2016-10-02 17:43:58 -04:00
|
|
|
package tls
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/tls"
|
|
|
|
|
|
2017-02-01 15:35:40 -05:00
|
|
|
"v2ray.com/core/app/log"
|
2016-10-02 17:43:58 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
globalSessionCache = tls.NewLRUClientSessionCache(128)
|
|
|
|
|
)
|
|
|
|
|
|
2016-11-27 15:39:09 -05:00
|
|
|
func (v *Config) BuildCertificates() []tls.Certificate {
|
|
|
|
|
certs := make([]tls.Certificate, 0, len(v.Certificate))
|
|
|
|
|
for _, entry := range v.Certificate {
|
2016-10-02 17:43:58 -04:00
|
|
|
keyPair, err := tls.X509KeyPair(entry.Certificate, entry.Key)
|
|
|
|
|
if err != nil {
|
2017-04-09 09:04:04 -04:00
|
|
|
log.Trace(newError("ignoring invalid X509 key pair").Base(err).AtWarning())
|
2016-10-02 17:43:58 -04:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
certs = append(certs, keyPair)
|
|
|
|
|
}
|
|
|
|
|
return certs
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-27 15:39:09 -05:00
|
|
|
func (v *Config) GetTLSConfig() *tls.Config {
|
2016-10-02 17:43:58 -04:00
|
|
|
config := &tls.Config{
|
|
|
|
|
ClientSessionCache: globalSessionCache,
|
2016-12-31 17:22:26 -05:00
|
|
|
NextProtos: []string{"http/1.1"},
|
2016-10-02 17:43:58 -04:00
|
|
|
}
|
2016-11-27 15:39:09 -05:00
|
|
|
if v == nil {
|
2016-10-02 17:43:58 -04:00
|
|
|
return config
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-27 15:39:09 -05:00
|
|
|
config.InsecureSkipVerify = v.AllowInsecure
|
|
|
|
|
config.Certificates = v.BuildCertificates()
|
2016-10-02 17:43:58 -04:00
|
|
|
config.BuildNameToCertificate()
|
2016-12-11 17:58:37 -05:00
|
|
|
if len(v.ServerName) > 0 {
|
|
|
|
|
config.ServerName = v.ServerName
|
|
|
|
|
}
|
2016-10-02 17:43:58 -04:00
|
|
|
|
|
|
|
|
return config
|
|
|
|
|
}
|
