yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-11-04 03:05:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow specifying TLS SNI with ?sni= in peering URI

Browse source
This commit is contained in:
Neil Alexander 2021-07-28 22:11:20 +01:00
parent b333c7d7f3
commit d8df9755f2
3 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/core/link.go
View file

@ -98,6 +98,7 @@ func (l *links) call(u *url.URL, sintf string) error {
l.tcp.call(pathtokens[0], tcpOpts, sintf) l.tcp.call(pathtokens[0], tcpOpts, sintf)
case "tls": case "tls":
tcpOpts.upgrade = l.tcp.tls.forDialer tcpOpts.upgrade = l.tcp.tls.forDialer
tcpOpts.tlsSNI = u.Query().Get("sni")
l.tcp.call(u.Host, tcpOpts, sintf) l.tcp.call(u.Host, tcpOpts, sintf)
default: default:
return errors.New("unknown call scheme: " + u.Scheme) return errors.New("unknown call scheme: " + u.Scheme)

1
src/core/tcp.go
View file

@ -64,6 +64,7 @@ type tcpOptions struct {
socksProxyAddr string socksProxyAddr string
socksProxyAuth *proxy.Auth socksProxyAuth *proxy.Auth
socksPeerAddr string socksPeerAddr string
tlsSNI string
} }
func (l *TcpListener) Stop() { func (l *TcpListener) Stop() {

13
src/core/tls.go
View file

@ -77,8 +77,8 @@ func (t *tcptls) init(tcp *tcp) {
} }
} }
func (t *tcptls) configForOptions(options *tcpOptions) *tls.Config { func (t *tcptls) configForOptions(options *tcpOptions, serverName string) *tls.Config {
config := *t.config config := t.config.Clone()
config.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error { config.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
if len(rawCerts) != 1 { if len(rawCerts) != 1 {
return errors.New("tls not exactly 1 cert") return errors.New("tls not exactly 1 cert")
@ -103,11 +103,14 @@ func (t *tcptls) configForOptions(options *tcpOptions) *tls.Config {
} }
return nil return nil
} }
return &config if serverName != "" {
config.ServerName = serverName
}
return config
} }
func (t *tcptls) upgradeListener(c net.Conn, options *tcpOptions) (net.Conn, error) { func (t *tcptls) upgradeListener(c net.Conn, options *tcpOptions) (net.Conn, error) {
config := t.configForOptions(options) config := t.configForOptions(options, "")
conn := tls.Server(c, config) conn := tls.Server(c, config)
if err := conn.Handshake(); err != nil { if err := conn.Handshake(); err != nil {
return c, err return c, err
@ -116,7 +119,7 @@ func (t *tcptls) upgradeListener(c net.Conn, options *tcpOptions) (net.Conn, err
} }
func (t *tcptls) upgradeDialer(c net.Conn, options *tcpOptions) (net.Conn, error) { func (t *tcptls) upgradeDialer(c net.Conn, options *tcpOptions) (net.Conn, error) {
config := t.configForOptions(options) config := t.configForOptions(options, options.tlsSNI)
conn := tls.Client(c, config) conn := tls.Client(c, config)
if err := conn.Handshake(); err != nil { if err := conn.Handshake(); err != nil {
return c, err return c, err