Legends never die (#1725)

2025-06-12 11:29:36 +03:00 · 2023-03-04 05:39:26 -05:00
parent 4c8ee0af50
commit 9e5bc07bf2
34 changed files with 71 additions and 1773 deletions
--- a/infra/conf/transport_internet.go
+++ b/infra/conf/transport_internet.go
@ -26,7 +26,6 @@ import (
 	"github.com/xtls/xray-core/transport/internet/tcp"
 	"github.com/xtls/xray-core/transport/internet/tls"
 	"github.com/xtls/xray-core/transport/internet/websocket"
-	"github.com/xtls/xray-core/transport/internet/xtls"
 )

 var (
@ -416,117 +415,6 @@ func (c *TLSConfig) Build() (proto.Message, error) {
 	return config, nil
 }

-type XTLSCertConfig struct {
-	CertFile       string   `json:"certificateFile"`
-	CertStr        []string `json:"certificate"`
-	KeyFile        string   `json:"keyFile"`
-	KeyStr         []string `json:"key"`
-	Usage          string   `json:"usage"`
-	OcspStapling   uint64   `json:"ocspStapling"`
-	OneTimeLoading bool     `json:"oneTimeLoading"`
-}
-
-// Build implements Buildable.
-func (c *XTLSCertConfig) Build() (*xtls.Certificate, error) {
-	certificate := new(xtls.Certificate)
-	cert, err := readFileOrString(c.CertFile, c.CertStr)
-	if err != nil {
-		return nil, newError("failed to parse certificate").Base(err)
-	}
-	certificate.Certificate = cert
-	certificate.CertificatePath = c.CertFile
-
-	if len(c.KeyFile) > 0 || len(c.KeyStr) > 0 {
-		key, err := readFileOrString(c.KeyFile, c.KeyStr)
-		if err != nil {
-			return nil, newError("failed to parse key").Base(err)
-		}
-		certificate.Key = key
-		certificate.KeyPath = c.KeyFile
-	}
-
-	switch strings.ToLower(c.Usage) {
-	case "encipherment":
-		certificate.Usage = xtls.Certificate_ENCIPHERMENT
-	case "verify":
-		certificate.Usage = xtls.Certificate_AUTHORITY_VERIFY
-	case "issue":
-		certificate.Usage = xtls.Certificate_AUTHORITY_ISSUE
-	default:
-		certificate.Usage = xtls.Certificate_ENCIPHERMENT
-	}
-	if certificate.KeyPath == "" && certificate.CertificatePath == "" {
-		certificate.OneTimeLoading = true
-	} else {
-		certificate.OneTimeLoading = c.OneTimeLoading
-	}
-	certificate.OcspStapling = c.OcspStapling
-
-	return certificate, nil
-}
-
-type XTLSConfig struct {
-	Insecure                         bool              `json:"allowInsecure"`
-	Certs                            []*XTLSCertConfig `json:"certificates"`
-	ServerName                       string            `json:"serverName"`
-	ALPN                             *StringList       `json:"alpn"`
-	EnableSessionResumption          bool              `json:"enableSessionResumption"`
-	DisableSystemRoot                bool              `json:"disableSystemRoot"`
-	MinVersion                       string            `json:"minVersion"`
-	MaxVersion                       string            `json:"maxVersion"`
-	CipherSuites                     string            `json:"cipherSuites"`
-	PreferServerCipherSuites         bool              `json:"preferServerCipherSuites"`
-	Fingerprint                      string            `json:"fingerprint"`
-	RejectUnknownSNI                 bool              `json:"rejectUnknownSni"`
-	PinnedPeerCertificateChainSha256 *[]string         `json:"pinnedPeerCertificateChainSha256"`
-}
-
-// Build implements Buildable.
-func (c *XTLSConfig) Build() (proto.Message, error) {
-	config := new(xtls.Config)
-	config.Certificate = make([]*xtls.Certificate, len(c.Certs))
-	for idx, certConf := range c.Certs {
-		cert, err := certConf.Build()
-		if err != nil {
-			return nil, err
-		}
