feat: REALITY use proxy servername
This commit is contained in:
parent
8ba7ce73d8
commit
921b2c3aa4
3 changed files with 26 additions and 34 deletions
|
@ -11,14 +11,12 @@ import (
|
|||
)
|
||||
|
||||
type RealityOptions struct {
|
||||
ServerName string `proxy:"server-name"`
|
||||
PublicKey string `proxy:"public-key"`
|
||||
ShortID string `proxy:"short-id"`
|
||||
}
|
||||
|
||||
func (o RealityOptions) Parse() (*tlsC.RealityConfig, error) {
|
||||
if o.PublicKey != "" || o.ServerName != "" {
|
||||
if o.PublicKey != "" && o.ServerName != "" {
|
||||
if o.PublicKey != "" {
|
||||
config := new(tlsC.RealityConfig)
|
||||
|
||||
n, err := base64.RawURLEncoding.Decode(config.PublicKey[:], []byte(o.PublicKey))
|
||||
|
@ -31,11 +29,7 @@ func (o RealityOptions) Parse() (*tlsC.RealityConfig, error) {
|
|||
return nil, errors.New("invalid REALITY short ID")
|
||||
}
|
||||
|
||||
config.ServerName = o.ServerName
|
||||
|
||||
return config, nil
|
||||
}
|
||||
return nil, errors.New("invalid REALITY protocol option")
|
||||
}
|
||||
return nil, nil
|
||||
}
|
||||
|
|
|
@ -30,7 +30,6 @@ import (
|
|||
)
|
||||
|
||||
type RealityConfig struct {
|
||||
ServerName string
|
||||
PublicKey [curve25519.ScalarSize]byte
|
||||
ShortID []byte
|
||||
}
|
||||
|
@ -38,13 +37,14 @@ type RealityConfig struct {
|
|||
func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config, realityConfig *RealityConfig) (net.Conn, error) {
|
||||
if fingerprint, exists := GetFingerprint(ClientFingerprint); exists {
|
||||
verifier := &realityVerifier{
|
||||
serverName: realityConfig.ServerName,
|
||||
serverName: tlsConfig.ServerName,
|
||||
}
|
||||
uConfig := &utls.Config{
|
||||
ServerName: tlsConfig.ServerName,
|
||||
InsecureSkipVerify: true,
|
||||
SessionTicketsDisabled: true,
|
||||
VerifyPeerCertificate: verifier.VerifyPeerCertificate,
|
||||
}
|
||||
uConfig := copyConfig(tlsConfig)
|
||||
uConfig.ServerName = realityConfig.ServerName
|
||||
uConfig.InsecureSkipVerify = true
|
||||
uConfig.SessionTicketsDisabled = true
|
||||
uConfig.VerifyPeerCertificate = verifier.VerifyPeerCertificate
|
||||
clientID := utls.ClientHelloID{
|
||||
Client: fingerprint.Client,
|
||||
Version: fingerprint.Version,
|
||||
|
|
|
@ -451,13 +451,11 @@ proxies: # socks5
|
|||
udp: true
|
||||
xudp: true
|
||||
flow: xtls-rprx-vision
|
||||
servername: www.microsoft.com # REALITY servername
|
||||
reality-opts:
|
||||
server-name: www.microsoft.com
|
||||
public-key: xxx
|
||||
short-id: xxx
|
||||
client-fingerprint: chrome
|
||||
# fingerprint: xxxx
|
||||
# skip-cert-verify: true
|
||||
short-id: xxx # optional
|
||||
client-fingerprint: chrome # cannot be empty
|
||||
|
||||
- name: "vless-ws"
|
||||
type: vless
|
||||
|
|
Loading…
Reference in a new issue