From 767cd558174651cdc30a1b4bf45fcb9a62eb4168 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Fri, 19 Aug 2022 18:05:26 +0800 Subject: [PATCH] Fix acme issuer --- inbound/tls.go | 5 ++--- inbound/tls_acme.go | 36 ++++++++++++++++++++++-------------- inbound/tls_acme_stub.go | 3 ++- 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/inbound/tls.go b/inbound/tls.go index f80b62b8..484346f3 100644 --- a/inbound/tls.go +++ b/inbound/tls.go @@ -133,19 +133,18 @@ func NewTLSConfig(ctx context.Context, logger log.Logger, options option.Inbound var acmeService adapter.Service var err error if options.ACME != nil && len(options.ACME.Domain) > 0 { - tlsConfig, acmeService, err = startACME(ctx, common.PtrValueOrDefault(options.ACME)) + tlsConfig, acmeService, err = startACME(ctx, logger, common.PtrValueOrDefault(options.ACME)) if err != nil { return nil, err } } else { tlsConfig = &tls.Config{} } - tlsConfig.NextProtos = []string{} if options.ServerName != "" { tlsConfig.ServerName = options.ServerName } if len(options.ALPN) > 0 { - tlsConfig.NextProtos = options.ALPN + tlsConfig.NextProtos = append(tlsConfig.NextProtos, options.ALPN...) } if options.MinVersion != "" { minVersion, err := option.ParseTLSVersion(options.MinVersion) diff --git a/inbound/tls_acme.go b/inbound/tls_acme.go index e24b7579..c169704c 100644 --- a/inbound/tls_acme.go +++ b/inbound/tls_acme.go @@ -11,6 +11,7 @@ import ( "github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/option" E "github.com/sagernet/sing/common/exceptions" + "github.com/sagernet/sing/common/logger" ) type acmeWrapper struct { @@ -28,7 +29,7 @@ func (w *acmeWrapper) Close() error { return nil } -func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) { +func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) { var acmeServer string switch options.Provider { case "", "letsencrypt": @@ -46,21 +47,28 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con storage = &certmagic.FileStorage{ Path: options.DataDirectory, } + } else { + storage = certmagic.Default.Storage } - config := certmagic.New(certmagic.NewCache(certmagic.CacheOptions{}), certmagic.Config{ + config := &certmagic.Config{ DefaultServerName: options.DefaultServerName, - Issuers: []certmagic.Issuer{ - &certmagic.ACMEIssuer{ - CA: acmeServer, - Email: options.Email, - Agreed: true, - DisableHTTPChallenge: options.DisableHTTPChallenge, - DisableTLSALPNChallenge: options.DisableTLSALPNChallenge, - AltHTTPPort: int(options.AlternativeHTTPPort), - AltTLSALPNPort: int(options.AlternativeTLSPort), - }, + Storage: storage, + } + config.Issuers = []certmagic.Issuer{ + certmagic.NewACMEIssuer(config, certmagic.ACMEIssuer{ + CA: acmeServer, + Email: options.Email, + Agreed: true, + DisableHTTPChallenge: options.DisableHTTPChallenge, + DisableTLSALPNChallenge: options.DisableTLSALPNChallenge, + AltHTTPPort: int(options.AlternativeHTTPPort), + AltTLSALPNPort: int(options.AlternativeTLSPort), + }), + } + config = certmagic.New(certmagic.NewCache(certmagic.CacheOptions{ + GetConfigForCert: func(certificate certmagic.Certificate) (*certmagic.Config, error) { + return config, nil }, - Storage: storage, - }) + }), *config) return config.TLSConfig(), &acmeWrapper{ctx, config, options.Domain}, nil } diff --git a/inbound/tls_acme_stub.go b/inbound/tls_acme_stub.go index f787aa14..8ae49278 100644 --- a/inbound/tls_acme_stub.go +++ b/inbound/tls_acme_stub.go @@ -9,8 +9,9 @@ import ( "github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/option" E "github.com/sagernet/sing/common/exceptions" + "github.com/sagernet/sing/common/logger" ) -func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) { +func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) { return nil, nil, E.New(`ACME is not included in this build, rebuild with -tags with_acme`) }