mirror of
https://github.com/MetaCubeX/mihomo.git
synced 2026-02-26 16:57:08 +00:00
feat: add ech-key for listeners
This commit is contained in:
wwqgtxx
@@ -3,7 +3,6 @@ package anytls
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"crypto/tls"
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"net"
|
||||
@@ -13,6 +12,8 @@ import (
|
||||
"github.com/metacubex/mihomo/common/atomic"
|
||||
"github.com/metacubex/mihomo/common/buf"
|
||||
"github.com/metacubex/mihomo/component/ca"
|
||||
"github.com/metacubex/mihomo/component/ech"
|
||||
tlsC "github.com/metacubex/mihomo/component/tls"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
LC "github.com/metacubex/mihomo/listener/config"
|
||||
"github.com/metacubex/mihomo/listener/sing"
|
||||
@@ -28,7 +29,7 @@ type Listener struct {
|
||||
closed bool
|
||||
config LC.AnyTLSServer
|
||||
listeners []net.Listener
|
||||
tlsConfig *tls.Config
|
||||
tlsConfig *tlsC.Config
|
||||
userMap map[[32]byte]string
|
||||
padding atomic.TypedValue[*padding.PaddingFactory]
|
||||
}
|
||||
@@ -41,13 +42,20 @@ func New(config LC.AnyTLSServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
}
|
||||
}
|
||||
|
||||
tlsConfig := &tls.Config{}
|
||||
tlsConfig := &tlsC.Config{}
|
||||
if config.Certificate != "" && config.PrivateKey != "" {
|
||||
cert, err := ca.LoadTLSKeyPair(config.Certificate, config.PrivateKey, C.Path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||
tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)}
|
||||
|
||||
if config.EchKey != "" {
|
||||
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sl = &Listener{
|
||||
@@ -87,7 +95,7 @@ func New(config LC.AnyTLSServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
return nil, err
|
||||
}
|
||||
if len(tlsConfig.Certificates) > 0 {
|
||||
l = tls.NewListener(l, tlsConfig)
|
||||
l = tlsC.NewListener(l, tlsConfig)
|
||||
} else {
|
||||
return nil, errors.New("disallow using AnyTLS without certificates config")
|
||||
}
|
||||
|
||||
@@ -10,6 +10,7 @@ type AnyTLSServer struct {
|
||||
Users map[string]string `yaml:"users" json:"users,omitempty"`
|
||||
Certificate string `yaml:"certificate" json:"certificate"`
|
||||
PrivateKey string `yaml:"private-key" json:"private-key"`
|
||||
EchKey string `yaml:"ech-key" json:"ech-key"`
|
||||
PaddingScheme string `yaml:"padding-scheme" json:"padding-scheme,omitempty"`
|
||||
}
|
||||
|
||||
|
||||
@@ -12,5 +12,6 @@ type AuthServer struct {
|
||||
AuthStore auth.AuthStore
|
||||
Certificate string
|
||||
PrivateKey string
|
||||
EchKey string
|
||||
RealityConfig reality.Config
|
||||
}
|
||||
|
||||
@@ -14,6 +14,7 @@ type Hysteria2Server struct {
|
||||
ObfsPassword string `yaml:"obfs-password" json:"obfs-password,omitempty"`
|
||||
Certificate string `yaml:"certificate" json:"certificate"`
|
||||
PrivateKey string `yaml:"private-key" json:"private-key"`
|
||||
EchKey string `yaml:"ech-key" json:"ech-key,omitempty"`
|
||||
MaxIdleTime int `yaml:"max-idle-time" json:"max-idle-time,omitempty"`
|
||||
ALPN []string `yaml:"alpn" json:"alpn,omitempty"`
|
||||
Up string `yaml:"up" json:"up,omitempty"`
|
||||
|
||||
@@ -20,6 +20,7 @@ type TrojanServer struct {
|
||||
GrpcServiceName string
|
||||
Certificate string
|
||||
PrivateKey string
|
||||
EchKey string
|
||||
RealityConfig reality.Config
|
||||
MuxOption sing.MuxOption
|
||||
TrojanSSOption TrojanSSOption
|
||||
|
||||
@@ -13,6 +13,7 @@ type TuicServer struct {
|
||||
Users map[string]string `yaml:"users" json:"users,omitempty"`
|
||||
Certificate string `yaml:"certificate" json:"certificate"`
|
||||
PrivateKey string `yaml:"private-key" json:"private-key"`
|
||||
EchKey string `yaml:"ech-key" json:"ech-key"`
|
||||
CongestionController string `yaml:"congestion-controller" json:"congestion-controller,omitempty"`
|
||||
MaxIdleTime int `yaml:"max-idle-time" json:"max-idle-time,omitempty"`
|
||||
AuthenticationTimeout int `yaml:"authentication-timeout" json:"authentication-timeout,omitempty"`
