feat: REALITY use proxy servername

This commit is contained in:
H1JK 2023-03-08 20:28:12 +08:00
parent 8ba7ce73d8
commit 921b2c3aa4
3 changed files with 26 additions and 34 deletions

View File

@ -11,31 +11,25 @@ import (
) )
type RealityOptions struct { type RealityOptions struct {
ServerName string `proxy:"server-name"` PublicKey string `proxy:"public-key"`
PublicKey string `proxy:"public-key"` ShortID string `proxy:"short-id"`
ShortID string `proxy:"short-id"`
} }
func (o RealityOptions) Parse() (*tlsC.RealityConfig, error) { func (o RealityOptions) Parse() (*tlsC.RealityConfig, error) {
if o.PublicKey != "" || o.ServerName != "" { if o.PublicKey != "" {
if o.PublicKey != "" && o.ServerName != "" { config := new(tlsC.RealityConfig)
config := new(tlsC.RealityConfig)
n, err := base64.RawURLEncoding.Decode(config.PublicKey[:], []byte(o.PublicKey)) n, err := base64.RawURLEncoding.Decode(config.PublicKey[:], []byte(o.PublicKey))
if err != nil || n != curve25519.ScalarSize { if err != nil || n != curve25519.ScalarSize {
return nil, errors.New("invalid REALITY public key") return nil, errors.New("invalid REALITY public key")
}
config.ShortID, err = hex.DecodeString(o.ShortID)
if err != nil {
return nil, errors.New("invalid REALITY short ID")
}
config.ServerName = o.ServerName
return config, nil
} }
return nil, errors.New("invalid REALITY protocol option")
config.ShortID, err = hex.DecodeString(o.ShortID)
if err != nil {
return nil, errors.New("invalid REALITY short ID")
}
return config, nil
} }
return nil, nil return nil, nil
} }

View File

@ -30,21 +30,21 @@ import (
) )
type RealityConfig struct { type RealityConfig struct {
ServerName string PublicKey [curve25519.ScalarSize]byte
PublicKey [curve25519.ScalarSize]byte ShortID []byte
ShortID []byte
} }
func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config, realityConfig *RealityConfig) (net.Conn, error) { func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config, realityConfig *RealityConfig) (net.Conn, error) {
if fingerprint, exists := GetFingerprint(ClientFingerprint); exists { if fingerprint, exists := GetFingerprint(ClientFingerprint); exists {
verifier := &realityVerifier{ verifier := &realityVerifier{
serverName: realityConfig.ServerName, serverName: tlsConfig.ServerName,
}
uConfig := &utls.Config{
ServerName: tlsConfig.ServerName,
InsecureSkipVerify: true,
SessionTicketsDisabled: true,
VerifyPeerCertificate: verifier.VerifyPeerCertificate,
} }
uConfig := copyConfig(tlsConfig)
uConfig.ServerName = realityConfig.ServerName
uConfig.InsecureSkipVerify = true
uConfig.SessionTicketsDisabled = true
uConfig.VerifyPeerCertificate = verifier.VerifyPeerCertificate
clientID := utls.ClientHelloID{ clientID := utls.ClientHelloID{
Client: fingerprint.Client, Client: fingerprint.Client,
Version: fingerprint.Version, Version: fingerprint.Version,

View File

@ -451,13 +451,11 @@ proxies: # socks5
udp: true udp: true
xudp: true xudp: true
flow: xtls-rprx-vision flow: xtls-rprx-vision
servername: www.microsoft.com # REALITY servername
reality-opts: reality-opts:
server-name: www.microsoft.com
public-key: xxx public-key: xxx
short-id: xxx short-id: xxx # optional
client-fingerprint: chrome client-fingerprint: chrome # cannot be empty
# fingerprint: xxxx
# skip-cert-verify: true
- name: "vless-ws" - name: "vless-ws"
type: vless type: vless