mirror of https://github.com/v2ray/v2ray-core
tls config
parent
1e3ebeef59
commit
754e8b6e78
|
@ -1,42 +1,7 @@
|
||||||
package http
|
package http
|
||||||
|
|
||||||
import "crypto/tls"
|
|
||||||
|
|
||||||
// CertificateConfig is the config for TLS certificates used in HTTP proxy.
|
|
||||||
type CertificateConfig struct {
|
|
||||||
Domain string
|
|
||||||
Certificate tls.Certificate
|
|
||||||
}
|
|
||||||
|
|
||||||
// TlsConfig is the config for TLS connections.
|
|
||||||
type TLSConfig struct {
|
|
||||||
Enabled bool
|
|
||||||
Certs []*CertificateConfig
|
|
||||||
}
|
|
||||||
|
|
||||||
// GetConfig returns corresponding tls.Config.
|
|
||||||
func (this *TLSConfig) GetConfig() *tls.Config {
|
|
||||||
if !this.Enabled {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
config := &tls.Config{
|
|
||||||
InsecureSkipVerify: false,
|
|
||||||
}
|
|
||||||
|
|
||||||
config.Certificates = make([]tls.Certificate, len(this.Certs))
|
|
||||||
for index, cert := range this.Certs {
|
|
||||||
config.Certificates[index] = cert.Certificate
|
|
||||||
}
|
|
||||||
|
|
||||||
config.BuildNameToCertificate()
|
|
||||||
|
|
||||||
return config
|
|
||||||
}
|
|
||||||
|
|
||||||
// Config for HTTP proxy server.
|
// Config for HTTP proxy server.
|
||||||
type Config struct {
|
type Config struct {
|
||||||
TLSConfig *TLSConfig
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClientConfig for HTTP proxy client.
|
// ClientConfig for HTTP proxy client.
|
||||||
|
|
|
@ -3,62 +3,21 @@
|
||||||
package http
|
package http
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
|
|
||||||
"github.com/v2ray/v2ray-core/proxy/internal"
|
"github.com/v2ray/v2ray-core/proxy/internal"
|
||||||
)
|
)
|
||||||
|
|
||||||
// UnmarshalJSON implements json.Unmarshaler
|
|
||||||
func (this *CertificateConfig) UnmarshalJSON(data []byte) error {
|
|
||||||
type JsonConfig struct {
|
|
||||||
Domain string `json:"domain"`
|
|
||||||
CertFile string `json:"cert"`
|
|
||||||
KeyFile string `json:"key"`
|
|
||||||
}
|
|
||||||
jsonConfig := new(JsonConfig)
|
|
||||||
if err := json.Unmarshal(data, jsonConfig); err != nil {
|
|
||||||
return errors.New("HTTP: Failed to parse certificate config: " + err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
cert, err := tls.LoadX509KeyPair(jsonConfig.CertFile, jsonConfig.KeyFile)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
this.Domain = jsonConfig.Domain
|
|
||||||
this.Certificate = cert
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// UnmarshalJSON implements json.Unmarshaler
|
|
||||||
func (this *TLSConfig) UnmarshalJSON(data []byte) error {
|
|
||||||
type JsonConfig struct {
|
|
||||||
Enabled bool `json:"enable"`
|
|
||||||
Certs []*CertificateConfig `json:"certs"`
|
|
||||||
}
|
|
||||||
jsonConfig := new(JsonConfig)
|
|
||||||
if err := json.Unmarshal(data, jsonConfig); err != nil {
|
|
||||||
return errors.New("HTTP: Failed to parse TLS config: " + err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
this.Enabled = jsonConfig.Enabled
|
|
||||||
this.Certs = jsonConfig.Certs
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// UnmarshalJSON implements json.Unmarshaler
|
// UnmarshalJSON implements json.Unmarshaler
|
||||||
func (this *Config) UnmarshalJSON(data []byte) error {
|
func (this *Config) UnmarshalJSON(data []byte) error {
|
||||||
type JsonConfig struct {
|
type JsonConfig struct {
|
||||||
Tls *TLSConfig `json:"tls"`
|
|
||||||
}
|
}
|
||||||
jsonConfig := new(JsonConfig)
|
jsonConfig := new(JsonConfig)
|
||||||
if err := json.Unmarshal(data, jsonConfig); err != nil {
|
if err := json.Unmarshal(data, jsonConfig); err != nil {
|
||||||
return errors.New("HTTP: Failed to parse config: " + err.Error())
|
return errors.New("HTTP: Failed to parse config: " + err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
this.TLSConfig = jsonConfig.Tls
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package internet
|
package internet
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"net"
|
"net"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -13,14 +14,38 @@ type Reusable interface {
|
||||||
|
|
||||||
type StreamConnectionType int
|