|
||||
|
||||
@@ -21,6 +21,7 @@ type VlessServer struct {
|
||||
GrpcServiceName string
|
||||
Certificate string
|
||||
PrivateKey string
|
||||
EchKey string
|
||||
RealityConfig reality.Config
|
||||
MuxOption sing.MuxOption `yaml:"mux-option" json:"mux-option,omitempty"`
|
||||
}
|
||||
|
||||
@@ -21,6 +21,7 @@ type VmessServer struct {
|
||||
GrpcServiceName string
|
||||
Certificate string
|
||||
PrivateKey string
|
||||
EchKey string
|
||||
RealityConfig reality.Config
|
||||
MuxOption sing.MuxOption `yaml:"mux-option" json:"mux-option,omitempty"`
|
||||
}
|
||||
|
||||
@@ -1,12 +1,13 @@
|
||||
package http
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"net"
|
||||
|
||||
"github.com/metacubex/mihomo/adapter/inbound"
|
||||
"github.com/metacubex/mihomo/component/ca"
|
||||
"github.com/metacubex/mihomo/component/ech"
|
||||
tlsC "github.com/metacubex/mihomo/component/tls"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
authStore "github.com/metacubex/mihomo/listener/auth"
|
||||
LC "github.com/metacubex/mihomo/listener/config"
|
||||
@@ -64,7 +65,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
||||
return nil, err
|
||||
}
|
||||
|
||||
tlsConfig := &tls.Config{}
|
||||
tlsConfig := &tlsC.Config{}
|
||||
var realityBuilder *reality.Builder
|
||||
|
||||
if config.Certificate != "" && config.PrivateKey != "" {
|
||||
@@ -72,7 +73,14 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||
tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)}
|
||||
|
||||
if config.EchKey != "" {
|
||||
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
if config.RealityConfig.PrivateKey != "" {
|
||||
if tlsConfig.Certificates != nil {
|
||||
@@ -87,7 +95,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
||||
if realityBuilder != nil {
|
||||
l = realityBuilder.NewListener(l)
|
||||
} else if len(tlsConfig.Certificates) > 0 {
|
||||
l = tls.NewListener(l, tlsConfig)
|
||||
l = tlsC.NewListener(l, tlsConfig)
|
||||
}
|
||||
|
||||
hl := &Listener{
|
||||
|
||||
@@ -14,6 +14,7 @@ type AnyTLSOption struct {
|
||||
Users map[string]string `inbound:"users,omitempty"`
|
||||
Certificate string `inbound:"certificate"`
|
||||
PrivateKey string `inbound:"private-key"`
|
||||
EchKey string `inbound:"ech-key,omitempty"`
|
||||
PaddingScheme string `inbound:"padding-scheme,omitempty"`
|
||||
}
|
||||
|
||||
@@ -42,6 +43,7 @@ func NewAnyTLS(options *AnyTLSOption) (*AnyTLS, error) {
|
||||
Users: options.Users,
|
||||
Certificate: options.Certificate,
|
||||
PrivateKey: options.PrivateKey,
|
||||
EchKey: options.EchKey,
|
||||
PaddingScheme: options.PaddingScheme,
|
||||
},
|
||||
}, nil
|
||||
|
||||
@@ -60,4 +60,14 @@ func TestInboundAnyTLS_TLS(t *testing.T) {
|
||||
Fingerprint: tlsFingerprint,
|
||||
}
|
||||
testInboundAnyTLS(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundAnyTLS(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
@@ -18,6 +18,7 @@ import (
|
||||
"github.com/metacubex/mihomo/common/utils"
|
||||
"github.com/metacubex/mihomo/component/ca"
|
||||
"github.com/metacubex/mihomo/component/dialer"
|
||||
"github.com/metacubex/mihomo/component/ech"
|
||||
"github.com/metacubex/mihomo/component/generater"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
|
||||
@@ -38,6 +39,8 @@ var realityPrivateKey, realityPublickey string
|
||||
var realityDest = "itunes.apple.com"
|
||||
var realityShortid = "10f897e26c4b9478"
|
||||
var realityRealDial = false
|
||||
var echPublicSni = "public.sni"
|
||||
var echConfigBase64, echKeyPem, _ = ech.GenECHConfig(echPublicSni)
|
||||
|
||||
func init() {
|
||||
rand.Read(httpData)
|
||||
|
||||
@@ -16,6 +16,7 @@ type HTTPOption struct {
|
||||
Users AuthUsers `inbound:"users,omitempty"`
|
||||
Certificate string `inbound:"certificate,omitempty"`
|
||||
PrivateKey string `inbound:"private-key,omitempty"`
|
||||
EchKey string `inbound:"ech-key,omitempty"`
|
||||
RealityConfig RealityConfig `inbound:"reality-config,omitempty"`