-		config.Certificate[idx] = cert
-	}
-	serverName := c.ServerName
-	config.AllowInsecure = c.Insecure
-	if len(c.ServerName) > 0 {
-		config.ServerName = serverName
-	}
-	if c.ALPN != nil && len(*c.ALPN) > 0 {
-		config.NextProtocol = []string(*c.ALPN)
-	}
-	config.EnableSessionResumption = c.EnableSessionResumption
-	config.DisableSystemRoot = c.DisableSystemRoot
-	config.MinVersion = c.MinVersion
-	config.MaxVersion = c.MaxVersion
-	config.CipherSuites = c.CipherSuites
-	config.PreferServerCipherSuites = c.PreferServerCipherSuites
-	if c.Fingerprint != "" {
-		return nil, newError(`Old version of XTLS does not support fingerprint. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`)
-	}
-	config.RejectUnknownSni = c.RejectUnknownSNI
-
-	if c.PinnedPeerCertificateChainSha256 != nil {
-		config.PinnedPeerCertificateChainSha256 = [][]byte{}
-		for _, v := range *c.PinnedPeerCertificateChainSha256 {
-			hashValue, err := base64.StdEncoding.DecodeString(v)
-			if err != nil {
-				return nil, err
-			}
-			config.PinnedPeerCertificateChainSha256 = append(config.PinnedPeerCertificateChainSha256, hashValue)
-		}
-	}
-
-	newError(`You are using an old version of XTLS, which is deprecated now and will be removed soon. Please use flow "xtls-rprx-vision" with "tls & tlsSettings" instead.`).AtWarning().WriteToLog()
-
-	return config, nil
-}
-
 type REALITYConfig struct {
 	Show         bool            `json:"show"`
 	Dest         json.RawMessage `json:"dest"`
@ -788,7 +676,6 @@ type StreamConfig struct {
 	Network         *TransportProtocol  `json:"network"`
 	Security        string              `json:"security"`
 	TLSSettings     *TLSConfig          `json:"tlsSettings"`
-	XTLSSettings    *XTLSConfig         `json:"xtlsSettings"`
 	REALITYSettings *REALITYConfig      `json:"realitySettings"`
 	TCPSettings     *TCPConfig          `json:"tcpSettings"`
 	KCPSettings     *KCPConfig          `json:"kcpSettings"`
@ -816,9 +703,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
 	if strings.EqualFold(c.Security, "tls") {
 		tlsSettings := c.TLSSettings
 		if tlsSettings == nil {
-			if c.XTLSSettings != nil {
-				return nil, newError(`TLS: Please use "tlsSettings" instead of "xtlsSettings".`)
-			}
 			tlsSettings = &TLSConfig{}
 		}
 		ts, err := tlsSettings.Build()
@ -829,25 +713,6 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
 		config.SecuritySettings = append(config.SecuritySettings, tm)
 		config.SecurityType = tm.Type
 	}
-	if strings.EqualFold(c.Security, "xtls") {
-		if config.ProtocolName != "tcp" && config.ProtocolName != "mkcp" && config.ProtocolName != "domainsocket" {
-			return nil, newError("XTLS only supports TCP, mKCP and DomainSocket for now.")
-		}
-		xtlsSettings := c.XTLSSettings
-		if xtlsSettings == nil {
-			if c.TLSSettings != nil {
-				return nil, newError(`XTLS: Please use "xtlsSettings" instead of "tlsSettings".`)
-			}
-			xtlsSettings = &XTLSConfig{}
-		}
-		ts, err := xtlsSettings.Build()
-		if err != nil {
-			return nil, newError("Failed to build XTLS config.").Base(err)
-		}
-		tm := serial.ToTypedMessage(ts)
-		config.SecuritySettings = append(config.SecuritySettings, tm)
-		config.SecurityType = tm.Type
-	}
 	if strings.EqualFold(c.Security, "reality") {
 		if config.ProtocolName != "tcp" && config.ProtocolName != "http" && config.ProtocolName != "grpc" && config.ProtocolName != "domainsocket" {
 			return nil, newError("REALITY only supports TCP, H2, gRPC and DomainSocket for now.")