type StreamConnectionType int
|
||||||
|
|
||||||
var (
|
const (
|
||||||
StreamConnectionTypeRawTCP StreamConnectionType = 1
|
StreamConnectionTypeRawTCP StreamConnectionType = 1
|
||||||
StreamConnectionTypeTCP StreamConnectionType = 2
|
StreamConnectionTypeTCP StreamConnectionType = 2
|
||||||
StreamConnectionTypeKCP StreamConnectionType = 4
|
StreamConnectionTypeKCP StreamConnectionType = 4
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type StreamSecurityType int
|
||||||
|
|
||||||
|
const (
|
||||||
|
StreamSecurityTypeNone StreamSecurityType = 0
|
||||||
|
StreamSecurityTypeTLS StreamSecurityType = 1
|
||||||
|
)
|
||||||
|
|
||||||
|
type TLSSettings struct {
|
||||||
|
Certs []tls.Certificate
|
||||||
|
}
|
||||||
|
|
||||||
|
func (this *TLSSettings) GetTLSConfig() *tls.Config {
|
||||||
|
config := &tls.Config{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
}
|
||||||
|
|
||||||
|
config.Certificates = this.Certs
|
||||||
|
config.BuildNameToCertificate()
|
||||||
|
|
||||||
|
return config
|
||||||
|
}
|
||||||
|
|
||||||
type StreamSettings struct {
|
type StreamSettings struct {
|
||||||
Type StreamConnectionType
|
Type StreamConnectionType
|
||||||
|
Security StreamSecurityType
|
||||||
|
TLSSettings *TLSSettings
|
||||||
}
|
}
|
||||||
|
|
||||||
func (this *StreamSettings) IsCapableOf(streamType StreamConnectionType) bool {
|
func (this *StreamSettings) IsCapableOf(streamType StreamConnectionType) bool {
|
||||||
|
|
|
@ -3,14 +3,42 @@
|
||||||
package internet
|
package internet
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"strings"
|
||||||
|
|
||||||
v2net "github.com/v2ray/v2ray-core/common/net"
|
v2net "github.com/v2ray/v2ray-core/common/net"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func (this *TLSSettings) UnmarshalJSON(data []byte) error {
|
||||||
|
type JSONCertConfig struct {
|
||||||
|
CertFile string `json:"certFile"`
|
||||||
|
KeyFile string `json:"keyFile"`
|
||||||
|
}
|
||||||
|
type JSONConfig struct {
|
||||||
|
Certs []*JSONCertConfig `json:"certs"`
|
||||||
|
}
|
||||||
|
jsonConfig := new(JSONConfig)
|
||||||
|
if err := json.Unmarshal(data, jsonConfig); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
this.Certs = make([]tls.Certificate, len(jsonConfig.Certs))
|
||||||
|
for idx, certConf := range jsonConfig.Certs {
|
||||||
|
cert, err := tls.LoadX509KeyPair(certConf.CertFile, certConf.KeyFile)
|
||||||
|
if err != nil {
|
||||||
|
return errors.New("Internet|TLS: Failed to load certificate file: " + err.Error())
|
||||||
|
}
|
||||||
|
this.Certs[idx] = cert
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (this *StreamSettings) UnmarshalJSON(data []byte) error {
|
func (this *StreamSettings) UnmarshalJSON(data []byte) error {
|
||||||
type JSONConfig struct {
|
type JSONConfig struct {
|
||||||
Network v2net.NetworkList `json:"network"`
|
Network v2net.NetworkList `json:"network"`
|
||||||
|
Security string `json:"security"`
|
||||||
|
TLSSettings *TLSSettings `json:"tlsSettings"`
|
||||||
}
|
}
|
||||||
this.Type = StreamConnectionTypeRawTCP
|
this.Type = StreamConnectionTypeRawTCP
|
||||||
jsonConfig := new(JSONConfig)
|
jsonConfig := new(JSONConfig)
|
||||||
|
@ -23,5 +51,12 @@ func (this *StreamSettings) UnmarshalJSON(data []byte) error {
|
||||||
if jsonConfig.Network.HasNetwork(v2net.TCPNetwork) {
|
if jsonConfig.Network.HasNetwork(v2net.TCPNetwork) {
|
||||||
this.Type |= StreamConnectionTypeTCP
|
this.Type |= StreamConnectionTypeTCP
|
||||||
}
|
}
|
||||||
|
this.Security = StreamSecurityTypeNone
|
||||||
|
if strings.ToLower(jsonConfig.Security) == "tls" {
|
||||||
|
this.Security = StreamSecurityTypeTLS
|
||||||
|
}
|
||||||
|
if jsonConfig.TLSSettings != nil {
|
||||||
|
this.TLSSettings = jsonConfig.TLSSettings
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,11 +1,13 @@
|
||||||
package internet
|
package internet
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"errors"
|
"errors"
|
||||||
"net"
|
"net"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
v2net "github.com/v2ray/v2ray-core/common/net"
|
v2net "github.com/v2ray/v2ray-core/common/net"
|
||||||
|
v2tls "github.com/v2ray/v2ray-core/transport/internet/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -22,16 +24,32 @@ var (
