From ab8e9e7d7a9b36257403246e27ba4734b8108c7a Mon Sep 17 00:00:00 2001 From: Skyxim Date: Mon, 11 Jul 2022 12:37:27 +0800 Subject: [PATCH] fix: skip-cert-verify not work --- adapter/outbound/http.go | 2 +- adapter/outbound/hysteria.go | 2 +- adapter/outbound/socks5.go | 2 +- adapter/outbound/trojan.go | 2 +- adapter/outbound/vless.go | 2 +- adapter/outbound/vmess.go | 2 +- component/http/http.go | 2 +- {common => component}/tls/config.go | 21 ++++++++++++--------- dns/client.go | 2 +- dns/doh.go | 2 +- dns/doq.go | 2 +- hub/executor/executor.go | 2 +- transport/vmess/tls.go | 2 +- 13 files changed, 24 insertions(+), 21 deletions(-) rename {common => component}/tls/config.go (82%) diff --git a/adapter/outbound/http.go b/adapter/outbound/http.go index 6cd2fa91..6361f7ba 100644 --- a/adapter/outbound/http.go +++ b/adapter/outbound/http.go @@ -7,7 +7,7 @@ import ( "encoding/base64" "errors" "fmt" - tlsC "github.com/Dreamacro/clash/common/tls" + tlsC "github.com/Dreamacro/clash/component/tls" "io" "net" "net/http" diff --git a/adapter/outbound/hysteria.go b/adapter/outbound/hysteria.go index aaaac2d4..0635ffac 100644 --- a/adapter/outbound/hysteria.go +++ b/adapter/outbound/hysteria.go @@ -5,7 +5,7 @@ import ( "crypto/tls" "crypto/x509" "fmt" - tlsC "github.com/Dreamacro/clash/common/tls" + tlsC "github.com/Dreamacro/clash/component/tls" "github.com/Dreamacro/clash/transport/hysteria/core" "github.com/Dreamacro/clash/transport/hysteria/obfs" "github.com/Dreamacro/clash/transport/hysteria/pmtud_fix" diff --git a/adapter/outbound/socks5.go b/adapter/outbound/socks5.go index f0bee502..ac49dd8c 100644 --- a/adapter/outbound/socks5.go +++ b/adapter/outbound/socks5.go @@ -5,7 +5,7 @@ import ( "crypto/tls" "errors" "fmt" - tlsC "github.com/Dreamacro/clash/common/tls" + tlsC "github.com/Dreamacro/clash/component/tls" "io" "net" "strconv" diff --git a/adapter/outbound/trojan.go b/adapter/outbound/trojan.go index 692c9a99..43165e2b 100644 --- a/adapter/outbound/trojan.go +++ b/adapter/outbound/trojan.go @@ -4,7 +4,7 @@ import ( "context" "crypto/tls" "fmt" - tlsC "github.com/Dreamacro/clash/common/tls" + tlsC "github.com/Dreamacro/clash/component/tls" "net" "net/http" "strconv" diff --git a/adapter/outbound/vless.go b/adapter/outbound/vless.go index 1de979ef..4ca732d0 100644 --- a/adapter/outbound/vless.go +++ b/adapter/outbound/vless.go @@ -7,7 +7,7 @@ import ( "errors" "fmt" "github.com/Dreamacro/clash/common/convert" - tlsC "github.com/Dreamacro/clash/common/tls" + tlsC "github.com/Dreamacro/clash/component/tls" "io" "net" "net/http" diff --git a/adapter/outbound/vmess.go b/adapter/outbound/vmess.go index 6df62ab7..b600825e 100644 --- a/adapter/outbound/vmess.go +++ b/adapter/outbound/vmess.go @@ -5,7 +5,7 @@ import ( "crypto/tls" "errors" "fmt" - tlsC "github.com/Dreamacro/clash/common/tls" + tlsC "github.com/Dreamacro/clash/component/tls" "net" "net/http" "strconv" diff --git a/component/http/http.go b/component/http/http.go index 41041775..6a11258b 100644 --- a/component/http/http.go +++ b/component/http/http.go @@ -2,7 +2,7 @@ package http import ( "context" - "github.com/Dreamacro/clash/common/tls" + "github.com/Dreamacro/clash/component/tls" "github.com/Dreamacro/clash/listener/inner" "github.com/Dreamacro/clash/log" "io" diff --git a/common/tls/config.go b/component/tls/config.go similarity index 82% rename from common/tls/config.go rename to component/tls/config.go index c19b0179..c22ee23e 100644 --- a/common/tls/config.go +++ b/component/tls/config.go @@ -15,8 +15,11 @@ import ( var globalFingerprints [][32]byte var mutex sync.Mutex -func verifyPeerCertificateAndFingerprints(fingerprints [][32]byte) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { +func verifyPeerCertificateAndFingerprints(fingerprints [][32]byte, insecureSkipVerify bool) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { + if insecureSkipVerify { + return nil + } var preErr error for i := range rawCerts { @@ -72,10 +75,7 @@ func convertFingerprint(fingerprint string) (*[32]byte, error) { } func GetDefaultTLSConfig() *tls.Config { - return &tls.Config{ - InsecureSkipVerify: true, - VerifyPeerCertificate: verifyPeerCertificateAndFingerprints(globalFingerprints), - } + return MixinTLSConfig(nil) } // GetTLSConfigWithSpecifiedFingerprint specified fingerprint @@ -86,11 +86,11 @@ func GetTLSConfigWithSpecifiedFingerprint(tlsConfig *tls.Config, fingerprint str if tlsConfig == nil { return &tls.Config{ InsecureSkipVerify: true, - VerifyPeerCertificate: verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes}), + VerifyPeerCertificate: verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes}, false), }, nil } else { + tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes}, tlsConfig.InsecureSkipVerify) tlsConfig.InsecureSkipVerify = true - tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes}) return tlsConfig, nil } } @@ -98,10 +98,13 @@ func GetTLSConfigWithSpecifiedFingerprint(tlsConfig *tls.Config, fingerprint str func MixinTLSConfig(tlsConfig *tls.Config) *tls.Config { if tlsConfig == nil { - return GetDefaultTLSConfig() + return &tls.Config{ + InsecureSkipVerify: true, + VerifyPeerCertificate: verifyPeerCertificateAndFingerprints(globalFingerprints, false), + } } + tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints(globalFingerprints, tlsConfig.InsecureSkipVerify) tlsConfig.InsecureSkipVerify = true - tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints(globalFingerprints) return tlsConfig } diff --git a/dns/client.go b/dns/client.go index 966f5cf8..327839e8 100644 --- a/dns/client.go +++ b/dns/client.go @@ -4,7 +4,7 @@ import ( "context" "crypto/tls" "fmt" - tlsC "github.com/Dreamacro/clash/common/tls" + tlsC "github.com/Dreamacro/clash/component/tls" "go.uber.org/atomic" "net" "net/netip" diff --git a/dns/doh.go b/dns/doh.go index 1ad6046f..ad889ab1 100644 --- a/dns/doh.go +++ b/dns/doh.go @@ -4,9 +4,9 @@ import ( "bytes" "context" "crypto/tls" - tls2 "github.com/Dreamacro/clash/common/tls" "github.com/Dreamacro/clash/component/dialer" "github.com/Dreamacro/clash/component/resolver" + tls2 "github.com/Dreamacro/clash/component/tls" "github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go/http3" D "github.com/miekg/dns" diff --git a/dns/doq.go b/dns/doq.go index 6d4e2fb8..7ed4f54e 100644 --- a/dns/doq.go +++ b/dns/doq.go @@ -5,9 +5,9 @@ import ( "context" "crypto/tls" "fmt" - tlsC "github.com/Dreamacro/clash/common/tls" "github.com/Dreamacro/clash/component/dialer" "github.com/Dreamacro/clash/component/resolver" + tlsC "github.com/Dreamacro/clash/component/tls" "github.com/lucas-clemente/quic-go" "net" "strconv" diff --git a/hub/executor/executor.go b/hub/executor/executor.go index 43bff436..84ec63cf 100644 --- a/hub/executor/executor.go +++ b/hub/executor/executor.go @@ -2,7 +2,7 @@ package executor import ( "fmt" - "github.com/Dreamacro/clash/common/tls" + "github.com/Dreamacro/clash/component/tls" "github.com/Dreamacro/clash/listener/inner" "net/netip" "os" diff --git a/transport/vmess/tls.go b/transport/vmess/tls.go index 871980c1..55fdb777 100644 --- a/transport/vmess/tls.go +++ b/transport/vmess/tls.go @@ -3,7 +3,7 @@ package vmess import ( "context" "crypto/tls" - tlsC "github.com/Dreamacro/clash/common/tls" + tlsC "github.com/Dreamacro/clash/component/tls" "net" C "github.com/Dreamacro/clash/constant"