|
||||
}
|
||||
|
||||
@@ -64,6 +65,7 @@ func (h *HTTP) Listen(tunnel C.Tunnel) error {
|
||||
AuthStore: h.config.Users.GetAuthStore(),
|
||||
Certificate: h.config.Certificate,
|
||||
PrivateKey: h.config.PrivateKey,
|
||||
EchKey: h.config.EchKey,
|
||||
RealityConfig: h.config.RealityConfig.Build(),
|
||||
},
|
||||
tunnel,
|
||||
|
||||
@@ -16,6 +16,7 @@ type Hysteria2Option struct {
|
||||
ObfsPassword string `inbound:"obfs-password,omitempty"`
|
||||
Certificate string `inbound:"certificate"`
|
||||
PrivateKey string `inbound:"private-key"`
|
||||
EchKey string `inbound:"ech-key,omitempty"`
|
||||
MaxIdleTime int `inbound:"max-idle-time,omitempty"`
|
||||
ALPN []string `inbound:"alpn,omitempty"`
|
||||
Up string `inbound:"up,omitempty"`
|
||||
@@ -60,6 +61,7 @@ func NewHysteria2(options *Hysteria2Option) (*Hysteria2, error) {
|
||||
ObfsPassword: options.ObfsPassword,
|
||||
Certificate: options.Certificate,
|
||||
PrivateKey: options.PrivateKey,
|
||||
EchKey: options.EchKey,
|
||||
MaxIdleTime: options.MaxIdleTime,
|
||||
ALPN: options.ALPN,
|
||||
Up: options.Up,
|
||||
|
||||
@@ -60,6 +60,16 @@ func TestInboundHysteria2_TLS(t *testing.T) {
|
||||
Fingerprint: tlsFingerprint,
|
||||
}
|
||||
testInboundHysteria2(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundHysteria2(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundHysteria2_Salamander(t *testing.T) {
|
||||
@@ -75,6 +85,16 @@ func TestInboundHysteria2_Salamander(t *testing.T) {
|
||||
ObfsPassword: userUUID,
|
||||
}
|
||||
testInboundHysteria2(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundHysteria2(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundHysteria2_Brutal(t *testing.T) {
|
||||
@@ -90,4 +110,14 @@ func TestInboundHysteria2_Brutal(t *testing.T) {
|
||||
Down: "200 Mbps",
|
||||
}
|
||||
testInboundHysteria2(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundHysteria2(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
@@ -18,6 +18,7 @@ type MixedOption struct {
|
||||
UDP bool `inbound:"udp,omitempty"`
|
||||
Certificate string `inbound:"certificate,omitempty"`
|
||||
PrivateKey string `inbound:"private-key,omitempty"`
|
||||
EchKey string `inbound:"ech-key,omitempty"`
|
||||
RealityConfig RealityConfig `inbound:"reality-config,omitempty"`
|
||||
}
|
||||
|
||||
@@ -69,6 +70,7 @@ func (m *Mixed) Listen(tunnel C.Tunnel) error {
|
||||
AuthStore: m.config.Users.GetAuthStore(),
|
||||
Certificate: m.config.Certificate,
|
||||
PrivateKey: m.config.PrivateKey,
|
||||
EchKey: m.config.EchKey,
|
||||
RealityConfig: m.config.RealityConfig.Build(),
|
||||
},
|
||||
tunnel,
|
||||
|
||||
@@ -17,6 +17,7 @@ type SocksOption struct {
|
||||
UDP bool `inbound:"udp,omitempty"`
|
||||
Certificate string `inbound:"certificate,omitempty"`
|
||||
PrivateKey string `inbound:"private-key,omitempty"`
|
||||
EchKey string `inbound:"ech-key,omitempty"`
|
||||
RealityConfig RealityConfig `inbound:"reality-config,omitempty"`
|
||||
}
|
||||
|
||||
@@ -89,6 +90,7 @@ func (s *Socks) Listen(tunnel C.Tunnel) error {
|
||||
AuthStore: s.config.Users.GetAuthStore(),
|
||||
Certificate: s.config.Certificate,
|
||||
PrivateKey: s.config.PrivateKey,
|
||||
EchKey: s.config.EchKey,
|
||||
RealityConfig: s.config.RealityConfig.Build(),
|
||||
},
|
||||
tunnel,
|
||||
|
||||
@@ -16,6 +16,7 @@ type TrojanOption struct {
|
||||
GrpcServiceName string `inbound:"grpc-service-name,omitempty"`
|
||||
Certificate string `inbound:"certificate,omitempty"`
|
||||
PrivateKey string `inbound:"private-key,omitempty"`
|
||||
EchKey string `inbound:"ech-key,omitempty"`
|
||||
RealityConfig RealityConfig `inbound:"reality-config,omitempty"`
|
||||
MuxOption MuxOption `inbound:"mux-option,omitempty"`
|
||||
SSOption TrojanSSOption `inbound:"ss-option,omitempty"`
|
||||
@@ -67,6 +68,7 @@ func NewTrojan(options *TrojanOption) (*Trojan, error) {
|
||||
GrpcServiceName: options.GrpcServiceName,
|
||||
Certificate: options.Certificate,
