From fbabcfce94bf33bdd084df117c64e8cf12bf26c1 Mon Sep 17 00:00:00 2001 From: Skyxim Date: Tue, 12 Jul 2022 14:32:34 +0800 Subject: [PATCH] fix: CA params convert to fingerprint --- adapter/outbound/hysteria.go | 48 ++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/adapter/outbound/hysteria.go b/adapter/outbound/hysteria.go index 4d45654a..a67d9194 100644 --- a/adapter/outbound/hysteria.go +++ b/adapter/outbound/hysteria.go @@ -2,14 +2,17 @@ package outbound import ( "context" + "crypto/sha256" "crypto/tls" - "crypto/x509" + "encoding/hex" + "encoding/pem" "fmt" tlsC "github.com/Dreamacro/clash/component/tls" "github.com/Dreamacro/clash/transport/hysteria/core" "github.com/Dreamacro/clash/transport/hysteria/obfs" "github.com/Dreamacro/clash/transport/hysteria/pmtud_fix" "github.com/Dreamacro/clash/transport/hysteria/transport" + "github.com/lucas-clemente/quic-go" "io/ioutil" "net" "regexp" @@ -20,7 +23,6 @@ import ( C "github.com/Dreamacro/clash/constant" "github.com/Dreamacro/clash/log" hyCongestion "github.com/Dreamacro/clash/transport/hysteria/congestion" - "github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go/congestion" M "github.com/sagernet/sing/common/metadata" ) @@ -129,6 +131,30 @@ func NewHysteria(option HysteriaOption) (*Hysteria, error) { InsecureSkipVerify: option.SkipCertVerify, MinVersion: tls.VersionTLS13, } + + var bs []byte + var err error + if len(option.CustomCA) > 0 { + bs, err = ioutil.ReadFile(option.CustomCA) + if err != nil { + return nil, fmt.Errorf("hysteria %s load ca error: %w", addr, err) + } + } else if option.CustomCAString != "" { + bs = []byte(option.CustomCAString) + } + + if len(bs) > 0 { + block, _ := pem.Decode(bs) + if block == nil { + return nil, fmt.Errorf("CA cert is not PEM") + } + + fpBytes := sha256.Sum256(block.Bytes) + if len(option.Fingerprint) == 0 { + option.Fingerprint = hex.EncodeToString(fpBytes[:]) + } + } + if len(option.Fingerprint) != 0 { var err error tlsConfig, err = tlsC.GetSpecifiedFingerprintTLSConfig(tlsConfig, option.Fingerprint) @@ -144,23 +170,7 @@ func NewHysteria(option HysteriaOption) (*Hysteria, error) { } else { tlsConfig.NextProtos = []string{DefaultALPN} } - if len(option.CustomCA) > 0 { - bs, err := ioutil.ReadFile(option.CustomCA) - if err != nil { - return nil, fmt.Errorf("hysteria %s load ca error: %w", addr, err) - } - cp := x509.NewCertPool() - if !cp.AppendCertsFromPEM(bs) { - return nil, fmt.Errorf("hysteria %s failed to parse ca_str", addr) - } - tlsConfig.RootCAs = cp - } else if option.CustomCAString != "" { - cp := x509.NewCertPool() - if !cp.AppendCertsFromPEM([]byte(option.CustomCAString)) { - return nil, fmt.Errorf("hysteria %s failed to parse ca_str", addr) - } - tlsConfig.RootCAs = cp - } + quicConfig := &quic.Config{ InitialStreamReceiveWindow: uint64(option.ReceiveWindowConn), MaxStreamReceiveWindow: uint64(option.ReceiveWindowConn),