Fix uTLS fingerprints support

Thank @HirbodBehnam https://github.com/XTLS/Xray-core/issues/461
This commit is contained in:
RPRX 2021-04-01 09:15:18 +00:00 committed by GitHub
parent 95a68a6d73
commit 4bf8b6d89c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 39 additions and 31 deletions

View file

@ -3,8 +3,6 @@ package tcp
import (
"context"
utls "github.com/refraction-networking/utls"
"github.com/xtls/xray-core/common"
"github.com/xtls/xray-core/common/net"
"github.com/xtls/xray-core/common/session"
@ -24,7 +22,10 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me
if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
tlsConfig := config.GetTLSConfig(tls.WithDestination(dest))
if fingerprint, ok := tls.Fingerprints[config.Fingerprint]; ok {
conn = utls.UClient(conn, tls.CopyConfig(tlsConfig), fingerprint)
conn = tls.UClient(conn, tlsConfig, fingerprint)
if err := conn.(*tls.UConn).Handshake(); err != nil {
return nil, err
}
} else {
conn = tls.Client(conn, tlsConfig)
}

View file

@ -18,8 +18,6 @@ var (
globalSessionCache = tls.NewLRUClientSessionCache(128)
)
const exp8357 = "experiment:8357"
// ParseCertificate converts a cert.Certificate to Certificate.
func ParseCertificate(c *cert.Certificate) *Certificate {
if c != nil {
@ -240,15 +238,7 @@ func getNewGetCertficateFunc(certs []*tls.Certificate) func(hello *tls.ClientHel
}
}
func (c *Config) IsExperiment8357() bool {
return strings.HasPrefix(c.ServerName, exp8357)
}
func (c *Config) parseServerName() string {
if c.IsExperiment8357() {
return c.ServerName[len(exp8357):]
}
return c.ServerName
}

View file

@ -43,26 +43,43 @@ func Client(c net.Conn, config *tls.Config) net.Conn {
return &Conn{Conn: tlsConn}
}
var Fingerprints = map[string]utls.ClientHelloID{
"chrome": utls.HelloChrome_Auto,
"firefox": utls.HelloFirefox_Auto,
"safari": utls.HelloIOS_Auto,
"randomized": utls.HelloRandomized,
}
func CopyConfig(c *tls.Config) *utls.Config {
return &utls.Config{
RootCAs: c.RootCAs,
NextProtos: c.NextProtos,
ServerName: c.ServerName,
InsecureSkipVerify: c.InsecureSkipVerify,
MinVersion: c.MinVersion,
MaxVersion: c.MaxVersion,
}
}
// Server initiates a TLS server handshake on the given connection.
func Server(c net.Conn, config *tls.Config) net.Conn {
tlsConn := tls.Server(c, config)
return &Conn{Conn: tlsConn}
}
type UConn struct {
*utls.UConn
}
func (c *UConn) HandshakeAddress() net.Address {
if err := c.Handshake(); err != nil {
return nil
}
state := c.ConnectionState()
if state.ServerName == "" {
return nil
}
return net.ParseAddress(state.ServerName)
}
func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) net.Conn {
utlsConn := utls.UClient(c, copyConfig(config), *fingerprint)
return &UConn{UConn: utlsConn}
}
func copyConfig(c *tls.Config) *utls.Config {
return &utls.Config{
RootCAs: c.RootCAs,
ServerName: c.ServerName,
InsecureSkipVerify: c.InsecureSkipVerify,
}
}
var Fingerprints = map[string]*utls.ClientHelloID{
"chrome": &utls.HelloChrome_Auto,
"firefox": &utls.HelloFirefox_Auto,
"safari": &utls.HelloIOS_Auto,
"randomized": &utls.HelloRandomized,
}