|
||||
PrivateKey: options.PrivateKey,
|
||||
EchKey: options.EchKey,
|
||||
RealityConfig: options.RealityConfig.Build(),
|
||||
MuxOption: options.MuxOption.Build(),
|
||||
TrojanSSOption: LC.TrojanSSOption{
|
||||
|
||||
@@ -64,6 +64,16 @@ func TestInboundTrojan_TLS(t *testing.T) {
|
||||
Fingerprint: tlsFingerprint,
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundTrojan_Wss1(t *testing.T) {
|
||||
@@ -80,6 +90,16 @@ func TestInboundTrojan_Wss1(t *testing.T) {
|
||||
},
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundTrojan_Wss2(t *testing.T) {
|
||||
@@ -97,6 +117,16 @@ func TestInboundTrojan_Wss2(t *testing.T) {
|
||||
},
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundTrojan_Grpc1(t *testing.T) {
|
||||
@@ -111,6 +141,16 @@ func TestInboundTrojan_Grpc1(t *testing.T) {
|
||||
GrpcOpts: outbound.GrpcOptions{GrpcServiceName: "GunService"},
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundTrojan_Grpc2(t *testing.T) {
|
||||
@@ -126,6 +166,16 @@ func TestInboundTrojan_Grpc2(t *testing.T) {
|
||||
GrpcOpts: outbound.GrpcOptions{GrpcServiceName: "GunService"},
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundTrojan_Reality(t *testing.T) {
|
||||
@@ -190,6 +240,16 @@ func TestInboundTrojan_TLS_TrojanSS(t *testing.T) {
|
||||
},
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundTrojan_Wss_TrojanSS(t *testing.T) {
|
||||
@@ -216,4 +276,14 @@ func TestInboundTrojan_Wss_TrojanSS(t *testing.T) {
|
||||
},
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundTrojan(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
@@ -15,6 +15,7 @@ type TuicOption struct {
|
||||
Users map[string]string `inbound:"users,omitempty"`
|
||||
Certificate string `inbound:"certificate"`
|
||||
PrivateKey string `inbound:"private-key"`
|
||||
EchKey string `inbound:"ech-key,omitempty"`
|
||||
CongestionController string `inbound:"congestion-controller,omitempty"`
|
||||
MaxIdleTime int `inbound:"max-idle-time,omitempty"`
|
||||
AuthenticationTimeout int `inbound:"authentication-timeout,omitempty"`
|
||||
@@ -50,6 +51,7 @@ func NewTuic(options *TuicOption) (*Tuic, error) {
|
||||
Users: options.Users,
|
||||
Certificate: options.Certificate,
|
||||
PrivateKey: options.PrivateKey,
|
||||
EchKey: options.EchKey,
|
||||
CongestionController: options.CongestionController,
|
||||
MaxIdleTime: options.MaxIdleTime,
|
||||
AuthenticationTimeout: options.AuthenticationTimeout,
|
||||
|
||||
@@ -89,4 +89,14 @@ func TestInboundTuic_TLS(t *testing.T) {
|
||||
Fingerprint: tlsFingerprint,
|
||||
}
|
||||
testInboundTuic(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundTuic(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@ type VlessOption struct {
|
||||
GrpcServiceName string `inbound:"grpc-service-name,omitempty"`
|
||||
Certificate string `inbound:"certificate,omitempty"`
|
||||
PrivateKey string `inbound:"private-key,omitempty"`
|
||||
EchKey string `inbound:"ech-key,omitempty"`
|
||||
RealityConfig RealityConfig `inbound:"reality-config,omitempty"`
|
||||
MuxOption MuxOption `inbound:"mux-option,omitempty"`
|
||||
}
|
||||
@@ -61,6 +62,7 @@ func NewVless(options *VlessOption) (*Vless, error) {
|
||||
GrpcServiceName: options.GrpcServiceName,
|
||||
Certificate: options.Certificate,
|
||||
PrivateKey: options.PrivateKey,
|
||||
EchKey: options.EchKey,
|
||||
RealityConfig: options.RealityConfig.Build(),
|
||||
MuxOption: options.MuxOption.Build(),
|
||||
},
|
||||
|
||||
@@ -66,9 +66,25 @@ func TestInboundVless_TLS(t *testing.T) {
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("xtls-rprx-vision", func(t *testing.T) {
|
||||
outboundOptions := outboundOptions
|
||||
outboundOptions.Flow = "xtls-rprx-vision"
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("xtls-rprx-vision", func(t *testing.T) {
|
||||
outboundOptions := outboundOptions
|
||||
outboundOptions.Flow = "xtls-rprx-vision"
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVless_Wss1(t *testing.T) {
