mirrors/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-04-30 17:38:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

MITM: Allow using local received SNI in the outgoing serverName & verifyPeerCertInNames

Browse source 
https://github.com/XTLS/Xray-core/issues/4348#issuecomment-2637370175

Local received SNI was sent by browser/app.

In freedom RAW's `tlsSettings`, set `"serverName": "fromMitm"` to forward it to the real website.

In freedom RAW's `tlsSettings`, set `"verifyPeerCertInNames": ["fromMitm"]` to use all possible names to verify the certificate.
This commit is contained in:
RPRX 2025-02-06 07:37:30 +00:00 committed by GitHub
parent 9b7841178a
commit c6a31f457c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 150 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

8
infra/conf/transport_internet.go
View file

@ -411,6 +411,7 @@ type TLSConfig struct {
CurvePreferences *StringList `json:"curvePreferences"`
MasterKeyLog string `json:"masterKeyLog"`
ServerNameToVerify string `json:"serverNameToVerify"`
VerifyPeerCertInNames []string `json:"verifyPeerCertInNames"`
}
// Build implements Buildable.
@ -469,10 +470,11 @@ func (c *TLSConfig) Build() (proto.Message, error) {
}
config.MasterKeyLog = c.MasterKeyLog
config.ServerNameToVerify = c.ServerNameToVerify
if config.ServerNameToVerify != "" && config.Fingerprint == "unsafe" {
return nil, errors.New(`serverNameToVerify only works with uTLS for now`)
if c.ServerNameToVerify != "" {
return nil, errors.PrintRemovedFeatureError("serverNameToVerify", "verifyPeerCertInNames")
}
config.VerifyPeerCertInNames = c.VerifyPeerCertInNames
return config, nil
}