mirrors/Xray-core
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-06-12 11:29:36 +03:00
Code Issues Releases Activity

Add: reject unknown SNI

Browse Source 
Co-Authored-By: 玖柒Max <60207794+jiuqi9997@users.noreply.github.com>
This commit is contained in:
hmol233
2021-05-09 23:47:21 +08:00
parent 1e3d739a5b
commit 53b99efe78
7 changed files with 63 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
transport/internet/xtls/config.go
View File

@ -212,7 +212,7 @@ func getGetCertificateFunc(c *xtls.Config, ca []*Certificate) func(hello *xtls.C
}
}
func getNewGetCertficateFunc(certs []*xtls.Certificate) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
func getNewGetCertificateFunc(certs []*xtls.Certificate, rejectUnknownSNI bool) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
if len(certs) == 0 {
return nil, newError("empty certs")
@ -235,6 +235,9 @@ func getNewGetCertficateFunc(certs []*xtls.Certificate) func(hello *xtls.ClientH
}
}
}
if rejectUnknownSNI {
return nil, newError("reject unknown sni")
}
return certs[0], nil
}
}
@ -276,7 +279,7 @@ func (c *Config) GetXTLSConfig(opts ...Option) *xtls.Config {
if len(caCerts) > 0 {
config.GetCertificate = getGetCertificateFunc(config, caCerts)
} else {
config.GetCertificate = getNewGetCertficateFunc(c.BuildCertificates())
config.GetCertificate = getNewGetCertificateFunc(c.BuildCertificates(), c.RejectUnknownSni)
}
if sn := c.parseServerName(); len(sn) > 0 {