github
/
v2ray-core
mirror of https://github.com/v2ray/v2ray-core
1
0
Fork 0
Code Issues Releases Wiki Activity

only try issuing new certificate when user provide custom CA

pull/1059/head
Darien Raymond 2018-04-14 13:12:50 +02:00
parent 048f0ee56e
commit abee8bddf3
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169
1 changed files with 50 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
transport/internet/tls/config.go
View File

@ -58,6 +58,15 @@ func issueCertificate(rawCA *Certificate, domain string) (*tls.Certificate, erro
return &cert, err
}
func (c *Config) hasCustomCA() bool {
for _, certificate := range c.Certificate {
if certificate.Usage == Certificate_AUTHORITY_ISSUE {
return true
}
}
return false
}
func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
config := &tls.Config{
ClientSessionCache: globalSessionCache,
@ -74,6 +83,7 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
config.InsecureSkipVerify = c.AllowInsecure
config.Certificates = c.BuildCertificates()
config.BuildNameToCertificate()
if c.hasCustomCA() {
config.GetCertificate = func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
domain := hello.ServerName
certExpired := false
@ -121,6 +131,8 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
return issuedCertificate, nil
}
}
if len(c.ServerName) > 0 {
config.ServerName = c.ServerName
}