804cff8c55
* fix: skip-cert-verify is true by default * fix: format * fix: typo Co-authored-by: 3andero <3andero@github.com> Co-authored-by: Hellojack <106379370+H1JK@users.noreply.github.com>
42 lines
960 B
Go
42 lines
960 B
Go
package vmess
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"net"
|
|
|
|
tlsC "github.com/Dreamacro/clash/component/tls"
|
|
C "github.com/Dreamacro/clash/constant"
|
|
)
|
|
|
|
type TLSConfig struct {
|
|
Host string
|
|
SkipCertVerify bool
|
|
FingerPrint string
|
|
NextProtos []string
|
|
}
|
|
|
|
func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
|
|
tlsConfig := &tls.Config{
|
|
ServerName: cfg.Host,
|
|
InsecureSkipVerify: cfg.SkipCertVerify,
|
|
NextProtos: cfg.NextProtos,
|
|
}
|
|
|
|
if len(cfg.FingerPrint) == 0 {
|
|
tlsConfig = tlsC.GetGlobalFingerprintTLSConfig(tlsConfig)
|
|
} else {
|
|
var err error
|
|
if tlsConfig, err = tlsC.GetSpecifiedFingerprintTLSConfig(tlsConfig, cfg.FingerPrint); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
tlsConn := tls.Client(conn, tlsConfig)
|
|
|
|
// fix tls handshake not timeout
|
|
ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
|
|
defer cancel()
|
|
err := tlsConn.HandshakeContext(ctx)
|
|
return tlsConn, err
|
|
}
|