2016-10-02 21:43:58 +00:00
|
|
|
syntax = "proto3";
|
|
|
|
|
|
|
|
|
|
package v2ray.core.transport.internet.tls;
|
2016-12-22 23:24:28 +00:00
|
|
|
option csharp_namespace = "V2Ray.Core.Transport.Internet.Tls";
|
2022-01-02 15:16:23 +00:00
|
|
|
option go_package = "github.com/v2fly/v2ray-core/v5/transport/internet/tls";
|
2016-10-02 21:43:58 +00:00
|
|
|
option java_package = "com.v2ray.core.transport.internet.tls";
|
2017-02-03 22:15:10 +00:00
|
|
|
option java_multiple_files = true;
|
2016-10-02 21:43:58 +00:00
|
|
|
|
2021-09-05 09:26:17 +00:00
|
|
|
import "common/protoext/extensions.proto";
|
|
|
|
|
|
2016-10-02 21:43:58 +00:00
|
|
|
message Certificate {
|
2016-10-18 13:31:39 +00:00
|
|
|
// TLS certificate in x509 format.
|
2016-10-02 21:43:58 +00:00
|
|
|
bytes Certificate = 1;
|
2016-10-18 13:31:39 +00:00
|
|
|
|
|
|
|
|
// TLS key in x509 format.
|
2016-10-02 21:43:58 +00:00
|
|
|
bytes Key = 2;
|
2018-04-10 10:42:02 +00:00
|
|
|
|
|
|
|
|
enum Usage {
|
|
|
|
|
ENCIPHERMENT = 0;
|
|
|
|
|
AUTHORITY_VERIFY = 1;
|
|
|
|
|
AUTHORITY_ISSUE = 2;
|
2021-09-01 21:34:13 +00:00
|
|
|
AUTHORITY_VERIFY_CLIENT = 3;
|
2018-04-10 10:42:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Usage usage = 3;
|
2021-09-05 14:52:17 +00:00
|
|
|
|
|
|
|
|
string certificate_file = 96001 [(v2ray.core.common.protoext.field_opt).convert_time_read_file_into = "Certificate"];
|
|
|
|
|
string key_file = 96002 [(v2ray.core.common.protoext.field_opt).convert_time_read_file_into = "Key"];
|
2016-10-02 21:43:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
message Config {
|
2021-09-05 09:26:17 +00:00
|
|
|
option (v2ray.core.common.protoext.message_opt).type = "security";
|
|
|
|
|
option (v2ray.core.common.protoext.message_opt).short_name = "tls";
|
|
|
|
|
|
2016-10-18 13:31:39 +00:00
|
|
|
// Whether or not to allow self-signed certificates.
|
2021-09-05 14:52:17 +00:00
|
|
|
bool allow_insecure = 1 [(v2ray.core.common.protoext.field_opt).forbidden = true];
|
2016-10-18 13:31:39 +00:00
|
|
|
|
|
|
|
|
// List of certificates to be served on server.
|
2016-10-02 21:43:58 +00:00
|
|
|
repeated Certificate certificate = 2;
|
2016-12-11 22:58:37 +00:00
|
|
|
|
|
|
|
|
// Override server name.
|
|
|
|
|
string server_name = 3;
|
2018-01-02 17:16:36 +00:00
|
|
|
|
|
|
|
|
// Lists of string as ALPN values.
|
|
|
|
|
repeated string next_protocol = 4;
|
2018-07-24 13:12:09 +00:00
|
|
|
|
2021-01-01 09:01:14 +00:00
|
|
|
// Whether or not to enable session (ticket) resumption.
|
|
|
|
|
bool enable_session_resumption = 5;
|
2019-02-26 20:58:54 +00:00
|
|
|
|
2020-10-05 00:36:40 +00:00
|
|
|
// If true, root certificates on the system will not be loaded for
|
|
|
|
|
// verification.
|
2021-01-01 09:01:14 +00:00
|
|
|
bool disable_system_root = 6;
|
2021-04-15 17:16:19 +00:00
|
|
|
|
|
|
|
|
/* @Document A pinned certificate chain sha256 hash.
|
|
|
|
|
@Document If the server's hash does not match this value, the connection will be aborted.
|
|
|
|
|
@Document This value replace allow_insecure.
|
|
|
|
|
@Critical
|
|
|
|
|
*/
|
|
|
|
|
repeated bytes pinned_peer_certificate_chain_sha256 = 7;
|
2021-09-01 20:12:03 +00:00
|
|
|
|
2021-09-01 21:34:13 +00:00
|
|
|
// If true, the client is required to present a certificate.
|
|
|
|
|
bool verify_client_certificate = 8;
|
2018-04-10 10:42:02 +00:00
|
|
|
}
|
