feat: REALITY use proxy servername
This commit is contained in:
parent
8ba7ce73d8
commit
921b2c3aa4
3 changed files with 26 additions and 34 deletions
|
@ -11,31 +11,25 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type RealityOptions struct {
|
type RealityOptions struct {
|
||||||
ServerName string `proxy:"server-name"`
|
PublicKey string `proxy:"public-key"`
|
||||||
PublicKey string `proxy:"public-key"`
|
ShortID string `proxy:"short-id"`
|
||||||
ShortID string `proxy:"short-id"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (o RealityOptions) Parse() (*tlsC.RealityConfig, error) {
|
func (o RealityOptions) Parse() (*tlsC.RealityConfig, error) {
|
||||||
if o.PublicKey != "" || o.ServerName != "" {
|
if o.PublicKey != "" {
|
||||||
if o.PublicKey != "" && o.ServerName != "" {
|
config := new(tlsC.RealityConfig)
|
||||||
config := new(tlsC.RealityConfig)
|
|
||||||
|
|
||||||
n, err := base64.RawURLEncoding.Decode(config.PublicKey[:], []byte(o.PublicKey))
|
n, err := base64.RawURLEncoding.Decode(config.PublicKey[:], []byte(o.PublicKey))
|
||||||
if err != nil || n != curve25519.ScalarSize {
|
if err != nil || n != curve25519.ScalarSize {
|
||||||
return nil, errors.New("invalid REALITY public key")
|
return nil, errors.New("invalid REALITY public key")
|
||||||
}
|
|
||||||
|
|
||||||
config.ShortID, err = hex.DecodeString(o.ShortID)
|
|
||||||
if err != nil {
|
|
||||||
return nil, errors.New("invalid REALITY short ID")
|
|
||||||
}
|
|
||||||
|
|
||||||
config.ServerName = o.ServerName
|
|
||||||
|
|
||||||
return config, nil
|
|
||||||
}
|
}
|
||||||
return nil, errors.New("invalid REALITY protocol option")
|
|
||||||
|
config.ShortID, err = hex.DecodeString(o.ShortID)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.New("invalid REALITY short ID")
|
||||||
|
}
|
||||||
|
|
||||||
|
return config, nil
|
||||||
}
|
}
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,21 +30,21 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type RealityConfig struct {
|
type RealityConfig struct {
|
||||||
ServerName string
|
PublicKey [curve25519.ScalarSize]byte
|
||||||
PublicKey [curve25519.ScalarSize]byte
|
ShortID []byte
|
||||||
ShortID []byte
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config, realityConfig *RealityConfig) (net.Conn, error) {
|
func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config, realityConfig *RealityConfig) (net.Conn, error) {
|
||||||
if fingerprint, exists := GetFingerprint(ClientFingerprint); exists {
|
if fingerprint, exists := GetFingerprint(ClientFingerprint); exists {
|
||||||
verifier := &realityVerifier{
|
verifier := &realityVerifier{
|
||||||
serverName: realityConfig.ServerName,
|
serverName: tlsConfig.ServerName,
|
||||||
|
}
|
||||||
|
uConfig := &utls.Config{
|
||||||
|
ServerName: tlsConfig.ServerName,
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
SessionTicketsDisabled: true,
|
||||||
|
VerifyPeerCertificate: verifier.VerifyPeerCertificate,
|
||||||
}
|
}
|
||||||
uConfig := copyConfig(tlsConfig)
|
|
||||||
uConfig.ServerName = realityConfig.ServerName
|
|
||||||
uConfig.InsecureSkipVerify = true
|
|
||||||
uConfig.SessionTicketsDisabled = true
|
|
||||||
uConfig.VerifyPeerCertificate = verifier.VerifyPeerCertificate
|
|
||||||
clientID := utls.ClientHelloID{
|
clientID := utls.ClientHelloID{
|
||||||
Client: fingerprint.Client,
|
Client: fingerprint.Client,
|
||||||
Version: fingerprint.Version,
|
Version: fingerprint.Version,
|
||||||
|
|
|
@ -451,13 +451,11 @@ proxies: # socks5
|
||||||
udp: true
|
udp: true
|
||||||
xudp: true
|
xudp: true
|
||||||
flow: xtls-rprx-vision
|
flow: xtls-rprx-vision
|
||||||
|
servername: www.microsoft.com # REALITY servername
|
||||||
reality-opts:
|
reality-opts:
|
||||||
server-name: www.microsoft.com
|
|
||||||
public-key: xxx
|
public-key: xxx
|
||||||
short-id: xxx
|
short-id: xxx # optional
|
||||||
client-fingerprint: chrome
|
client-fingerprint: chrome # cannot be empty
|
||||||
# fingerprint: xxxx
|
|
||||||
# skip-cert-verify: true
|
|
||||||
|
|
||||||
- name: "vless-ws"
|
- name: "vless-ws"
|
||||||
type: vless
|
type: vless
|
||||||
|
|
Loading…
Reference in a new issue