From 7559f12d02643e3ed10c8d7df98970cd66145643 Mon Sep 17 00:00:00 2001 From: NNdroid <99177648+NNdroid@users.noreply.github.com> Date: Thu, 29 Jun 2023 20:13:40 +0800 Subject: [PATCH 1/4] fix wss client tls sni error. --- common/netutil/netutil.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/common/netutil/netutil.go b/common/netutil/netutil.go index 9cc274f..eb17331 100644 --- a/common/netutil/netutil.go +++ b/common/netutil/netutil.go @@ -27,13 +27,16 @@ func ConnectServer(config config.Config) net.Conn { header := make(http.Header) header.Set("user-agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36") header.Set("key", config.Key) - tlsconfig := &tls.Config{ + tlsConfig := &tls.Config{ InsecureSkipVerify: config.TLSInsecureSkipVerify, } + if config.TLSSni != "" { + tlsConfig.ServerName = config.TLSSni + } dialer := ws.Dialer{ Header: ws.HandshakeHeaderHTTP(header), Timeout: time.Duration(config.Timeout) * time.Second, - TLSConfig: tlsconfig, + TLSConfig: tlsConfig, } c, _, _, err := dialer.Dial(context.Background(), u.String()) if err != nil { From 8200bfff83453fe49df538707835f52c74c57b55 Mon Sep 17 00:00:00 2001 From: NNdroid <99177648+NNdroid@users.noreply.github.com> Date: Fri, 30 Jun 2023 20:36:13 +0800 Subject: [PATCH 2/4] allow no check permission for ws/wss. --- ws/wsserver.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ws/wsserver.go b/ws/wsserver.go index 77d5a9f..5ddcfea 100644 --- a/ws/wsserver.go +++ b/ws/wsserver.go @@ -133,6 +133,9 @@ func StartServer(iface *water.Interface, config config.Config) { // checkPermission checks the permission of the request func checkPermission(w http.ResponseWriter, req *http.Request, config config.Config) bool { + if config.Key == "" { + return true + } key := req.Header.Get("key") if key != config.Key { w.WriteHeader(http.StatusForbidden) From ebc711e3436a95c919c73b661bc7c516ff52f2bf Mon Sep 17 00:00:00 2001 From: NNdroid <99177648+NNdroid@users.noreply.github.com> Date: Fri, 30 Jun 2023 21:23:32 +0800 Subject: [PATCH 3/4] fix tls sni bug for wss. --- common/netutil/netutil.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/common/netutil/netutil.go b/common/netutil/netutil.go index eb17331..61b30de 100644 --- a/common/netutil/netutil.go +++ b/common/netutil/netutil.go @@ -20,13 +20,17 @@ import ( // ConnectServer connects to the server with the given address. func ConnectServer(config config.Config) net.Conn { scheme := "ws" + host := config.ServerAddr if config.Protocol == "wss" { scheme = "wss" + host = config.TLSSni } - u := url.URL{Scheme: scheme, Host: config.ServerAddr, Path: config.WebSocketPath} + u := url.URL{Scheme: scheme, Host: host, Path: config.WebSocketPath} header := make(http.Header) header.Set("user-agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36") - header.Set("key", config.Key) + if config.Key != "" { + header.Set("key", config.Key) + } tlsConfig := &tls.Config{ InsecureSkipVerify: config.TLSInsecureSkipVerify, } @@ -37,7 +41,11 @@ func ConnectServer(config config.Config) net.Conn { Header: ws.HandshakeHeaderHTTP(header), Timeout: time.Duration(config.Timeout) * time.Second, TLSConfig: tlsConfig, + NetDial: func(ctx context.Context, network, addr string) (net.Conn, error) { + return net.Dial(network, config.ServerAddr) + }, } + log.Printf("%v\n", dialer.TLSConfig) c, _, _, err := dialer.Dial(context.Background(), u.String()) if err != nil { log.Printf("[client] failed to dial websocket %s %v", u.String(), err) From eb14ba389d11346975777dfb4bcf77100576dd4e Mon Sep 17 00:00:00 2001 From: NNdroid <99177648+NNdroid@users.noreply.github.com> Date: Fri, 30 Jun 2023 21:24:33 +0800 Subject: [PATCH 4/4] fix tls sni bug for wss. --- common/netutil/netutil.go | 1 - 1 file changed, 1 deletion(-) diff --git a/common/netutil/netutil.go b/common/netutil/netutil.go index 61b30de..eb0a087 100644 --- a/common/netutil/netutil.go +++ b/common/netutil/netutil.go @@ -45,7 +45,6 @@ func ConnectServer(config config.Config) net.Conn { return net.Dial(network, config.ServerAddr) }, } - log.Printf("%v\n", dialer.TLSConfig) c, _, _, err := dialer.Dial(context.Background(), u.String()) if err != nil { log.Printf("[client] failed to dial websocket %s %v", u.String(), err)