|
||||
@@ -87,9 +103,25 @@ func TestInboundVless_Wss1(t *testing.T) {
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("xtls-rprx-vision", func(t *testing.T) {
|
||||
outboundOptions := outboundOptions
|
||||
outboundOptions.Flow = "xtls-rprx-vision"
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("xtls-rprx-vision", func(t *testing.T) {
|
||||
outboundOptions := outboundOptions
|
||||
outboundOptions.Flow = "xtls-rprx-vision"
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVless_Wss2(t *testing.T) {
|
||||
@@ -109,9 +141,25 @@ func TestInboundVless_Wss2(t *testing.T) {
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("xtls-rprx-vision", func(t *testing.T) {
|
||||
outboundOptions := outboundOptions
|
||||
outboundOptions.Flow = "xtls-rprx-vision"
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("xtls-rprx-vision", func(t *testing.T) {
|
||||
outboundOptions := outboundOptions
|
||||
outboundOptions.Flow = "xtls-rprx-vision"
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVless_Grpc1(t *testing.T) {
|
||||
@@ -127,6 +175,16 @@ func TestInboundVless_Grpc1(t *testing.T) {
|
||||
GrpcOpts: outbound.GrpcOptions{GrpcServiceName: "GunService"},
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVless_Grpc2(t *testing.T) {
|
||||
@@ -143,6 +201,16 @@ func TestInboundVless_Grpc2(t *testing.T) {
|
||||
GrpcOpts: outbound.GrpcOptions{GrpcServiceName: "GunService"},
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVless_Reality(t *testing.T) {
|
||||
@@ -165,9 +233,25 @@ func TestInboundVless_Reality(t *testing.T) {
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("xtls-rprx-vision", func(t *testing.T) {
|
||||
outboundOptions := outboundOptions
|
||||
outboundOptions.Flow = "xtls-rprx-vision"
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("xtls-rprx-vision", func(t *testing.T) {
|
||||
outboundOptions := outboundOptions
|
||||
outboundOptions.Flow = "xtls-rprx-vision"
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVless_Reality_Grpc(t *testing.T) {
|
||||
@@ -192,4 +276,14 @@ func TestInboundVless_Reality_Grpc(t *testing.T) {
|
||||
GrpcOpts: outbound.GrpcOptions{GrpcServiceName: "GunService"},
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVless(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@ type VmessOption struct {
|
||||
GrpcServiceName string `inbound:"grpc-service-name,omitempty"`
|
||||
Certificate string `inbound:"certificate,omitempty"`
|
||||
PrivateKey string `inbound:"private-key,omitempty"`
|
||||
EchKey string `inbound:"ech-key,omitempty"`
|
||||
RealityConfig RealityConfig `inbound:"reality-config,omitempty"`
|
||||
MuxOption MuxOption `inbound:"mux-option,omitempty"`
|
||||
}
|
||||
@@ -61,6 +62,7 @@ func NewVmess(options *VmessOption) (*Vmess, error) {
|
||||
GrpcServiceName: options.GrpcServiceName,
|
||||
Certificate: options.Certificate,
|
||||
PrivateKey: options.PrivateKey,
|
||||
EchKey: options.EchKey,
|
||||
RealityConfig: options.RealityConfig.Build(),
|
||||
MuxOption: options.MuxOption.Build(),
|
||||
},
|
||||
|
||||
@@ -73,6 +73,16 @@ func TestInboundVMess_TLS(t *testing.T) {
|
||||
Fingerprint: tlsFingerprint,
|
||||
}
|
||||
testInboundVMess(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVMess(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVMess_Ws(t *testing.T) {
|
||||
@@ -160,6 +170,16 @@ func TestInboundVMess_Wss1(t *testing.T) {
|
||||
},
|
||||
}
|
||||
testInboundVMess(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVMess(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVMess_Wss2(t *testing.T) {
|
||||
@@ -178,6 +198,16 @@ func TestInboundVMess_Wss2(t *testing.T) {
|
||||
},
|
||||
}
|
||||
testInboundVMess(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVMess(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVMess_Grpc1(t *testing.T) {
|
||||
@@ -193,6 +223,16 @@ func TestInboundVMess_Grpc1(t *testing.T) {
|
||||
