Clash.Meta/transport/vmess/tls.go

package vmess

import (
	"context"
	"crypto/tls"
	"errors"
	"net"

	"github.com/metacubex/mihomo/component/ca"
	tlsC "github.com/metacubex/mihomo/component/tls"
)

type TLSConfig struct {
	Host              string
	SkipCertVerify    bool
	FingerPrint       string
	ClientFingerprint string
	NextProtos        []string
	Reality           *tlsC.RealityConfig
}

func StreamTLSConn(ctx context.Context, conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
	tlsConfig := &tls.Config{
		ServerName:         cfg.Host,
		InsecureSkipVerify: cfg.SkipCertVerify,
		NextProtos:         cfg.NextProtos,
	}

	var err error
	tlsConfig, err = ca.GetSpecifiedFingerprintTLSConfig(tlsConfig, cfg.FingerPrint)
	if err != nil {
		return nil, err
	}

	if clientFingerprint, ok := tlsC.GetFingerprint(cfg.ClientFingerprint); ok {
		if cfg.Reality == nil {
			tlsConn := tlsC.UClient(conn, tlsC.UConfig(tlsConfig), clientFingerprint)
			err = tlsConn.HandshakeContext(ctx)
			if err != nil {
				return nil, err
			}
			return tlsConn, nil
		} else {
			return tlsC.GetRealityConn(ctx, conn, clientFingerprint, tlsConfig, cfg.Reality)
		}
	}
	if cfg.Reality != nil {
		return nil, errors.New("REALITY is based on uTLS, please set a client-fingerprint")
	}

	tlsConn := tls.Client(conn, tlsConfig)

	err = tlsConn.HandshakeContext(ctx)
	return tlsConn, err
}
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`package vmess`

			`import (`
Fix: tls handshake requires a timeout (#1893) 2022-01-15 19:33:21 +08:00			`"context"`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`"crypto/tls"`
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`"errors"`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`"net"`
Fix: tls handshake requires a timeout (#1893) 2022-01-15 19:33:21 +08:00
chore: hello mihomo 2023-11-03 21:01:45 +08:00			`"github.com/metacubex/mihomo/component/ca"`
			`tlsC "github.com/metacubex/mihomo/component/tls"`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`)`

			`type TLSConfig struct {`
feat: Add utls for modifying client's fingerprint. Currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan-grpc. 2023-02-01 22:16:06 +08:00			`Host string`
			`SkipCertVerify bool`
			`FingerPrint string`
			`ClientFingerprint string`
			`NextProtos []string`
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`Reality *tlsC.RealityConfig`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`}`

chore: more context passing in outbounds 2023-05-18 13:15:08 +08:00			`func StreamTLSConn(ctx context.Context, conn net.Conn, cfg *TLSConfig) (net.Conn, error) {`
feat: add fingerprint param 2022-07-11 13:42:28 +08:00			`tlsConfig := &tls.Config{`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`ServerName: cfg.Host,`
			`InsecureSkipVerify: cfg.SkipCertVerify,`
Feature: support VMess HTTP/2 transport (#903) 2020-09-26 20:33:57 +08:00			`NextProtos: cfg.NextProtos,`
feat: add fingerprint param 2022-07-11 13:42:28 +08:00			`}`

chore: rebuild ca parsing 2023-09-22 14:45:34 +08:00			`var err error`
			`tlsConfig, err = ca.GetSpecifiedFingerprintTLSConfig(tlsConfig, cfg.FingerPrint)`
			`if err != nil {`
			`return nil, err`
feat: add fingerprint param 2022-07-11 13:42:28 +08:00			`}`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00
chore: cleanup tls clientFingerprint code 2025-04-29 21:15:48 +08:00			`if clientFingerprint, ok := tlsC.GetFingerprint(cfg.ClientFingerprint); ok {`
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`if cfg.Reality == nil {`
chore: cleanup tls clientFingerprint code 2025-04-29 21:15:48 +08:00			`tlsConn := tlsC.UClient(conn, tlsC.UConfig(tlsConfig), clientFingerprint)`
			`err = tlsConn.HandshakeContext(ctx)`
			`if err != nil {`
			`return nil, err`
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`}`
chore: cleanup tls clientFingerprint code 2025-04-29 21:15:48 +08:00			`return tlsConn, nil`
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`} else {`
chore: better global-client-fingerprint handle 2025-04-19 02:04:09 +08:00			`return tlsC.GetRealityConn(ctx, conn, clientFingerprint, tlsConfig, cfg.Reality)`
feat: Add utls for modifying client's fingerprint. Currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan-grpc. 2023-02-01 22:16:06 +08:00			`}`
			`}`
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`if cfg.Reality != nil {`
			`return nil, errors.New("REALITY is based on uTLS, please set a client-fingerprint")`
			`}`

Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`tlsConn := tls.Client(conn, tlsConfig)`
Fix: tls handshake requires a timeout (#1893) 2022-01-15 19:33:21 +08:00
chore: rebuild ca parsing 2023-09-22 14:45:34 +08:00			`err = tlsConn.HandshakeContext(ctx)`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`return tlsConn, err`
			`}`