github/vtun
5
0
Fork 0
mirror of https://github.com/net-byte/vtun synced 2024-03-14 10:50:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #66 from NNdroid/master

Browse Source 
fix wss client tls sni problem.
This commit is contained in:
net-byte 2023-07-01 23:01:01 +08:00 committed by GitHub
commit bbd2fd4ac1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
common/netutil/netutil.go
View File

@ -20,20 +20,30 @@ import (
// ConnectServer connects to the server with the given address. // ConnectServer connects to the server with the given address.
func ConnectServer(config config.Config) net.Conn { func ConnectServer(config config.Config) net.Conn {
scheme := "ws" scheme := "ws"
host := config.ServerAddr
if config.Protocol == "wss" { if config.Protocol == "wss" {
scheme = "wss" scheme = "wss"
host = config.TLSSni
} }
u := url.URL{Scheme: scheme, Host: config.ServerAddr, Path: config.WebSocketPath} u := url.URL{Scheme: scheme, Host: host, Path: config.WebSocketPath}
header := make(http.Header) header := make(http.Header)
header.Set("user-agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36") header.Set("user-agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36")
if config.Key != "" {
header.Set("key", config.Key) header.Set("key", config.Key)
tlsconfig := &tls.Config{ }
tlsConfig := &tls.Config{
InsecureSkipVerify: config.TLSInsecureSkipVerify, InsecureSkipVerify: config.TLSInsecureSkipVerify,
} }
if config.TLSSni != "" {
tlsConfig.ServerName = config.TLSSni
}
dialer := ws.Dialer{ dialer := ws.Dialer{
Header: ws.HandshakeHeaderHTTP(header), Header: ws.HandshakeHeaderHTTP(header),
Timeout: time.Duration(config.Timeout) * time.Second, Timeout: time.Duration(config.Timeout) * time.Second,
TLSConfig: tlsconfig, TLSConfig: tlsConfig,
NetDial: func(ctx context.Context, network, addr string) (net.Conn, error) {
return net.Dial(network, config.ServerAddr)
},
} }
c, _, _, err := dialer.Dial(context.Background(), u.String()) c, _, _, err := dialer.Dial(context.Background(), u.String())
if err != nil { if err != nil {

3
ws/wsserver.go
View File

@ -133,6 +133,9 @@ func StartServer(iface *water.Interface, config config.Config) {
// checkPermission checks the permission of the request // checkPermission checks the permission of the request
func checkPermission(w http.ResponseWriter, req *http.Request, config config.Config) bool { func checkPermission(w http.ResponseWriter, req *http.Request, config config.Config) bool {
if config.Key == "" {
return true
}
key := req.Header.Get("key") key := req.Header.Get("key")
if key != config.Key { if key != config.Key {
w.WriteHeader(http.StatusForbidden) w.WriteHeader(http.StatusForbidden)