Clash.Meta/transport/vmess/tls.go

package vmess

import (
	"context"
	"crypto/tls"
	"errors"
	"net"

	"github.com/metacubex/mihomo/component/ca"
	tlsC "github.com/metacubex/mihomo/component/tls"
)

type TLSConfig struct {
	Host              string
	SkipCertVerify    bool
	FingerPrint       string
	ClientFingerprint string
	NextProtos        []string
	Reality           *tlsC.RealityConfig
}

func StreamTLSConn(ctx context.Context, conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
	tlsConfig := &tls.Config{
		ServerName:         cfg.Host,
		InsecureSkipVerify: cfg.SkipCertVerify,
		NextProtos:         cfg.NextProtos,
	}

	var err error
	tlsConfig, err = ca.GetSpecifiedFingerprintTLSConfig(tlsConfig, cfg.FingerPrint)
	if err != nil {
		return nil, err
	}

	if len(cfg.ClientFingerprint) != 0 {
		if cfg.Reality == nil {
			utlsConn, valid := GetUTLSConn(conn, cfg.ClientFingerprint, tlsConfig)
			if valid {
				err := utlsConn.(*tlsC.UConn).HandshakeContext(ctx)
				return utlsConn, err
			}
		} else {
			return tlsC.GetRealityConn(ctx, conn, cfg.ClientFingerprint, tlsConfig, cfg.Reality)
		}
	}
	if cfg.Reality != nil {
		return nil, errors.New("REALITY is based on uTLS, please set a client-fingerprint")
	}

	tlsConn := tls.Client(conn, tlsConfig)

	err = tlsConn.HandshakeContext(ctx)
	return tlsConn, err
}

func GetUTLSConn(conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config) (net.Conn, bool) {

	if fingerprint, exists := tlsC.GetFingerprint(ClientFingerprint); exists {
		utlsConn := tlsC.UClient(conn, tlsConfig, fingerprint)

		return utlsConn, true
	}

	return nil, false
}
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`package vmess`

			`import (`
Fix: tls handshake requires a timeout (#1893) 2022-01-15 19:33:21 +08:00			`"context"`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`"crypto/tls"`
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`"errors"`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`"net"`
Fix: tls handshake requires a timeout (#1893) 2022-01-15 19:33:21 +08:00
chore: hello mihomo 2023-11-03 21:01:45 +08:00			`"github.com/metacubex/mihomo/component/ca"`
			`tlsC "github.com/metacubex/mihomo/component/tls"`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`)`

			`type TLSConfig struct {`
feat: Add utls for modifying client's fingerprint. Currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan-grpc. 2023-02-01 22:16:06 +08:00			`Host string`
			`SkipCertVerify bool`
			`FingerPrint string`
			`ClientFingerprint string`
			`NextProtos []string`
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`Reality *tlsC.RealityConfig`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`}`

chore: more context passing in outbounds 2023-05-18 13:15:08 +08:00			`func StreamTLSConn(ctx context.Context, conn net.Conn, cfg *TLSConfig) (net.Conn, error) {`
feat: add fingerprint param 2022-07-11 13:42:28 +08:00			`tlsConfig := &tls.Config{`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`ServerName: cfg.Host,`
			`InsecureSkipVerify: cfg.SkipCertVerify,`
Feature: support VMess HTTP/2 transport (#903) 2020-09-26 20:33:57 +08:00			`NextProtos: cfg.NextProtos,`
feat: add fingerprint param 2022-07-11 13:42:28 +08:00			`}`

chore: rebuild ca parsing 2023-09-22 14:45:34 +08:00			`var err error`
			`tlsConfig, err = ca.GetSpecifiedFingerprintTLSConfig(tlsConfig, cfg.FingerPrint)`
			`if err != nil {`
			`return nil, err`
feat: add fingerprint param 2022-07-11 13:42:28 +08:00			`}`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00
feat: Add utls for modifying client's fingerprint. Currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan-grpc. 2023-02-01 22:16:06 +08:00			`if len(cfg.ClientFingerprint) != 0 {`
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`if cfg.Reality == nil {`
			`utlsConn, valid := GetUTLSConn(conn, cfg.ClientFingerprint, tlsConfig)`
			`if valid {`
			`err := utlsConn.(*tlsC.UConn).HandshakeContext(ctx)`
			`return utlsConn, err`
			`}`
			`} else {`
			`return tlsC.GetRealityConn(ctx, conn, cfg.ClientFingerprint, tlsConfig, cfg.Reality)`
feat: Add utls for modifying client's fingerprint. Currently only support TLS transport in TCP/GRPC/WS/HTTP for VLESS/Vmess and trojan-grpc. 2023-02-01 22:16:06 +08:00			`}`
			`}`
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`if cfg.Reality != nil {`
			`return nil, errors.New("REALITY is based on uTLS, please set a client-fingerprint")`
			`}`

Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`tlsConn := tls.Client(conn, tlsConfig)`
Fix: tls handshake requires a timeout (#1893) 2022-01-15 19:33:21 +08:00
chore: rebuild ca parsing 2023-09-22 14:45:34 +08:00			`err = tlsConn.HandshakeContext(ctx)`
Fix: vmess pure TLS mode 2020-04-03 16:04:24 +08:00			`return tlsConn, err`
			`}`
feat: Update utls support. * client-fingerprint is used to apply Utls for modifying ClientHello, it accepts "chrome","firefox","safari","ios","random" options. * Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan. 2023-02-05 17:31:58 +08:00
feat: Support REALITY protocol 2023-03-08 17:18:46 +08:00			`func GetUTLSConn(conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config) (net.Conn, bool) {`
feat: Update utls support. * client-fingerprint is used to apply Utls for modifying ClientHello, it accepts "chrome","firefox","safari","ios","random" options. * Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan. 2023-02-05 17:31:58 +08:00
chore: move global-utls-client snippets to components\tls 2023-02-07 16:08:59 +08:00			`if fingerprint, exists := tlsC.GetFingerprint(ClientFingerprint); exists {`
chore: do not use extra pointer in UClient 2023-02-07 17:51:37 +08:00			`utlsConn := tlsC.UClient(conn, tlsConfig, fingerprint)`
feat: Update utls support. * client-fingerprint is used to apply Utls for modifying ClientHello, it accepts "chrome","firefox","safari","ios","random" options. * Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan. 2023-02-05 17:31:58 +08:00
			`return utlsConn, true`
			`}`

			`return nil, false`
			`}`