GrpcOpts: outbound.GrpcOptions{GrpcServiceName: "GunService"},
|
||||
}
|
||||
testInboundVMess(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVMess(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVMess_Grpc2(t *testing.T) {
|
||||
@@ -209,6 +249,16 @@ func TestInboundVMess_Grpc2(t *testing.T) {
|
||||
GrpcOpts: outbound.GrpcOptions{GrpcServiceName: "GunService"},
|
||||
}
|
||||
testInboundVMess(t, inboundOptions, outboundOptions)
|
||||
t.Run("ECH", func(t *testing.T) {
|
||||
inboundOptions := inboundOptions
|
||||
outboundOptions := outboundOptions
|
||||
inboundOptions.EchKey = echKeyPem
|
||||
outboundOptions.ECHOpts = outbound.ECHOptions{
|
||||
Enable: true,
|
||||
Config: echConfigBase64,
|
||||
}
|
||||
testInboundVMess(t, inboundOptions, outboundOptions)
|
||||
})
|
||||
}
|
||||
|
||||
func TestInboundVMess_Reality(t *testing.T) {
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
package mixed
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"net"
|
||||
|
||||
@@ -9,6 +8,8 @@ import (
|
||||
N "github.com/metacubex/mihomo/common/net"
|
||||
"github.com/metacubex/mihomo/component/auth"
|
||||
"github.com/metacubex/mihomo/component/ca"
|
||||
"github.com/metacubex/mihomo/component/ech"
|
||||
tlsC "github.com/metacubex/mihomo/component/tls"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
authStore "github.com/metacubex/mihomo/listener/auth"
|
||||
LC "github.com/metacubex/mihomo/listener/config"
|
||||
@@ -60,7 +61,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
||||
return nil, err
|
||||
}
|
||||
|
||||
tlsConfig := &tls.Config{}
|
||||
tlsConfig := &tlsC.Config{}
|
||||
var realityBuilder *reality.Builder
|
||||
|
||||
if config.Certificate != "" && config.PrivateKey != "" {
|
||||
@@ -68,7 +69,14 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||
tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)}
|
||||
|
||||
if config.EchKey != "" {
|
||||
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
if config.RealityConfig.PrivateKey != "" {
|
||||
if tlsConfig.Certificates != nil {
|
||||
@@ -83,7 +91,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
||||
if realityBuilder != nil {
|
||||
l = realityBuilder.NewListener(l)
|
||||
} else if len(tlsConfig.Certificates) > 0 {
|
||||
l = tls.NewListener(l, tlsConfig)
|
||||
l = tlsC.NewListener(l, tlsConfig)
|
||||
}
|
||||
|
||||
ml := &Listener{
|
||||
|
||||
@@ -2,7 +2,6 @@ package sing_hysteria2
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
@@ -15,6 +14,7 @@ import (
|
||||
"github.com/metacubex/mihomo/adapter/outbound"
|
||||
"github.com/metacubex/mihomo/common/sockopt"
|
||||
"github.com/metacubex/mihomo/component/ca"
|
||||
"github.com/metacubex/mihomo/component/ech"
|
||||
tlsC "github.com/metacubex/mihomo/component/tls"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
LC "github.com/metacubex/mihomo/listener/config"
|
||||
@@ -60,9 +60,16 @@ func New(config LC.Hysteria2Server, tunnel C.Tunnel, additions ...inbound.Additi
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig := &tls.Config{
|
||||
MinVersion: tls.VersionTLS13,
|
||||
Certificates: []tls.Certificate{cert},
|
||||
tlsConfig := &tlsC.Config{
|
||||
MinVersion: tlsC.VersionTLS13,
|
||||
}
|
||||
tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)}
|
||||
|
||||
if config.EchKey != "" {
|
||||
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
if len(config.ALPN) > 0 {
|
||||
tlsConfig.NextProtos = config.ALPN
|
||||
@@ -125,7 +132,7 @@ func New(config LC.Hysteria2Server, tunnel C.Tunnel, additions ...inbound.Additi
|
||||
SendBPS: outbound.StringToBps(config.Up),
|
||||
ReceiveBPS: outbound.StringToBps(config.Down),
|
||||
SalamanderPassword: salamanderPassword,
|
||||
TLSConfig: tlsC.UConfig(tlsConfig),
|
||||
TLSConfig: tlsConfig,
|
||||
QUICConfig: quicConfig,
|
||||
IgnoreClientBandwidth: config.IgnoreClientBandwidth,
|
||||
UDPTimeout: sing.UDPTimeout,
|
||||
|
||||
@@ -2,7 +2,6 @@ package sing_vless
