feat: add fingerprint for tls verify
This commit is contained in:
parent
71afe64a8e
commit
91e1649822
15 changed files with 137 additions and 31 deletions
|
@ -7,6 +7,7 @@ import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
tlsC "github.com/Dreamacro/clash/common/tls"
|
||||||
"io"
|
"io"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -149,7 +150,7 @@ func NewHttp(option HttpOption) *Http {
|
||||||
},
|
},
|
||||||
user: option.UserName,
|
user: option.UserName,
|
||||||
pass: option.Password,
|
pass: option.Password,
|
||||||
tlsConfig: tlsConfig,
|
tlsConfig: tlsC.MixinTLSConfig(tlsConfig),
|
||||||
option: &option,
|
option: &option,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
tlsC "github.com/Dreamacro/clash/common/tls"
|
||||||
"github.com/Dreamacro/clash/transport/hysteria/core"
|
"github.com/Dreamacro/clash/transport/hysteria/core"
|
||||||
"github.com/Dreamacro/clash/transport/hysteria/obfs"
|
"github.com/Dreamacro/clash/transport/hysteria/obfs"
|
||||||
"github.com/Dreamacro/clash/transport/hysteria/pmtud_fix"
|
"github.com/Dreamacro/clash/transport/hysteria/pmtud_fix"
|
||||||
|
@ -121,11 +122,11 @@ func NewHysteria(option HysteriaOption) (*Hysteria, error) {
|
||||||
if option.SNI != "" {
|
if option.SNI != "" {
|
||||||
serverName = option.SNI
|
serverName = option.SNI
|
||||||
}
|
}
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := tlsC.MixinTLSConfig(&tls.Config{
|
||||||
ServerName: serverName,
|
ServerName: serverName,
|
||||||
InsecureSkipVerify: option.SkipCertVerify,
|
InsecureSkipVerify: option.SkipCertVerify,
|
||||||
MinVersion: tls.VersionTLS13,
|
MinVersion: tls.VersionTLS13,
|
||||||
}
|
})
|
||||||
if len(option.ALPN) > 0 {
|
if len(option.ALPN) > 0 {
|
||||||
tlsConfig.NextProtos = []string{option.ALPN}
|
tlsConfig.NextProtos = []string{option.ALPN}
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
tlsC "github.com/Dreamacro/clash/common/tls"
|
||||||
"io"
|
"io"
|
||||||
"net"
|
"net"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
@ -160,7 +161,7 @@ func NewSocks5(option Socks5Option) *Socks5 {
|
||||||
pass: option.Password,
|
pass: option.Password,
|
||||||
tls: option.TLS,
|
tls: option.TLS,
|
||||||
skipCertVerify: option.SkipCertVerify,
|
skipCertVerify: option.SkipCertVerify,
|
||||||
tlsConfig: tlsConfig,
|
tlsConfig: tlsC.MixinTLSConfig(tlsConfig),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
tlsC "github.com/Dreamacro/clash/common/tls"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
@ -227,12 +228,12 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
|
||||||
return c, nil
|
return c, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := tlsC.MixinTLSConfig(&tls.Config{
|
||||||
NextProtos: option.ALPN,
|
NextProtos: option.ALPN,
|
||||||
MinVersion: tls.VersionTLS12,
|
MinVersion: tls.VersionTLS12,
|
||||||
InsecureSkipVerify: tOption.SkipCertVerify,
|
InsecureSkipVerify: tOption.SkipCertVerify,
|
||||||
ServerName: tOption.ServerName,
|
ServerName: tOption.ServerName,
|
||||||
}
|
})
|
||||||
|
|
||||||
if t.option.Flow != "" {
|
if t.option.Flow != "" {
|
||||||
t.transport = gun.NewHTTP2XTLSClient(dialFn, tlsConfig)
|
t.transport = gun.NewHTTP2XTLSClient(dialFn, tlsConfig)
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/Dreamacro/clash/common/convert"
|
"github.com/Dreamacro/clash/common/convert"
