* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server
* protocol harmonization with V2Ray/V2Fly by supporting both V2Ray server and XRay server comment
* verify peer cert function for better man in the middle prevention
* publish cert chain hash generation algorithm
* added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb
* apply coding style
* added test case for pinned certificates
* refactored cert pin
* pinned cert test
* added json loading of the PinnedPeerCertificateChainSha256
* removed tool to prepare for v5
* Add server cert pinning for Xtls
Change command "xray tls certChainHash" to xray style
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
* use shadowsocket's bloomring for shadowsocket's replay protection
* added shadowsockets iv check for tcp socket
* Rename to shadowsockets iv check
* shadowsocks iv check config file
* iv check should proceed after decryption
* use shadowsocket's bloomring for shadowsocket's replay protection
* Chore: format code (#842)
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com>
When gRPC transport have been configured to use TLS, it may silently ignore TLS failure. This may make it harder to diagnose TLS setting issues when gRPC transport is used. This comment is added to help other developers be aware of this caveat.
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
* DNS: add clientip for specific nameserver
* Refactoring: DNS App
* DNS: add DNS over QUIC support
* Feat: add disableCache option for DNS
* Feat: add queryStrategy option for DNS
* Feat: add disableFallback & skipFallback option for DNS
* Feat: DNS hosts support multiple addresses
* Feat: DNS transport over TCP
* DNS: fix typo & refine code
* DNS: refine code
* Add disableFallbackIfMatch dns option
* Feat: routing and freedom outbound ignore Fake DNS
Turn off fake DNS for request sent from Routing and Freedom outbound.
Fake DNS now only apply to DNS outbound.
This is important for Android, where VPN service take over all system DNS
traffic and pass it to core. "UseIp" option can be used in Freedom outbound
to avoid getting fake IP and fail connection.
* Fix test
* Fix dns return
* Fix local dns return empty
* Apply timeout to dns outbound
* Update app/dns/config.go
Co-authored-by: Loyalsoldier <10487845+loyalsoldier@users.noreply.github.com>
Co-authored-by: Ye Zhihao <vigilans@foxmail.com>
Co-authored-by: maskedeken <52683904+maskedeken@users.noreply.github.com>
Co-authored-by: V2Fly Team <51714622+vcptr@users.noreply.github.com>
Co-authored-by: CalmLong <37164399+calmlong@users.noreply.github.com>
Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
Co-authored-by: 秋のかえで <autmaple@protonmail.com>
Co-authored-by: 朱聖黎 <digglife@gmail.com>
Co-authored-by: rurirei <72071920+rurirei@users.noreply.github.com>
Co-authored-by: yuhan6665 <1588741+yuhan6665@users.noreply.github.com>
Co-authored-by: Arthur Morgan <4637240+badO1a5A90@users.noreply.github.com>
Shelikhoo
世界
maskedeken
Loyalsoldier
秋のかえで
yuhan6665
Ovear
Arthur Morgan
dependabot[bot]
lucifer