mirror/mihomo
1
1
Fork 0
mirror of https://github.com/MetaCubeX/mihomo.git synced 2025-12-19 16:30:07 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

chore: update ech handling

Browse Source
This commit is contained in:
wwqgtxx 2025-12-17 16:18:12 +08:00
parent 1cab34d257
commit b92b38701c
4 changed files with 25 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
component/tls/reality.go
View File

@ -36,13 +36,13 @@ type RealityConfig struct {
SupportX25519MLKEM768 bool SupportX25519MLKEM768 bool
} }
func GetRealityConn(ctx context.Context, conn net.Conn, fingerprint UClientHelloID, tlsConfig *Config, realityConfig *RealityConfig) (net.Conn, error) { func GetRealityConn(ctx context.Context, conn net.Conn, fingerprint UClientHelloID, serverName string, realityConfig *RealityConfig) (net.Conn, error) {
for retry := 0; ; retry++ { for retry := 0; ; retry++ {
verifier := &realityVerifier{ verifier := &realityVerifier{
serverName: tlsConfig.ServerName, serverName: serverName,
} }
uConfig := &utls.Config{ uConfig := &utls.Config{
ServerName: tlsConfig.ServerName, ServerName: serverName,
InsecureSkipVerify: true, InsecureSkipVerify: true,
SessionTicketsDisabled: true, SessionTicketsDisabled: true,
VerifyPeerCertificate: verifier.VerifyPeerCertificate, VerifyPeerCertificate: verifier.VerifyPeerCertificate,

38
transport/gun/gun.go
View File

@ -259,14 +259,13 @@ func NewHTTP2Client(dialFn DialFn, tlsConfig *tls.Config, clientFingerprint stri
} }
if clientFingerprint, ok := tlsC.GetFingerprint(clientFingerprint); ok { if clientFingerprint, ok := tlsC.GetFingerprint(clientFingerprint); ok {
tlsConfig := tlsC.UConfig(cfg)
err := echConfig.ClientHandleUTLS(ctx, tlsConfig)
if err != nil {
pconn.Close()
return nil, err
}
if realityConfig == nil { if realityConfig == nil {
tlsConfig := tlsC.UConfig(cfg)
err := echConfig.ClientHandleUTLS(ctx, tlsConfig)
if err != nil {
pconn.Close()
return nil, err
}
tlsConn := tlsC.UClient(pconn, tlsConfig, clientFingerprint) tlsConn := tlsC.UClient(pconn, tlsConfig, clientFingerprint)
if err := tlsConn.HandshakeContext(ctx); err != nil { if err := tlsConn.HandshakeContext(ctx); err != nil {
pconn.Close() pconn.Close()
@ -279,7 +278,7 @@ func NewHTTP2Client(dialFn DialFn, tlsConfig *tls.Config, clientFingerprint stri
} }
return tlsConn, nil return tlsConn, nil
} else { } else {
realityConn, err := tlsC.GetRealityConn(ctx, pconn, clientFingerprint, tlsConfig, realityConfig) realityConn, err := tlsC.GetRealityConn(ctx, pconn, clientFingerprint, cfg.ServerName, realityConfig)
if err != nil { if err != nil {
pconn.Close() pconn.Close()
return nil, err return nil, err
@ -296,25 +295,10 @@ func NewHTTP2Client(dialFn DialFn, tlsConfig *tls.Config, clientFingerprint stri
return nil, errors.New("REALITY is based on uTLS, please set a client-fingerprint") return nil, errors.New("REALITY is based on uTLS, please set a client-fingerprint")
} }
if echConfig != nil { err = echConfig.ClientHandle(ctx, cfg)
tlsConfig := tlsC.UConfig(cfg) if err != nil {
err := echConfig.ClientHandleUTLS(ctx, tlsConfig) pconn.Close()
if err != nil { return nil, err
pconn.Close()
return nil, err
}
conn := tlsC.Client(pconn, tlsConfig)
if err := conn.HandshakeContext(ctx); err != nil {
pconn.Close()
return nil, err
}
state := conn.ConnectionState()
if p := state.NegotiatedProtocol; p != http.Http2NextProtoTLS {
conn.Close()
return nil, fmt.Errorf("http2: unexpected ALPN protocol %s, want %s", p, http.Http2NextProtoTLS)
}
return conn, nil
} }
conn := tls.Client(pconn, cfg) conn := tls.Client(pconn, cfg)

27
transport/vmess/tls.go
View File

@ -44,13 +44,12 @@ func StreamTLSConn(ctx context.Context, conn net.Conn, cfg *TLSConfig) (net.Conn
} }
if clientFingerprint, ok := tlsC.GetFingerprint(cfg.ClientFingerprint); ok { if clientFingerprint, ok := tlsC.GetFingerprint(cfg.ClientFingerprint); ok {
tlsConfig := tlsC.UConfig(tlsConfig)
err = cfg.ECH.ClientHandleUTLS(ctx, tlsConfig)
if err != nil {
return nil, err
}
if cfg.Reality == nil { if cfg.Reality == nil {
tlsConfig := tlsC.UConfig(tlsConfig)
err = cfg.ECH.ClientHandleUTLS(ctx, tlsConfig)
if err != nil {
return nil, err
}
tlsConn := tlsC.UClient(conn, tlsConfig, clientFingerprint) tlsConn := tlsC.UClient(conn, tlsConfig, clientFingerprint)
err = tlsConn.HandshakeContext(ctx) err = tlsConn.HandshakeContext(ctx)
if err != nil { if err != nil {
@ -58,24 +57,16 @@ func StreamTLSConn(ctx context.Context, conn net.Conn, cfg *TLSConfig) (net.Conn
} }
return tlsConn, nil return tlsConn, nil
} else { } else {
return tlsC.GetRealityConn(ctx, conn, clientFingerprint, tlsConfig, cfg.Reality) return tlsC.GetRealityConn(ctx, conn, clientFingerprint, tlsConfig.ServerName, cfg.Reality)
} }
} }
if cfg.Reality != nil { if cfg.Reality != nil {
return nil, errors.New("REALITY is based on uTLS, please set a client-fingerprint") return nil, errors.New("REALITY is based on uTLS, please set a client-fingerprint")
} }
if cfg.ECH != nil { err = cfg.ECH.ClientHandle(ctx, tlsConfig)
tlsConfig := tlsC.UConfig(tlsConfig) if err != nil {
err = cfg.ECH.ClientHandleUTLS(ctx, tlsConfig) return nil, err
if err != nil {
return nil, err
}
tlsConn := tlsC.Client(conn, tlsConfig)
err = tlsConn.HandshakeContext(ctx)
return tlsConn, err
} }
tlsConn := tls.Client(conn, tlsConfig) tlsConn := tls.Client(conn, tlsConfig)

10
transport/vmess/websocket.go
View File

@ -370,17 +370,11 @@ func streamWebsocketConn(ctx context.Context, conn net.Conn, c *WebsocketConfig,
return nil, err return nil, err
} }
conn = tlsConn conn = tlsConn
} else if c.ECHConfig != nil { } else {
tlsConfig := tlsC.UConfig(config) err = c.ECHConfig.ClientHandle(ctx, config)
err = c.ECHConfig.ClientHandleUTLS(ctx, tlsConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
tlsConn := tlsC.Client(conn, tlsConfig)
err = tlsConn.HandshakeContext(ctx)
conn = tlsConn
} else {
tlsConn := tls.Client(conn, config) tlsConn := tls.Client(conn, config)
err = tlsConn.HandshakeContext(ctx) err = tlsConn.HandshakeContext(ctx)
if err != nil { if err != nil {