|
||||||
|
tlsC "github.com/Dreamacro/clash/common/tls"
|
||||||
"io"
|
"io"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -80,12 +81,12 @@ func (v *Vless) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
|
||||||
}
|
}
|
||||||
if v.option.TLS {
|
if v.option.TLS {
|
||||||
wsOpts.TLS = true
|
wsOpts.TLS = true
|
||||||
wsOpts.TLSConfig = &tls.Config{
|
wsOpts.TLSConfig = tlsC.MixinTLSConfig(&tls.Config{
|
||||||
MinVersion: tls.VersionTLS12,
|
MinVersion: tls.VersionTLS12,
|
||||||
ServerName: host,
|
ServerName: host,
|
||||||
InsecureSkipVerify: v.option.SkipCertVerify,
|
InsecureSkipVerify: v.option.SkipCertVerify,
|
||||||
NextProtos: []string{"http/1.1"},
|
NextProtos: []string{"http/1.1"},
|
||||||
}
|
})
|
||||||
if v.option.ServerName != "" {
|
if v.option.ServerName != "" {
|
||||||
wsOpts.TLSConfig.ServerName = v.option.ServerName
|
wsOpts.TLSConfig.ServerName = v.option.ServerName
|
||||||
} else if host := wsOpts.Headers.Get("Host"); host != "" {
|
} else if host := wsOpts.Headers.Get("Host"); host != "" {
|
||||||
|
@ -436,10 +437,10 @@ func NewVless(option VlessOption) (*Vless, error) {
|
||||||
ServiceName: v.option.GrpcOpts.GrpcServiceName,
|
ServiceName: v.option.GrpcOpts.GrpcServiceName,
|
||||||
Host: v.option.ServerName,
|
Host: v.option.ServerName,
|
||||||
}
|
}
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := tlsC.MixinTLSConfig(&tls.Config{
|
||||||
InsecureSkipVerify: v.option.SkipCertVerify,
|
InsecureSkipVerify: v.option.SkipCertVerify,
|
||||||
ServerName: v.option.ServerName,
|
ServerName: v.option.ServerName,
|
||||||
}
|
})
|
||||||
|
|
||||||
if v.option.ServerName == "" {
|
if v.option.ServerName == "" {
|
||||||
host, _, _ := net.SplitHostPort(v.addr)
|
host, _, _ := net.SplitHostPort(v.addr)
|
||||||
|
|
|
@ -5,13 +5,13 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
tlsC "github.com/Dreamacro/clash/common/tls"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/Dreamacro/clash/common/convert"
|
|
||||||
"github.com/Dreamacro/clash/component/dialer"
|
"github.com/Dreamacro/clash/component/dialer"
|
||||||
"github.com/Dreamacro/clash/component/resolver"
|
"github.com/Dreamacro/clash/component/resolver"
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
|
@ -100,21 +100,16 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
|
||||||
|
|
||||||
if v.option.TLS {
|
if v.option.TLS {
|
||||||
wsOpts.TLS = true
|
wsOpts.TLS = true
|
||||||
wsOpts.TLSConfig = &tls.Config{
|
wsOpts.TLSConfig = tlsC.MixinTLSConfig(&tls.Config{
|
||||||
ServerName: host,
|
ServerName: host,
|
||||||
InsecureSkipVerify: v.option.SkipCertVerify,
|
InsecureSkipVerify: v.option.SkipCertVerify,
|
||||||
NextProtos: []string{"http/1.1"},
|
NextProtos: []string{"http/1.1"},
|
||||||
}
|
})
|
||||||
if v.option.ServerName != "" {
|
if v.option.ServerName != "" {
|
||||||
wsOpts.TLSConfig.ServerName = v.option.ServerName
|
wsOpts.TLSConfig.ServerName = v.option.ServerName
|
||||||
} else if host := wsOpts.Headers.Get("Host"); host != "" {
|
} else if host := wsOpts.Headers.Get("Host"); host != "" {
|
||||||
wsOpts.TLSConfig.ServerName = host
|
wsOpts.TLSConfig.ServerName = host
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
if host := wsOpts.Headers.Get("Host"); host == "" {
|
|
||||||
wsOpts.Headers.Set("Host", convert.RandHost())
|
