fix: skip-cert-verify not work

This commit is contained in:
gVisor bot 2022-07-11 12:37:27 +08:00
parent 71322e1f18
commit 27b5ecf3ab
13 changed files with 24 additions and 21 deletions

View File

@ -7,7 +7,7 @@ import (
"encoding/base64"
"errors"
"fmt"
tlsC "github.com/Dreamacro/clash/common/tls"
tlsC "github.com/Dreamacro/clash/component/tls"
"io"
"net"
"net/http"

View File

@ -5,7 +5,7 @@ import (
"crypto/tls"
"crypto/x509"
"fmt"
tlsC "github.com/Dreamacro/clash/common/tls"
tlsC "github.com/Dreamacro/clash/component/tls"
"github.com/Dreamacro/clash/transport/hysteria/core"
"github.com/Dreamacro/clash/transport/hysteria/obfs"
"github.com/Dreamacro/clash/transport/hysteria/pmtud_fix"

View File

@ -5,7 +5,7 @@ import (
"crypto/tls"
"errors"
"fmt"
tlsC "github.com/Dreamacro/clash/common/tls"
tlsC "github.com/Dreamacro/clash/component/tls"
"io"
"net"
"strconv"

View File

@ -4,7 +4,7 @@ import (
"context"
"crypto/tls"
"fmt"
tlsC "github.com/Dreamacro/clash/common/tls"
tlsC "github.com/Dreamacro/clash/component/tls"
"net"
"net/http"
"strconv"

View File

@ -7,7 +7,7 @@ import (
"errors"
"fmt"
"github.com/Dreamacro/clash/common/convert"
tlsC "github.com/Dreamacro/clash/common/tls"
tlsC "github.com/Dreamacro/clash/component/tls"
"io"
"net"
"net/http"

View File

@ -5,7 +5,7 @@ import (
"crypto/tls"
"errors"
"fmt"
tlsC "github.com/Dreamacro/clash/common/tls"
tlsC "github.com/Dreamacro/clash/component/tls"
"net"
"net/http"
"strconv"

View File

@ -2,7 +2,7 @@ package http
import (
"context"
"github.com/Dreamacro/clash/common/tls"
"github.com/Dreamacro/clash/component/tls"
"github.com/Dreamacro/clash/listener/inner"
"github.com/Dreamacro/clash/log"
"io"

View File

@ -15,8 +15,11 @@ import (
var globalFingerprints [][32]byte
var mutex sync.Mutex
func verifyPeerCertificateAndFingerprints(fingerprints [][32]byte) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
func verifyPeerCertificateAndFingerprints(fingerprints [][32]byte, insecureSkipVerify bool) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
if insecureSkipVerify {
return nil
}
var preErr error
for i := range rawCerts {
@ -72,10 +75,7 @@ func convertFingerprint(fingerprint string) (*[32]byte, error) {
}
func GetDefaultTLSConfig() *tls.Config {
return &tls.Config{
InsecureSkipVerify: true,
VerifyPeerCertificate: verifyPeerCertificateAndFingerprints(globalFingerprints),
}
return MixinTLSConfig(nil)
}
// GetTLSConfigWithSpecifiedFingerprint specified fingerprint
@ -86,11 +86,11 @@ func GetTLSConfigWithSpecifiedFingerprint(tlsConfig *tls.Config, fingerprint str
if tlsConfig == nil {
return &tls.Config{
InsecureSkipVerify: true,
VerifyPeerCertificate: verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes}),
VerifyPeerCertificate: verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes}, false),
}, nil
} else {
tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes}, tlsConfig.InsecureSkipVerify)
tlsConfig.InsecureSkipVerify = true
tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints([][32]byte{*fingerprintBytes})
return tlsConfig, nil
}
}
@ -98,10 +98,13 @@ func GetTLSConfigWithSpecifiedFingerprint(tlsConfig *tls.Config, fingerprint str
func MixinTLSConfig(tlsConfig *tls.Config) *tls.Config {
if tlsConfig == nil {
return GetDefaultTLSConfig()
return &tls.Config{
InsecureSkipVerify: true,
VerifyPeerCertificate: verifyPeerCertificateAndFingerprints(globalFingerprints, false),
}
}
tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints(globalFingerprints, tlsConfig.InsecureSkipVerify)
tlsConfig.InsecureSkipVerify = true
tlsConfig.VerifyPeerCertificate = verifyPeerCertificateAndFingerprints(globalFingerprints)
return tlsConfig
}

View File

@ -4,7 +4,7 @@ import (
"context"
"crypto/tls"
"fmt"
tlsC "github.com/Dreamacro/clash/common/tls"
tlsC "github.com/Dreamacro/clash/component/tls"
"go.uber.org/atomic"
"net"
"net/netip"

View File

@ -4,9 +4,9 @@ import (
"bytes"
"context"
"crypto/tls"
tls2 "github.com/Dreamacro/clash/common/tls"
"github.com/Dreamacro/clash/component/dialer"
"github.com/Dreamacro/clash/component/resolver"
tls2 "github.com/Dreamacro/clash/component/tls"
"github.com/lucas-clemente/quic-go"
"github.com/lucas-clemente/quic-go/http3"
D "github.com/miekg/dns"

View File

@ -5,9 +5,9 @@ import (
"context"
"crypto/tls"
"fmt"
tlsC "github.com/Dreamacro/clash/common/tls"
"github.com/Dreamacro/clash/component/dialer"
"github.com/Dreamacro/clash/component/resolver"
tlsC "github.com/Dreamacro/clash/component/tls"
"github.com/lucas-clemente/quic-go"
"net"
"strconv"

View File

@ -2,7 +2,7 @@ package executor
import (
"fmt"
"github.com/Dreamacro/clash/common/tls"
"github.com/Dreamacro/clash/component/tls"
"github.com/Dreamacro/clash/listener/inner"
"net/netip"
"os"

View File

@ -3,7 +3,7 @@ package vmess
import (
"context"
"crypto/tls"
tlsC "github.com/Dreamacro/clash/common/tls"
tlsC "github.com/Dreamacro/clash/component/tls"
"net"
C "github.com/Dreamacro/clash/constant"