rename to reject_unknown_sni

2025-06-13 21:54:13 +08:00 · 2023-07-20 17:52:08 +09:00 · 2023-07-20 17:52:08 +09:00 · 043e473000
commit 043e473000
parent bb451ab74d
2 changed files with 36 additions and 36 deletions
--- a/common/tls/std_server.go
+++ b/common/tls/std_server.go
@ -19,15 +19,15 @@ import (
 var errInsecureUnused = E.New("tls: insecure unused")

 type STDServerConfig struct {
-	config          *tls.Config
-	logger          log.Logger
-	acmeService     adapter.Service
-	certificate     []byte
-	key             []byte
-	certificatePath string
-	keyPath         string
-	rejectHandshake bool
-	watcher         *fsnotify.Watcher
+	config           *tls.Config
+	logger           log.Logger
+	acmeService      adapter.Service
+	certificate      []byte
+	key              []byte
+	certificatePath  string
+	keyPath          string
+	rejectUnknownSNI bool
+	watcher          *fsnotify.Watcher
 }

 func (c *STDServerConfig) ServerName() string {
@ -145,7 +145,7 @@ func (c *STDServerConfig) reloadKeyPair() error {
 	}
 	setGetCertificateFunc(c.config, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		return &keyPair, nil
-	}, c.rejectHandshake)
+	}, c.rejectUnknownSNI)
 	c.logger.Info("reloaded TLS certificate")
 	return nil
 }
@ -236,7 +236,7 @@ func NewSTDServer(ctx context.Context, router adapter.Router, logger log.Logger,
 		if certificate == nil && key == nil && options.Insecure {
 			setGetCertificateFunc(tlsConfig, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 				return GenerateKeyPair(router.TimeFunc(), info.ServerName)
-			}, options.RejectHandshake)
+			}, options.RejectUnknownSNI)
 		} else {
 			if certificate == nil {
 				return nil, E.New("missing certificate")
@ -250,28 +250,28 @@ func NewSTDServer(ctx context.Context, router adapter.Router, logger log.Logger,
 			}
 			setGetCertificateFunc(tlsConfig, func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 				return &keyPair, nil
-			}, options.RejectHandshake)
+			}, options.RejectUnknownSNI)
 		}
 	}
 	return &STDServerConfig{
-		config:          tlsConfig,
-		logger:          logger,
-		acmeService:     acmeService,
-		certificate:     certificate,
-		key:             key,
-		certificatePath: options.CertificatePath,
-		keyPath:         options.KeyPath,
-		rejectHandshake: options.RejectHandshake,
+		config:           tlsConfig,
+		logger:           logger,
+		acmeService:      acmeService,
+		certificate:      certificate,
+		key:              key,
+		certificatePath:  options.CertificatePath,
+		keyPath:          options.KeyPath,
+		rejectUnknownSNI: options.RejectUnknownSNI,
 	}, nil
 }

-func setGetCertificateFunc(tlsConfig *tls.Config, getCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error), rejectHandshake bool) {
+func setGetCertificateFunc(tlsConfig *tls.Config, getCertificate func(*tls.ClientHelloInfo) (*tls.Certificate, error), rejectUnknownSNI bool) {
 	tlsConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		cert, err := getCertificate(info)
 		if err != nil {
 			return nil, err
 		}
-		if rejectHandshake {
+		if rejectUnknownSNI {
 			if info.ServerName != "" && info.ServerName == tlsConfig.ServerName {
 				return cert, nil
 			}
--- a/option/tls.go
+++ b/option/tls.go
@ -1,20 +1,20 @@
 package option

 type InboundTLSOptions struct {
-	Enabled         bool                   `json:"enabled,omitempty"`
-	ServerName      string                 `json:"server_name,omitempty"`
-	Insecure        bool                   `json:"insecure,omitempty"`
-	RejectHandshake bool                   `json:"reject_handshake,omitempty"`
-	ALPN            Listable[string]       `json:"alpn,omitempty"`
-	MinVersion      string                 `json:"min_version,omitempty"`
-	MaxVersion      string                 `json:"max_version,omitempty"`
-	CipherSuites    Listable[string]       `json:"cipher_suites,omitempty"`
-	Certificate     string                 `json:"certificate,omitempty"`
-	CertificatePath string                 `json:"certificate_path,omitempty"`
-	Key             string                 `json:"key,omitempty"`
-	KeyPath         string                 `json:"key_path,omitempty"`
-	ACME            *InboundACMEOptions    `json:"acme,omitempty"`
-	Reality         *InboundRealityOptions `json:"reality,omitempty"`
+	Enabled          bool                   `json:"enabled,omitempty"`
+	ServerName       string                 `json:"server_name,omitempty"`
+	Insecure         bool                   `json:"insecure,omitempty"`
+	RejectUnknownSNI bool                   `json:"reject_unknown_sni,omitempty"`
+	ALPN             Listable[string]       `json:"alpn,omitempty"`
+	MinVersion       string                 `json:"min_version,omitempty"`
+	MaxVersion       string                 `json:"max_version,omitempty"`
+	CipherSuites     Listable[string]       `json:"cipher_suites,omitempty"`
+	Certificate      string                 `json:"certificate,omitempty"`
+	CertificatePath  string                 `json:"certificate_path,omitempty"`
+	Key              string                 `json:"key,omitempty"`
+	KeyPath          string                 `json:"key_path,omitempty"`
+	ACME             *InboundACMEOptions    `json:"acme,omitempty"`
+	Reality          *InboundRealityOptions `json:"reality,omitempty"`
 }

 type OutboundTLSOptions struct {