rename to reject_unknown_sni

2025-06-13 21:54:13 +08:00 · 2023-07-20 17:52:08 +09:00 · 2023-07-20 17:52:08 +09:00 · 043e473000
commit 043e473000
parent bb451ab74d
2 changed files with 36 additions and 36 deletions
--- a/common/tls/std_server.go
+++ b/common/tls/std_server.go
@ -26,7 +26,7 @@ type STDServerConfig struct {
 	key              []byte
 	certificatePath  string
 	keyPath          string
-	rejectHandshake bool
+	rejectUnknownSNI bool
 	watcher          *fsnotify.Watcher
 }

@ -145,7 +145,7 @@ func (c *STDServerConfig) reloadKeyPair() error {
 	}
 	setGetCertificateFunc(c.config, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		return &keyPair, nil
-	}, c.rejectHandshake)
+	}, c.rejectUnknownSNI)
 	c.logger.Info("reloaded TLS certificate")
 	return nil
 }
@ -236,7 +236,7 @@ func NewSTDServer(ctx context.Context, router adapter.Router, logger log.Logger,
 		if certificate == nil && key == nil && options.Insecure {
 			setGetCertificateFunc(tlsConfig, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 				return GenerateKeyPair(router.TimeFunc(), info.ServerName)
-			}, options.RejectHandshake)
+			}, options.RejectUnknownSNI)
 		} else {
 			if certificate == nil {
 				return nil, E.New("missing certificate")
@ -250,7 +250,7 @@ func NewSTDServer(ctx context.Context, router adapter.Router, logger log.Logger,
 			}
 			setGetCertificateFunc(tlsConfig, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 				return &keyPair, nil
-			}, options.RejectHandshake)
+			}, options.RejectUnknownSNI)
 		}
 	}
 	return &STDServerConfig{
@ -261,17 +261,17 @@ func NewSTDServer(ctx context.Context, router adapter.Router, logger log.Logger,
 		key:              key,
 		certificatePath:  options.CertificatePath,
 		keyPath:          options.KeyPath,
-		rejectHandshake: options.RejectHandshake,
+		rejectUnknownSNI: options.RejectUnknownSNI,
 	}, nil
 }

-func setGetCertificateFunc(tlsConfig *tls.Config, getCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error), rejectHandshake bool) {
+func setGetCertificateFunc(tlsConfig *tls.Config, getCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error), rejectUnknownSNI bool) {
 	tlsConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		cert, err := getCertificate(info)
 		if err != nil {
 			return nil, err
 		}
-		if rejectHandshake {
+		if rejectUnknownSNI {
 			if info.ServerName != "" && info.ServerName == tlsConfig.ServerName {
 				return cert, nil
 			}
--- a/option/tls.go
+++ b/option/tls.go
@ -4,7 +4,7 @@ type InboundTLSOptions struct {
 	Enabled          bool                   `json:"enabled,omitempty"`
 	ServerName       string                 `json:"server_name,omitempty"`
 	Insecure         bool                   `json:"insecure,omitempty"`
-	RejectHandshake bool                   `json:"reject_handshake,omitempty"`
+	RejectUnknownSNI bool                   `json:"reject_unknown_sni,omitempty"`
 	ALPN             Listable[string]       `json:"alpn,omitempty"`
 	MinVersion       string                 `json:"min_version,omitempty"`
 	MaxVersion       string                 `json:"max_version,omitempty"`