mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-11-14 12:43:18 +00:00
Fix reject unknown sni with single cert
This commit is contained in:
parent
1f92b948c0
commit
e8a8465220
|
@ -214,10 +214,10 @@ func getGetCertificateFunc(c *tls.Config, ca []*Certificate) func(hello *tls.Cli
|
||||||
func getNewGetCertificateFunc(certs []*tls.Certificate, rejectUnknownSNI bool) func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
func getNewGetCertificateFunc(certs []*tls.Certificate, rejectUnknownSNI bool) func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
if len(certs) == 0 {
|
if len(certs) == 0 {
|
||||||
return nil, newError("empty certs")
|
return nil, errNoCertificates
|
||||||
}
|
}
|
||||||
sni := strings.ToLower(hello.ServerName)
|
sni := strings.ToLower(hello.ServerName)
|
||||||
if len(certs) == 1 || sni == "" {
|
if !rejectUnknownSNI && (len(certs) == 1 || sni == "") {
|
||||||
return certs[0], nil
|
return certs[0], nil
|
||||||
}
|
}
|
||||||
gsni := "*"
|
gsni := "*"
|
||||||
|
|
|
@ -215,10 +215,10 @@ func getGetCertificateFunc(c *xtls.Config, ca []*Certificate) func(hello *xtls.C
|
||||||
func getNewGetCertificateFunc(certs []*xtls.Certificate, rejectUnknownSNI bool) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
|
func getNewGetCertificateFunc(certs []*xtls.Certificate, rejectUnknownSNI bool) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
|
||||||
return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
|
return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
|
||||||
if len(certs) == 0 {
|
if len(certs) == 0 {
|
||||||
return nil, newError("empty certs")
|
return nil, errNoCertificates
|
||||||
}
|
}
|
||||||
sni := strings.ToLower(hello.ServerName)
|
sni := strings.ToLower(hello.ServerName)
|
||||||
if len(certs) == 1 || sni == "" {
|
if !rejectUnknownSNI && (len(certs) == 1 || sni == "") {
|
||||||
return certs[0], nil
|
return certs[0], nil
|
||||||
}
|
}
|
||||||
gsni := "*"
|
gsni := "*"
|
||||||
|
|
Loading…
Reference in a new issue