|
||||||
convert.SetUserAgent(wsOpts.Headers)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
c, err = clashVMess.StreamWebsocketConn(c, wsOpts)
|
c, err = clashVMess.StreamWebsocketConn(c, wsOpts)
|
||||||
case "http":
|
case "http":
|
||||||
|
|
80
common/tls/config.go
Normal file
80
common/tls/config.go
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
package tls
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"crypto/sha256"
|
||||||
|
"crypto/tls"
|
||||||
|
"crypto/x509"
|
||||||
|
"encoding/hex"
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
var fingerprints [][32]byte
|
||||||
|
var rwLock sync.Mutex
|
||||||
|
var defaultTLSConfig = &tls.Config{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
VerifyPeerCertificate: verifyPeerCertificate,
|
||||||
|
}
|
||||||
|
var verifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
|
||||||
|
fingerprints := fingerprints
|
||||||
|
|
||||||
|
var preErr error
|
||||||
|
for i := range rawCerts {
|
||||||
|
rawCert := rawCerts[i]
|
||||||
|
cert, err := x509.ParseCertificate(rawCert)
|
||||||
|
if err == nil {
|
||||||
|
opts := x509.VerifyOptions{
|
||||||
|
CurrentTime: time.Now(),
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err := cert.Verify(opts); err == nil {
|
||||||
|
return nil
|
||||||
|
} else {
|
||||||
|
fingerprint := sha256.Sum256(cert.Raw)
|
||||||
|
for _, fp := range fingerprints {
|
||||||
|
if bytes.Equal(fingerprint[:], fp[:]) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
preErr = err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return preErr
|
||||||
|
}
|
||||||
|
|
||||||
|
func AddCertFingerprint(fingerprint string) error {
|
||||||
|
fp := strings.Replace(fingerprint, ":", "", -1)
|
||||||
|
fpByte, err := hex.DecodeString(fp)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(fpByte) != 32 {
|
||||||
|
return fmt.Errorf("fingerprint string length error,need sha25 fingerprint")
|
||||||
|
}
|
||||||
|
|
||||||
|
rwLock.Lock()
|
||||||
|
fingerprints = append(fingerprints, *(*[32]byte)(fpByte))
|
||||||
|
rwLock.Unlock()
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetDefaultTLSConfig() *tls.Config {
|
||||||
|
return defaultTLSConfig
|
||||||
|
}
|
||||||
|
|
||||||
|
func MixinTLSConfig(tlsConfig *tls.Config) *tls.Config {
|
||||||
|
if tlsConfig == nil {
|
||||||
|
return GetDefaultTLSConfig()
|
||||||
|
}
|
||||||
|
|
||||||
|
tlsConfig.InsecureSkipVerify = true
|
||||||
|
tlsConfig.VerifyPeerCertificate = verifyPeerCertificate
|
||||||
|
return tlsConfig
|
||||||
|
}
|
|
@ -2,6 +2,7 @@ package http
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"github.com/Dreamacro/clash/common/tls"
|
||||||
"github.com/Dreamacro/clash/listener/inner"
|
"github.com/Dreamacro/clash/listener/inner"
|
||||||
"github.com/Dreamacro/clash/log"
|
"github.com/Dreamacro/clash/log"
|
||||||
"io"
|
"io"
|
||||||
|
@ -56,6 +57,7 @@ func HttpRequest(ctx context.Context, url, method string, header map[string][]st
|
||||||
conn := inner.HandleTcp(address, urlRes.Hostname())
|
conn := inner.HandleTcp(address, urlRes.Hostname())
|
||||||
return conn, nil
|
return conn, nil
|
||||||
},
|
},
|
||||||
|
TLSClientConfig: tls.GetDefaultTLSConfig(),
|
||||||
}
|
}
|
||||||
|
|
||||||
client := http.Client{Transport: transport}
|
client := http.Client{Transport: transport}
|
||||||
