fix: skip-cert-verify not work

This commit is contained in:
Skyxim 2022-07-11 12:37:27 +08:00
parent dbce268692
commit ab8e9e7d7a
13 changed files with 24 additions and 21 deletions

View file

@ -7,7 +7,7 @@ import (
"encoding/base64" "encoding/base64"
"errors" "errors"
"fmt" "fmt"
tlsC "github.com/Dreamacro/clash/common/tls" tlsC "github.com/Dreamacro/clash/component/tls"
"io" "io"
"net" "net"
"net/http" "net/http"

View file

@ -5,7 +5,7 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"fmt" "fmt"
tlsC "github.com/Dreamacro/clash/common/tls" tlsC "github.com/Dreamacro/clash/component/tls"
"github.com/Dreamacro/clash/transport/hysteria/core" "github.com/Dreamacro/clash/transport/hysteria/core"
"github.com/Dreamacro/clash/transport/hysteria/obfs" "github.com/Dreamacro/clash/transport/hysteria/obfs"
"github.com/Dreamacro/clash/transport/hysteria/pmtud_fix" "github.com/Dreamacro/clash/transport/hysteria/pmtud_fix"

View file

@ -5,7 +5,7 @@ import (
"crypto/tls" "crypto/tls"
"errors" "errors"
"fmt" "fmt"
tlsC "github.com/Dreamacro/clash/common/tls" tlsC "github.com/Dreamacro/clash/component/tls"
"io" "io"
"net" "net"
"strconv" "strconv"

View file

@ -4,7 +4,7 @@ import (
"context" "context"
"crypto/tls" "crypto/tls"
"fmt" "fmt"
tlsC "github.com/Dreamacro/clash/common/tls" tlsC "github.com/Dreamacro/clash/component/tls"
"net" "net"
"net/http" "net/http"
"strconv" "strconv"

View file

@ -7,7 +7,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"github.com/Dreamacro/clash/common/convert" "github.com/Dreamacro/clash/common/convert"
tlsC "github.com/Dreamacro/clash/common/tls" tlsC "github.com/Dreamacro/clash/component/tls"
"io" "io"
"net" "net"
"net/http" "net/http"

View file

@ -5,7 +5,7 @@ import (
"crypto/tls" "crypto/tls"
"errors" "errors"
"fmt" "fmt"
tlsC "github.com/Dreamacro/clash/common/tls" tlsC "github.com/Dreamacro/clash/component/tls"
"net" "net"
"net/http" "net/http"
"strconv" "strconv"

View file

@ -2,7 +2,7 @@ package http
import ( import (
"context" "context"
"github.com/Dreamacro/clash/common/tls" "github.com/Dreamacro/clash/component/tls"
"github.com/Dreamacro/clash/listener/inner" "github.com/Dreamacro/clash/listener/inner"
"github.com/Dreamacro/clash/log" "github.com/Dreamacro/clash/log"
"io" "io"

