diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 4a12761d..7ac3eb51 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -395,27 +395,27 @@ func (c *TLSCertConfig) Build() (*tls.Certificate, error) { } type TLSConfig struct { - Insecure bool `json:"allowInsecure"` - Certs []*TLSCertConfig `json:"certificates"` - ServerName string `json:"serverName"` - ALPN *StringList `json:"alpn"` - EnableSessionResumption bool `json:"enableSessionResumption"` - DisableSystemRoot bool `json:"disableSystemRoot"` - MinVersion string `json:"minVersion"` - MaxVersion string `json:"maxVersion"` - CipherSuites string `json:"cipherSuites"` - Fingerprint string `json:"fingerprint"` - RejectUnknownSNI bool `json:"rejectUnknownSni"` - PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` - PinnedPeerCertificatePublicKeySha256 *[]string `json:"pinnedPeerCertificatePublicKeySha256"` - CurvePreferences *StringList `json:"curvePreferences"` - MasterKeyLog string `json:"masterKeyLog"` - ServerNameToVerify string `json:"serverNameToVerify"` - VerifyPeerCertInNames []string `json:"verifyPeerCertInNames"` - ECHServerKeys string `json:"echServerKeys"` - ECHConfigList string `json:"echConfigList"` - ECHForceQuery string `json:"echForceQuery"` - ECHSocketSettings *SocketConfig `json:"echSockopt"` + Insecure bool `json:"allowInsecure"` + Certs []*TLSCertConfig `json:"certificates"` + ServerName string `json:"serverName"` + ALPN *StringList `json:"alpn"` + EnableSessionResumption bool `json:"enableSessionResumption"` + DisableSystemRoot bool `json:"disableSystemRoot"` + MinVersion string `json:"minVersion"` + MaxVersion string `json:"maxVersion"` + CipherSuites string `json:"cipherSuites"` + Fingerprint string `json:"fingerprint"` + RejectUnknownSNI bool `json:"rejectUnknownSni"` + PinnedPeerCertificateChainSha256 *[]string `json:"pinnedPeerCertificateChainSha256"` + PinnedPeerCertificateSha256 *[]string `json:"pinnedPeerCertificateSha256"` + CurvePreferences *StringList `json:"curvePreferences"` + MasterKeyLog string `json:"masterKeyLog"` + ServerNameToVerify string `json:"serverNameToVerify"` + VerifyPeerCertInNames []string `json:"verifyPeerCertInNames"` + ECHServerKeys string `json:"echServerKeys"` + ECHConfigList string `json:"echConfigList"` + ECHForceQuery string `json:"echForceQuery"` + ECHSocketSettings *SocketConfig `json:"echSockopt"` } // Build implements Buildable. @@ -469,14 +469,14 @@ func (c *TLSConfig) Build() (proto.Message, error) { } } - if c.PinnedPeerCertificatePublicKeySha256 != nil { - config.PinnedPeerCertificatePublicKeySha256 = [][]byte{} - for _, v := range *c.PinnedPeerCertificatePublicKeySha256 { - hashValue, err := base64.StdEncoding.DecodeString(v) + if c.PinnedPeerCertificateSha256 != nil { + config.PinnedPeerCertificateSha256 = [][]byte{} + for _, v := range *c.PinnedPeerCertificateSha256 { + hashValue, err := hex.DecodeString(v) if err != nil { return nil, err } - config.PinnedPeerCertificatePublicKeySha256 = append(config.PinnedPeerCertificatePublicKeySha256, hashValue) + config.PinnedPeerCertificateSha256 = append(config.PinnedPeerCertificateSha256, hashValue) } }