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"net"
|
||||
"net/http"
|
||||
@@ -12,6 +11,7 @@ import (
|
||||
|
||||
"github.com/metacubex/mihomo/adapter/inbound"
|
||||
"github.com/metacubex/mihomo/component/ca"
|
||||
"github.com/metacubex/mihomo/component/ech"
|
||||
tlsC "github.com/metacubex/mihomo/component/tls"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
LC "github.com/metacubex/mihomo/listener/config"
|
||||
@@ -82,7 +82,7 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
|
||||
sl = &Listener{false, config, nil, service}
|
||||
|
||||
tlsConfig := &tls.Config{}
|
||||
tlsConfig := &tlsC.Config{}
|
||||
var realityBuilder *reality.Builder
|
||||
var httpHandler http.Handler
|
||||
|
||||
@@ -91,7 +91,14 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||
tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)}
|
||||
|
||||
if config.EchKey != "" {
|
||||
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
if config.RealityConfig.PrivateKey != "" {
|
||||
if tlsConfig.Certificates != nil {
|
||||
@@ -137,7 +144,7 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
if realityBuilder != nil {
|
||||
l = realityBuilder.NewListener(l)
|
||||
} else if len(tlsConfig.Certificates) > 0 {
|
||||
l = tls.NewListener(l, tlsConfig)
|
||||
l = tlsC.NewListener(l, tlsConfig)
|
||||
} else {
|
||||
return nil, errors.New("disallow using Vless without both certificates/reality config")
|
||||
}
|
||||
|
||||
@@ -2,7 +2,6 @@ package sing_vmess
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"net"
|
||||
"net/http"
|
||||
@@ -11,6 +10,8 @@ import (
|
||||
|
||||
"github.com/metacubex/mihomo/adapter/inbound"
|
||||
"github.com/metacubex/mihomo/component/ca"
|
||||
"github.com/metacubex/mihomo/component/ech"
|
||||
tlsC "github.com/metacubex/mihomo/component/tls"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
LC "github.com/metacubex/mihomo/listener/config"
|
||||
"github.com/metacubex/mihomo/listener/reality"
|
||||
@@ -75,7 +76,7 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
|
||||
sl = &Listener{false, config, nil, service}
|
||||
|
||||
tlsConfig := &tls.Config{}
|
||||
tlsConfig := &tlsC.Config{}
|
||||
var realityBuilder *reality.Builder
|
||||
var httpHandler http.Handler
|
||||
|
||||
@@ -84,7 +85,14 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||
tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)}
|
||||
|
||||
if config.EchKey != "" {
|
||||
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
if config.RealityConfig.PrivateKey != "" {
|
||||
if tlsConfig.Certificates != nil {
|
||||
@@ -130,7 +138,7 @@ func New(config LC.VmessServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
if realityBuilder != nil {
|
||||
l = realityBuilder.NewListener(l)
|
||||
} else if len(tlsConfig.Certificates) > 0 {
|
||||
l = tls.NewListener(l, tlsConfig)
|
||||
l = tlsC.NewListener(l, tlsConfig)
|
||||
}
|
||||
sl.listeners = append(sl.listeners, l)
|
||||
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
package socks
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"io"
|
||||
"net"
|
||||
@@ -10,6 +9,8 @@ import (
|
||||
N "github.com/metacubex/mihomo/common/net"
|
||||
"github.com/metacubex/mihomo/component/auth"
|
||||
"github.com/metacubex/mihomo/component/ca"
|
||||
"github.com/metacubex/mihomo/component/ech"
|
||||
tlsC "github.com/metacubex/mihomo/component/tls"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
authStore "github.com/metacubex/mihomo/listener/auth"
|
||||
LC "github.com/metacubex/mihomo/listener/config"
|
||||
@@ -59,7 +60,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
||||
return nil, err
|
||||
}
|
||||
|
||||
tlsConfig := &tls.Config{}
|
||||
tlsConfig := &tlsC.Config{}
|
||||
var realityBuilder *reality.Builder
|
||||
|
||||
if config.Certificate != "" && config.PrivateKey != "" {
|
||||
@@ -67,7 +68,14 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||
tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)}
