mirrors/Xray-core
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-06-18 22:29:49 +03:00
Code Issues Releases Activity

DNS DoH: Add h2c Remote mode (with TLS serverNameToVerify)

Browse Source 
https://github.com/XTLS/Xray-core/issues/4313#issuecomment-2609339864

Applies https://github.com/refraction-networking/utls/pull/161

Closes https://github.com/XTLS/Xray-core/issues/4313
This commit is contained in:
RPRX
2025-01-25 10:51:44 +00:00
committed by GitHub
parent a0822cb440
commit 2522cfd7be
7 changed files with 105 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
transport/internet/tls/config.go
View File

@ -4,6 +4,7 @@ import (
"bytes"
"context"
"crypto/hmac"
"crypto/rand"
"crypto/tls"
"crypto/x509"
"encoding/base64"
@ -303,6 +304,14 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert
return nil
}
type RandCarrier struct {
ServerNameToVerify string
}
func (r *RandCarrier) Read(p []byte) (n int, err error) {
return rand.Read(p)
}
// GetTLSConfig converts this Config into tls.Config.
func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
root, err := c.getCertPool()
@ -321,6 +330,9 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
}
config := &tls.Config{
Rand: &RandCarrier{
ServerNameToVerify: c.ServerNameToVerify,
},
ClientSessionCache: globalSessionCache,
RootCAs: root,
InsecureSkipVerify: c.AllowInsecure,