chunyu/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2025-06-13 21:54:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix ECH server config

Browse Source
This commit is contained in:
世界 2023-09-01 13:42:54 +08:00
parent 406e089d13
commit e61c67cbc2
No known key found for this signature in database
GPG Key ID: CD109927C34A63C4
3 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
common/tls/ech_client.go
View File

@ -171,8 +171,20 @@ func NewECHClient(ctx context.Context, serverAddress string, options option.Outb
tlsConfig.ECHEnabled = true tlsConfig.ECHEnabled = true
tlsConfig.PQSignatureSchemesEnabled = options.ECH.PQSignatureSchemesEnabled tlsConfig.PQSignatureSchemesEnabled = options.ECH.PQSignatureSchemesEnabled
tlsConfig.DynamicRecordSizingDisabled = options.ECH.DynamicRecordSizingDisabled tlsConfig.DynamicRecordSizingDisabled = options.ECH.DynamicRecordSizingDisabled
var echConfig []byte
if len(options.ECH.Config) > 0 { if len(options.ECH.Config) > 0 {
block, rest := pem.Decode([]byte(strings.Join(options.ECH.Config, "\n"))) echConfig = []byte(strings.Join(options.ECH.Config, "\n"))
} else if options.ECH.ConfigPath != "" {
content, err := os.ReadFile(options.ECH.ConfigPath)
if err != nil {
return nil, E.Cause(err, "read key")
}
echConfig = content
}
if len(echConfig) > 0 {
block, rest := pem.Decode(echConfig)
if block == nil || block.Type != "ECH CONFIGS" || len(rest) > 0 { if block == nil || block.Type != "ECH CONFIGS" || len(rest) > 0 {
return nil, E.New("invalid ECH configs pem") return nil, E.New("invalid ECH configs pem")
} }

17
common/tls/ech_server.go
View File

@ -277,7 +277,7 @@ func NewECHServer(ctx context.Context, logger log.Logger, options option.Inbound
certificate = content certificate = content
} }
if len(options.Key) > 0 { if len(options.Key) > 0 {
key = []byte(strings.Join(options.Key, "")) key = []byte(strings.Join(options.Key, "\n"))
} else if options.KeyPath != "" { } else if options.KeyPath != "" {
content, err := os.ReadFile(options.KeyPath) content, err := os.ReadFile(options.KeyPath)
if err != nil { if err != nil {
@ -298,7 +298,20 @@ func NewECHServer(ctx context.Context, logger log.Logger, options option.Inbound
} }
tlsConfig.Certificates = []cftls.Certificate{keyPair} tlsConfig.Certificates = []cftls.Certificate{keyPair}
block, rest := pem.Decode([]byte(strings.Join(options.ECH.Key, "\n"))) var echKey []byte
if len(options.ECH.Key) > 0 {
echKey = []byte(strings.Join(options.ECH.Key, "\n"))
} else if options.KeyPath != "" {
content, err := os.ReadFile(options.ECH.KeyPath)
if err != nil {
return nil, E.Cause(err, "read key")
}
echKey = content
} else {
return nil, E.New("missing ECH key")
}
block, rest := pem.Decode(echKey)
if block == nil || block.Type != "ECH KEYS" || len(rest) > 0 { if block == nil || block.Type != "ECH KEYS" || len(rest) > 0 {
return nil, E.New("invalid ECH keys pem") return nil, E.New("invalid ECH keys pem")
} }

4
option/tls.go
View File

@ -50,8 +50,8 @@ type InboundECHOptions struct {
Enabled bool `json:"enabled,omitempty"` Enabled bool `json:"enabled,omitempty"`
PQSignatureSchemesEnabled bool `json:"pq_signature_schemes_enabled,omitempty"` PQSignatureSchemesEnabled bool `json:"pq_signature_schemes_enabled,omitempty"`
DynamicRecordSizingDisabled bool `json:"dynamic_record_sizing_disabled,omitempty"` DynamicRecordSizingDisabled bool `json:"dynamic_record_sizing_disabled,omitempty"`
Key Listable[string] `json:"ech_keys,omitempty"` Key Listable[string] `json:"key,omitempty"`
KeyPath string `json:"ech_keys_path,omitempty"` KeyPath string `json:"key_path,omitempty"`
} }
type OutboundECHOptions struct { type OutboundECHOptions struct {