|
||||
|
||||
if config.EchKey != "" {
|
||||
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
if config.RealityConfig.PrivateKey != "" {
|
||||
if tlsConfig.Certificates != nil {
|
||||
@@ -82,7 +90,7 @@ func NewWithConfig(config LC.AuthServer, tunnel C.Tunnel, additions ...inbound.A
|
||||
if realityBuilder != nil {
|
||||
l = realityBuilder.NewListener(l)
|
||||
} else if len(tlsConfig.Certificates) > 0 {
|
||||
l = tls.NewListener(l, tlsConfig)
|
||||
l = tlsC.NewListener(l, tlsConfig)
|
||||
}
|
||||
|
||||
sl := &Listener{
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
package trojan
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"io"
|
||||
"net"
|
||||
@@ -10,6 +9,8 @@ import (
|
||||
|
||||
"github.com/metacubex/mihomo/adapter/inbound"
|
||||
"github.com/metacubex/mihomo/component/ca"
|
||||
"github.com/metacubex/mihomo/component/ech"
|
||||
tlsC "github.com/metacubex/mihomo/component/tls"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
LC "github.com/metacubex/mihomo/listener/config"
|
||||
"github.com/metacubex/mihomo/listener/reality"
|
||||
@@ -69,7 +70,7 @@ func New(config LC.TrojanServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
}
|
||||
sl = &Listener{false, config, nil, keys, pickCipher, h}
|
||||
|
||||
tlsConfig := &tls.Config{}
|
||||
tlsConfig := &tlsC.Config{}
|
||||
var realityBuilder *reality.Builder
|
||||
var httpHandler http.Handler
|
||||
|
||||
@@ -78,7 +79,14 @@ func New(config LC.TrojanServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||
tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)}
|
||||
|
||||
if config.EchKey != "" {
|
||||
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
if config.RealityConfig.PrivateKey != "" {
|
||||
if tlsConfig.Certificates != nil {
|
||||
@@ -124,7 +132,7 @@ func New(config LC.TrojanServer, tunnel C.Tunnel, additions ...inbound.Addition)
|
||||
if realityBuilder != nil {
|
||||
l = realityBuilder.NewListener(l)
|
||||
} else if len(tlsConfig.Certificates) > 0 {
|
||||
l = tls.NewListener(l, tlsConfig)
|
||||
l = tlsC.NewListener(l, tlsConfig)
|
||||
} else if !config.TrojanSSOption.Enabled {
|
||||
return nil, errors.New("disallow using Trojan without both certificates/reality/ss config")
|
||||
}
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
package tuic
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"net"
|
||||
"strings"
|
||||
"time"
|
||||
@@ -9,6 +8,7 @@ import (
|
||||
"github.com/metacubex/mihomo/adapter/inbound"
|
||||
"github.com/metacubex/mihomo/common/sockopt"
|
||||
"github.com/metacubex/mihomo/component/ca"
|
||||
"github.com/metacubex/mihomo/component/ech"
|
||||
tlsC "github.com/metacubex/mihomo/component/tls"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
LC "github.com/metacubex/mihomo/listener/config"
|
||||
@@ -52,9 +52,16 @@ func New(config LC.TuicServer, tunnel C.Tunnel, additions ...inbound.Addition) (
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsConfig := &tls.Config{
|
||||
MinVersion: tls.VersionTLS13,
|
||||
Certificates: []tls.Certificate{cert},
|
||||
tlsConfig := &tlsC.Config{
|
||||
MinVersion: tlsC.VersionTLS13,
|
||||
}
|
||||
tlsConfig.Certificates = []tlsC.Certificate{tlsC.UCertificate(cert)}
|
||||
|
||||
if config.EchKey != "" {
|
||||
err = ech.LoadECHKey(config.EchKey, tlsConfig, C.Path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
if len(config.ALPN) > 0 {
|
||||
tlsConfig.NextProtos = config.ALPN
|
||||
@@ -125,7 +132,7 @@ func New(config LC.TuicServer, tunnel C.Tunnel, additions ...inbound.Addition) (
|
||||
option := &tuic.ServerOption{
|
||||
HandleTcpFn: handleTcpFn,
|
||||
HandleUdpFn: handleUdpFn,
|
||||
TlsConfig: tlsC.UConfig(tlsConfig),
|
||||
TlsConfig: tlsConfig,
|
||||
QuicConfig: quicConfig,
|
||||
CongestionController: config.CongestionController,
|
||||
AuthenticationTimeout: time.Duration(config.AuthenticationTimeout) * time.Millisecond,
|
||||
|
||||
Reference in New Issue
Block a user