From 36c775c222dd45cdc7d76556af6dc90e80f095e2 Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Fri, 3 Nov 2023 12:04:22 +0800 Subject: [PATCH] fix: avoid tls panic --- transport/vmess/websocket.go | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/transport/vmess/websocket.go b/transport/vmess/websocket.go index 60353d5a..0c2a3a16 100644 --- a/transport/vmess/websocket.go +++ b/transport/vmess/websocket.go @@ -324,19 +324,34 @@ func streamWebsocketConn(ctx context.Context, conn net.Conn, c *WebsocketConfig, return nil, fmt.Errorf("parse url %s error: %w", c.Path, err) } - scheme := "ws" + uri := url.URL{ + Scheme: "ws", + Host: net.JoinHostPort(c.Host, c.Port), + Path: u.Path, + RawQuery: u.RawQuery, + } + if c.TLS { - scheme = "wss" + uri.Scheme = "wss" + config := c.TLSConfig + if config == nil { // The config cannot be nil + config = &tls.Config{NextProtos: []string{"http/1.1"}} + } + if config.ServerName == "" && !config.InsecureSkipVerify { // users must set either ServerName or InsecureSkipVerify in the config. + config = config.Clone() + config.ServerName = uri.Host + } + if len(c.ClientFingerprint) != 0 { if fingerprint, exists := tlsC.GetFingerprint(c.ClientFingerprint); exists { - utlsConn := tlsC.UClient(conn, c.TLSConfig, fingerprint) + utlsConn := tlsC.UClient(conn, config, fingerprint) if err = utlsConn.BuildWebsocketHandshakeState(); err != nil { return nil, fmt.Errorf("parse url %s error: %w", c.Path, err) } conn = utlsConn } } else { - conn = tls.Client(conn, c.TLSConfig) + conn = tls.Client(conn, config) } if tlsConn, ok := conn.(interface { @@ -348,13 +363,6 @@ func streamWebsocketConn(ctx context.Context, conn net.Conn, c *WebsocketConfig, } } - uri := url.URL{ - Scheme: scheme, - Host: net.JoinHostPort(c.Host, c.Port), - Path: u.Path, - RawQuery: u.RawQuery, - } - request := &http.Request{ Method: http.MethodGet, URL: &uri,