|
|
|
@ -136,7 +136,9 @@ type Sniffer struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Experimental config
|
// Experimental config
|
||||||
type Experimental struct{}
|
type Experimental struct {
|
||||||
|
Fingerprints []string `yaml:"fingerprints"`
|
||||||
|
}
|
||||||
|
|
||||||
// Config is clash config manager
|
// Config is clash config manager
|
||||||
type Config struct {
|
type Config struct {
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
tlsC "github.com/Dreamacro/clash/common/tls"
|
||||||
"go.uber.org/atomic"
|
"go.uber.org/atomic"
|
||||||
"net"
|
"net"
|
||||||
"net/netip"
|
"net/netip"
|
||||||
|
@ -77,7 +78,7 @@ func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (*D.Msg, error)
|
||||||
ch := make(chan result, 1)
|
ch := make(chan result, 1)
|
||||||
go func() {
|
go func() {
|
||||||
if strings.HasSuffix(c.Client.Net, "tls") {
|
if strings.HasSuffix(c.Client.Net, "tls") {
|
||||||
conn = tls.Client(conn, c.Client.TLSConfig)
|
conn = tls.Client(conn, tlsC.MixinTLSConfig(c.Client.TLSConfig))
|
||||||
}
|
}
|
||||||
|
|
||||||
msg, _, err := c.Client.ExchangeWithConn(m, &D.Conn{
|
msg, _, err := c.Client.ExchangeWithConn(m, &D.Conn{
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
|
tls2 "github.com/Dreamacro/clash/common/tls"
|
||||||
"github.com/Dreamacro/clash/component/dialer"
|
"github.com/Dreamacro/clash/component/dialer"
|
||||||
"github.com/Dreamacro/clash/component/resolver"
|
"github.com/Dreamacro/clash/component/resolver"
|
||||||
"github.com/lucas-clemente/quic-go"
|
"github.com/lucas-clemente/quic-go"
|
||||||
|
@ -119,6 +120,7 @@ func newDohTransport(r *Resolver, preferH3 bool, proxyAdapter string) *dohTransp
|
||||||
return dialContextExtra(ctx, proxyAdapter, "tcp", ip, port)
|
return dialContextExtra(ctx, proxyAdapter, "tcp", ip, port)
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
TLSClientConfig: tls2.GetDefaultTLSConfig(),
|
||||||
},
|
},
|
||||||
preferH3: preferH3,
|
preferH3: preferH3,
|
||||||
}
|
}
|
||||||
|
@ -156,6 +158,7 @@ func newDohTransport(r *Resolver, preferH3 bool, proxyAdapter string) *dohTransp
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
TLSClientConfig: tls2.GetDefaultTLSConfig(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
17
dns/doq.go
17
dns/doq.go
|
@ -5,6 +5,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
tlsC "github.com/Dreamacro/clash/common/tls"
|
||||||
"github.com/Dreamacro/clash/component/dialer"
|
"github.com/Dreamacro/clash/component/dialer"
|
||||||
"github.com/Dreamacro/clash/component/resolver"
|
"github.com/Dreamacro/clash/component/resolver"
|
||||||
"github.com/lucas-clemente/quic-go"
|
"github.com/lucas-clemente/quic-go"
|
||||||
|
@ -128,13 +129,15 @@ func (dc *quicClient) getSession(ctx context.Context) (quic.Connection, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (dc *quicClient) openSession(ctx context.Context) (quic.Connection, error) {
|
func (dc *quicClient) openSession(ctx context.Context) (quic.Connection, error) {
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := tlsC.MixinTLSConfig(
|
||||||
InsecureSkipVerify: false,
|
&tls.Config{
|
||||||
NextProtos: []string{
|
InsecureSkipVerify: false,
|
||||||
NextProtoDQ,
|
NextProtos: []string{
|
||||||
},
|
NextProtoDQ,
|
||||||
SessionTicketsDisabled: false,
|
},
|
||||||
}
|