View file

@ -15,8 +15,11 @@ import (
var globalFingerprints [][32]byte var globalFingerprints [][32]byte
var mutex sync.Mutex var mutex sync.Mutex
func verifyPeerCertificateAndFingerprints(fingerprints [][32]byte) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { func verifyPeerCertificateAndFingerprints(fingerprints [][32]byte, insecureSkipVerify bool) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
if insecureSkipVerify {
return nil
}
var preErr error var preErr error
for i := range rawCerts { for i := range rawCerts {
@ -72,10 +75,7 @@ func convertFingerprint(fingerprint string) (*[32]byte, error) {
} }
func GetDefaultTLSConfig() *tls.Config { func GetDefaultTLSConfig() *tls.Config {
return &tls.Config{ return MixinTLSConfig(nil)
InsecureSkipVerify: true,
VerifyPeerCertificate: verifyPeerCertificateAndFingerprints(globalFingerprints),
}
} }
// GetTLSConfigWithSpecifiedFingerprint specified fingerprint // GetTLSConfigWithSpecifiedFingerprint specified fingerprint
@ -86,11 +86,11 @@ func GetTLSConfigWithSpecifiedFingerprint(tlsConfig *tls.Config, fingerprint str
if tlsConfig == nil { if tlsConfig == nil {
return &tls.Config{ return &tls.Config{
InsecureSkipVerify: true, InsecureSkipVerify: true,
VerifyPeerCertificate: verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes}), VerifyPeerCertificate: verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes}, false),
}, nil }, nil
} else { } else {
tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes}, tlsConfig.InsecureSkipVerify)
tlsConfig.InsecureSkipVerify = true tlsConfig.InsecureSkipVerify = true
tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes})
return tlsConfig, nil return tlsConfig, nil
} }
} }
@ -98,10 +98,13 @@ func GetTLSConfigWithSpecifiedFingerprint(tlsConfig *tls.Config, fingerprint str
func MixinTLSConfig(tlsConfig *tls.Config) *tls.Config { func MixinTLSConfig(tlsConfig *tls.Config) *tls.Config {
if tlsConfig == nil { if tlsConfig == nil {
return GetDefaultTLSConfig() return &tls.Config{
InsecureSkipVerify: true,
VerifyPeerCertificate: verifyPeerCertificateAndFingerprints(globalFingerprints, false),
}
} }
tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints(globalFingerprints, tlsConfig.InsecureSkipVerify)
tlsConfig.InsecureSkipVerify = true tlsConfig.InsecureSkipVerify = true
tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints(globalFingerprints)
return tlsConfig return tlsConfig
} }

View file

@ -4,7 +4,7 @@ import (
"context" "context"
"crypto/tls" "crypto/tls"
"fmt" "fmt"
tlsC "github.com/Dreamacro/clash/common/tls" tlsC "github.com/Dreamacro/clash/component/tls"
"go.uber.org/atomic" "go.uber.org/atomic"
"net" "net"
"net/netip" "net/netip"

View file

@ -4,9 +4,9 @@ import (
"bytes" "bytes"
"context" "context"
"crypto/tls" "crypto/tls"
tls2 "github.com/Dreamacro/clash/common/tls"
"github.com/Dreamacro/clash/component/dialer" "github.com/Dreamacro/clash/component/dialer"
"github.com/Dreamacro/clash/component/resolver" "github.com/Dreamacro/clash/component/resolver"
tls2 "github.com/Dreamacro/clash/component/tls"
"github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go"
"github.com/lucas-clemente/quic-go/http3" "github.com/lucas-clemente/quic-go/http3"
D "github.com/miekg/dns" D "github.com/miekg/dns"

View file

@ -5,9 +5,9 @@ import (
"context" "context"
"crypto/tls" "crypto/tls"
"fmt" "fmt"
tlsC "github.com/Dreamacro/clash/common/tls"
"github.com/Dreamacro/clash/component/dialer" "github.com/Dreamacro/clash/component/dialer"
"github.com/Dreamacro/clash/component/resolver" "github.com/Dreamacro/clash/component/resolver"
tlsC "github.com/Dreamacro/clash/component/tls"
"github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go"
"net" "net"
"strconv" "strconv"

View file

@ -2,7 +2,7 @@ package executor
import ( import (
"fmt" "fmt"
"github.com/Dreamacro/clash/common/tls" "github.com/Dreamacro/clash/component/tls"
"github.com/Dreamacro/clash/listener/inner" "github.com/Dreamacro/clash/listener/inner"
"net/netip" "net/netip"
"os" "os"

View file

@ -3,7 +3,7 @@ package vmess
import ( import (
"context" "context"
"crypto/tls" "crypto/tls"
tlsC "github.com/Dreamacro/clash/common/tls" tlsC "github.com/Dreamacro/clash/component/tls"
"net" "net"
C "github.com/Dreamacro/clash/constant" C "github.com/Dreamacro/clash/constant"