feat: REALITY use proxy servername

This commit is contained in:
H1JK 2023-03-08 20:28:12 +08:00
parent 8ba7ce73d8
commit 921b2c3aa4
3 changed files with 26 additions and 34 deletions

View file

@ -11,31 +11,25 @@ import (
)
type RealityOptions struct {
ServerName string `proxy:"server-name"`
PublicKey string `proxy:"public-key"`
ShortID string `proxy:"short-id"`
PublicKey string `proxy:"public-key"`
ShortID string `proxy:"short-id"`
}
func (o RealityOptions) Parse() (*tlsC.RealityConfig, error) {
if o.PublicKey != "" || o.ServerName != "" {
if o.PublicKey != "" && o.ServerName != "" {
config := new(tlsC.RealityConfig)
if o.PublicKey != "" {
config := new(tlsC.RealityConfig)
n, err := base64.RawURLEncoding.Decode(config.PublicKey[:], []byte(o.PublicKey))
if err != nil || n != curve25519.ScalarSize {
return nil, errors.New("invalid REALITY public key")
}
config.ShortID, err = hex.DecodeString(o.ShortID)
if err != nil {
return nil, errors.New("invalid REALITY short ID")
}
config.ServerName = o.ServerName
return config, nil
n, err := base64.RawURLEncoding.Decode(config.PublicKey[:], []byte(o.PublicKey))
if err != nil || n != curve25519.ScalarSize {
return nil, errors.New("invalid REALITY public key")
}
return nil, errors.New("invalid REALITY protocol option")
config.ShortID, err = hex.DecodeString(o.ShortID)
if err != nil {
return nil, errors.New("invalid REALITY short ID")
}
return config, nil
}
return nil, nil
}

View file

@ -30,21 +30,21 @@ import (
)
type RealityConfig struct {
ServerName string
PublicKey [curve25519.ScalarSize]byte
ShortID []byte
PublicKey [curve25519.ScalarSize]byte
ShortID []byte
}
func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config, realityConfig *RealityConfig) (net.Conn, error) {
if fingerprint, exists := GetFingerprint(ClientFingerprint); exists {
verifier := &realityVerifier{
serverName: realityConfig.ServerName,
serverName: tlsConfig.ServerName,
}
uConfig := &utls.Config{
ServerName: tlsConfig.ServerName,
InsecureSkipVerify: true,
SessionTicketsDisabled: true,
VerifyPeerCertificate: verifier.VerifyPeerCertificate,
}
uConfig := copyConfig(tlsConfig)
uConfig.ServerName = realityConfig.ServerName
uConfig.InsecureSkipVerify = true
uConfig.SessionTicketsDisabled = true
uConfig.VerifyPeerCertificate = verifier.VerifyPeerCertificate
clientID := utls.ClientHelloID{
Client: fingerprint.Client,
Version: fingerprint.Version,

View file

@ -451,13 +451,11 @@ proxies: # socks5
udp: true
xudp: true
flow: xtls-rprx-vision
servername: www.microsoft.com # REALITY servername
reality-opts:
server-name: www.microsoft.com
public-key: xxx
short-id: xxx
client-fingerprint: chrome
# fingerprint: xxxx
# skip-cert-verify: true
short-id: xxx # optional
client-fingerprint: chrome # cannot be empty
- name: "vless-ws"
type: vless