|
||||||
)
|
)
|
||||||
|
|
||||||
func Dial(src v2net.Address, dest v2net.Destination, settings *StreamSettings) (Connection, error) {
|
func Dial(src v2net.Address, dest v2net.Destination, settings *StreamSettings) (Connection, error) {
|
||||||
|
var connection Connection
|
||||||
|
var err error
|
||||||
if dest.IsTCP() {
|
if dest.IsTCP() {
|
||||||
switch {
|
switch {
|
||||||
case settings.IsCapableOf(StreamConnectionTypeTCP):
|
case settings.IsCapableOf(StreamConnectionTypeTCP):
|
||||||
return TCPDialer(src, dest)
|
connection, err = TCPDialer(src, dest)
|
||||||
case settings.IsCapableOf(StreamConnectionTypeKCP):
|
case settings.IsCapableOf(StreamConnectionTypeKCP):
|
||||||
return KCPDialer(src, dest)
|
connection, err = KCPDialer(src, dest)
|
||||||
case settings.IsCapableOf(StreamConnectionTypeRawTCP):
|
case settings.IsCapableOf(StreamConnectionTypeRawTCP):
|
||||||
return RawTCPDialer(src, dest)
|
connection, err = RawTCPDialer(src, dest)
|
||||||
|
default:
|
||||||
|
return nil, ErrUnsupportedStreamType
|
||||||
}
|
}
|
||||||
return nil, ErrUnsupportedStreamType
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if settings.Security == StreamSecurityTypeNone {
|
||||||
|
return connection, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
config := settings.TLSSettings.GetTLSConfig()
|
||||||
|
if dest.Address().IsDomain() {
|
||||||
|
config.ServerName = dest.Address().Domain()
|
||||||
|
}
|
||||||
|
tlsConn := tls.Client(connection, config)
|
||||||
|
return v2tls.NewConnection(tlsConn), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return UDPDialer(src, dest)
|
return UDPDialer(src, dest)
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
package internet
|
package internet
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"errors"
|
"errors"
|
||||||
"net"
|
"net"
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/v2ray/v2ray-core/common/log"
|
"github.com/v2ray/v2ray-core/common/log"
|
||||||
v2net "github.com/v2ray/v2ray-core/common/net"
|
v2net "github.com/v2ray/v2ray-core/common/net"
|
||||||
|
v2tls "github.com/v2ray/v2ray-core/transport/internet/tls"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -29,6 +31,7 @@ type TCPHub struct {
|
||||||
listener Listener
|
listener Listener
|
||||||
connCallback ConnectionHandler
|
connCallback ConnectionHandler
|
||||||
accepting bool
|
accepting bool
|
||||||
|
tlsConfig *tls.Config
|
||||||
}
|
}
|
||||||
|
|
||||||
func ListenTCP(address v2net.Address, port v2net.Port, callback ConnectionHandler, settings *StreamSettings) (*TCPHub, error) {
|
func ListenTCP(address v2net.Address, port v2net.Port, callback ConnectionHandler, settings *StreamSettings) (*TCPHub, error) {
|
||||||
|
@ -51,9 +54,15 @@ func ListenTCP(address v2net.Address, port v2net.Port, callback ConnectionHandle
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var tlsConfig *tls.Config
|
||||||
|
if settings.Security == StreamSecurityTypeTLS {
|
||||||
|
tlsConfig = settings.TLSSettings.GetTLSConfig()
|
||||||
|
}
|
||||||
|
|
||||||
hub := &TCPHub{
|
hub := &TCPHub{
|
||||||
listener: listener,
|
listener: listener,
|
||||||
connCallback: callback,
|
connCallback: callback,
|
||||||
|
tlsConfig: tlsConfig,
|
||||||
}
|
}
|
||||||
|
|
||||||
go hub.start()
|
go hub.start()
|
||||||
|
@ -76,6 +85,10 @@ func (this *TCPHub) start() {
|
||||||
}
|
}
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
if this.tlsConfig != nil {
|
||||||
|
tlsConn := tls.Server(conn, this.tlsConfig)
|
||||||
|
conn = v2tls.NewConnection(tlsConn)
|
||||||
|
}
|
||||||
go this.connCallback(conn)
|
go this.connCallback(conn)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
package tls
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Connection struct {
|
||||||
|
*tls.Conn
|
||||||
|
}
|
||||||
|
|
||||||
|
func (this *Connection) Reusable() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
func (this *Connection) SetReusable(bool) {}
|
||||||
|
|
||||||
|
func NewConnection(conn *tls.Conn) *Connection {
|
||||||
|
return &Connection{
|
||||||
|
Conn: conn,
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue