mirror of
https://github.com/XTLS/Xray-core.git
synced 2025-06-13 06:48:40 +00:00
DNS DoH: Add h2c Remote mode (with TLS serverNameToVerify)
https://github.com/XTLS/Xray-core/issues/4313#issuecomment-2609339864 Applies https://github.com/refraction-networking/utls/pull/161 Closes https://github.com/XTLS/Xray-core/issues/4313
This commit is contained in:
RPRX
GitHub
parent
a0822cb440
commit
2522cfd7be
7 changed files with 105 additions and 56 deletions
transport/internet/tls
|
|
@ -4,6 +4,7 @@ import (
|
|||
"bytes"
|
||||
"context"
|
||||
"crypto/hmac"
|
||||
"crypto/rand"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/base64"
|
||||
|
|
@ -303,6 +304,14 @@ func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Cert
|
|||
return nil
|
||||
}
|
||||
|
||||
type RandCarrier struct {
|
||||
ServerNameToVerify string
|
||||
}
|
||||
|
||||
func (r *RandCarrier) Read(p []byte) (n int, err error) {
|
||||
return rand.Read(p)
|
||||
}
|
||||
|
||||
// GetTLSConfig converts this Config into tls.Config.
|
||||
func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
|
||||
root, err := c.getCertPool()
|
||||
|
|
@ -321,6 +330,9 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
|
|||
}
|
||||
|
||||
config := &tls.Config{
|
||||
Rand: &RandCarrier{
|
||||
ServerNameToVerify: c.ServerNameToVerify,
|
||||
},
|
||||
ClientSessionCache: globalSessionCache,
|
||||
RootCAs: root,
|
||||
InsecureSkipVerify: c.AllowInsecure,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue