejectHandshake bool) { func setGetCertificateFunc(tlsConfig *tls.Config, getCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error), rejectUnknownSNI bool) {
tlsConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) { tlsConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
cert, err := getCertificate(info) cert, err := getCertificate(info)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if rejectHandshake { if rejectUnknownSNI {
if info.ServerName != "" && info.ServerName == tlsConfig.ServerName { if info.ServerName != "" && info.ServerName == tlsConfig.ServerName {
return cert, nil return cert, nil
} }

28
option/tls.go
View File

@ -1,20 +1,20 @@
package option package option
type InboundTLSOptions struct { type InboundTLSOptions struct {
Enabled bool `json:"enabled,omitempty"` Enabled bool `json:"enabled,omitempty"`
ServerName string `json:"server_name,omitempty"` ServerName string `json:"server_name,omitempty"`
Insecure bool `json:"insecure,omitempty"` Insecure bool `json:"insecure,omitempty"`
RejectHandshake bool `json:"reject_handshake,omitempty"` RejectUnknownSNI bool `json:"reject_unknown_sni,omitempty"`
ALPN Listable[string] `json:"alpn,omitempty"` ALPN Listable[string] `json:"alpn,omitempty"`
MinVersion string `json:"min_version,omitempty"` MinVersion string `json:"min_version,omitempty"`
MaxVersion string `json:"max_version,omitempty"` MaxVersion string `json:"max_version,omitempty"`
CipherSuites Listable[string] `json:"cipher_suites,omitempty"` CipherSuites Listable[string] `json:"cipher_suites,omitempty"`
Certificate string `json:"certificate,omitempty"` Certificate string `json:"certificate,omitempty"`
CertificatePath string `json:"certificate_path,omitempty"` CertificatePath string `json:"certificate_path,omitempty"`
Key string `json:"key,omitempty"` Key string `json:"key,omitempty"`
KeyPath string `json:"key_path,omitempty"` KeyPath string `json:"key_path,omitempty"`
ACME *InboundACMEOptions `json:"acme,omitempty"` ACME *InboundACMEOptions `json:"acme,omitempty"`
Reality *InboundRealityOptions `json:"reality,omitempty"` Reality *InboundRealityOptions `json:"reality,omitempty"`
} }
type OutboundTLSOptions struct { type OutboundTLSOptions struct {