black-internet-days-ahead/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2024-11-14 12:43:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix reject unknown sni with single cert

Browse source
This commit is contained in:
hmol233 2021-05-10 00:28:40 +08:00
parent 1f92b948c0
commit e8a8465220
No known key found for this signature in database
GPG key ID: D617A9DAB0C992D5
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
transport/internet/tls/config.go
View file

@ -214,10 +214,10 @@ func getGetCertificateFunc(c *tls.Config, ca []*Certificate) func(hello *tls.Cli
func getNewGetCertificateFunc(certs []*tls.Certificate, rejectUnknownSNI bool) func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { func getNewGetCertificateFunc(certs []*tls.Certificate, rejectUnknownSNI bool) func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
if len(certs) == 0 { if len(certs) == 0 {
return nil, newError("empty certs") return nil, errNoCertificates
} }
sni := strings.ToLower(hello.ServerName) sni := strings.ToLower(hello.ServerName)
if len(certs) == 1 || sni == "" { if !rejectUnknownSNI && (len(certs) == 1 || sni == "") {
return certs[0], nil return certs[0], nil
} }
gsni := "*" gsni := "*"

4
transport/internet/xtls/config.go
View file

@ -215,10 +215,10 @@ func getGetCertificateFunc(c *xtls.Config, ca []*Certificate) func(hello *xtls.C
func getNewGetCertificateFunc(certs []*xtls.Certificate, rejectUnknownSNI bool) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { func getNewGetCertificateFunc(certs []*xtls.Certificate, rejectUnknownSNI bool) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) { return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
if len(certs) == 0 { if len(certs) == 0 {
return nil, newError("empty certs") return nil, errNoCertificates
} }
sni := strings.ToLower(hello.ServerName) sni := strings.ToLower(hello.ServerName)
if len(certs) == 1 || sni == "" { if !rejectUnknownSNI && (len(certs) == 1 || sni == "") {
return certs[0], nil return certs[0], nil
} }
gsni := "*" gsni := "*"