SessionTicketsDisabled: false,
|
||||||
|
})
|
||||||
|
|
||||||
quicConfig := &quic.Config{
|
quicConfig := &quic.Config{
|
||||||
ConnectionIDLength: 12,
|
ConnectionIDLength: 12,
|
||||||
HandshakeIdleTimeout: time.Second * 8,
|
HandshakeIdleTimeout: time.Second * 8,
|
||||||
|
|
|
@ -25,7 +25,12 @@ external-ui: /path/to/ui/folder # 配置WEB UI目录,使用http://{{external-c
|
||||||
# interface-name: en0 # 设置出口网卡
|
# interface-name: en0 # 设置出口网卡
|
||||||
|
|
||||||
# routing-mark: 6666 # 配置fwmark 仅用于Linux
|
# routing-mark: 6666 # 配置fwmark 仅用于Linux
|
||||||
|
experimental:
|
||||||
|
# 具体配置待定
|
||||||
|
# 证书指纹,SHA256格式,补充校验TLS证书
|
||||||
|
# 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取
|
||||||
|
fingerprints:
|
||||||
|
- "8F:11:1F:A9:AD:3C:D8:E9:17:A1:18:52:2C:AC:39:EA:33:74:1B:3B:BE:73:F9:1C:EC:E5:48:D5:CC:B0:E5:E8"
|
||||||
# 类似于/etc/hosts, 仅支持配置单个IP
|
# 类似于/etc/hosts, 仅支持配置单个IP
|
||||||
hosts:
|
hosts:
|
||||||
# '*.clash.dev': 127.0.0.1
|
# '*.clash.dev': 127.0.0.1
|
||||||
|
|
|
@ -2,6 +2,7 @@ package executor
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/Dreamacro/clash/common/tls"
|
||||||
"github.com/Dreamacro/clash/listener/inner"
|
"github.com/Dreamacro/clash/listener/inner"
|
||||||
"net/netip"
|
"net/netip"
|
||||||
"os"
|
"os"
|
||||||
|
@ -72,7 +73,7 @@ func ParseWithBytes(buf []byte) (*config.Config, error) {
|
||||||
func ApplyConfig(cfg *config.Config, force bool) {
|
func ApplyConfig(cfg *config.Config, force bool) {
|
||||||
mux.Lock()
|
mux.Lock()
|
||||||
defer mux.Unlock()
|
defer mux.Unlock()
|
||||||
|
preUpdateExperimental(cfg)
|
||||||
updateUsers(cfg.Users)
|
updateUsers(cfg.Users)
|
||||||
updateProxies(cfg.Proxies, cfg.Providers)
|
updateProxies(cfg.Proxies, cfg.Providers)
|
||||||
updateRules(cfg.Rules, cfg.RuleProviders)
|
updateRules(cfg.Rules, cfg.RuleProviders)
|
||||||
|
@ -134,6 +135,14 @@ func updateExperimental(c *config.Config) {
|
||||||
runtime.GC()
|
runtime.GC()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func preUpdateExperimental(c *config.Config) {
|
||||||
|
for _, fingerprint := range c.Experimental.Fingerprints {
|
||||||
|
if err := tls.AddCertFingerprint(fingerprint); err != nil {
|
||||||
|
log.Warnln("fingerprint[%s] is err, %s", fingerprint, err.Error())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func updateDNS(c *config.DNS, generalIPv6 bool) {
|
func updateDNS(c *config.DNS, generalIPv6 bool) {
|
||||||
if !c.Enable {
|
if !c.Enable {
|
||||||
resolver.DisableIPv6 = !generalIPv6
|
resolver.DisableIPv6 = !generalIPv6
|
||||||
|
|
|
@ -3,6 +3,7 @@ package vmess
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
|
tlsC "github.com/Dreamacro/clash/common/tls"
|
||||||
"net"
|
"net"
|
||||||
|
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
|
@ -15,11 +16,11 @@ type TLSConfig struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
|
func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := tlsC.MixinTLSConfig(&tls.Config{
|
||||||
ServerName: cfg.Host,
|
ServerName: cfg.Host,
|
||||||
InsecureSkipVerify: cfg.SkipCertVerify,
|
InsecureSkipVerify: cfg.SkipCertVerify,
|
||||||
NextProtos: cfg.NextProtos,
|
NextProtos: cfg.NextProtos,
|
||||||
}
|
})
|
||||||
|
|
||||||
tlsConn := tls.Client(conn, tlsConfig)
|
tlsConn := tls.Client(conn, tlsConfig)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue