lzhr/v2fly
1
0
Fork 0
mirror of https://github.com/v2fly/v2ray-core.git synced 2025-01-17 23:06:30 -05:00
Code Issues Releases Wiki Activity

Fix tls.WithDestination ignoring IP address (#3177)

Browse Source
This commit is contained in:
dyhkwong 2024-10-13 02:25:21 +08:00 committed by GitHub
parent 408e76f445
commit 5ffbc0296c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 241 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
common/protocol/tls/cert/cert.go
View File

@ -13,6 +13,7 @@ import (
"time" "time"
"github.com/v2fly/v2ray-core/v5/common" "github.com/v2fly/v2ray-core/v5/common"
"github.com/v2fly/v2ray-core/v5/common/net"
) )
//go:generate go run github.com/v2fly/v2ray-core/v5/common/errors/errorgen //go:generate go run github.com/v2fly/v2ray-core/v5/common/errors/errorgen
@ -76,6 +77,12 @@ func CommonName(name string) Option {
} }
} }
func IPAddresses(ip ...net.IP) Option {
return func(c *x509.Certificate) {
c.IPAddresses = ip
}
}
func KeyUsage(usage x509.KeyUsage) Option { func KeyUsage(usage x509.KeyUsage) Option {
return func(c *x509.Certificate) { return func(c *x509.Certificate) {
c.KeyUsage = usage c.KeyUsage = usage

227
testing/scenarios/tls_test.go
View File

@ -253,6 +253,233 @@ func TestAutoIssuingCertificate(t *testing.T) {
} }
} }
func TestIPAddressesCertificate(t *testing.T) {
tcpServer := tcp.Server{
MsgProcessor: xor,
}
dest, err := tcpServer.Start()
common.Must(err)
defer tcpServer.Close()
caCert, err := cert.Generate(nil, cert.IPAddresses(net.LocalHostIP.IP()), cert.Authority(true), cert.KeyUsage(x509.KeyUsageDigitalSignature|x509.KeyUsageKeyEncipherment|x509.KeyUsageCertSign))
common.Must(err)
certPEM, keyPEM := caCert.ToPEM()
userID := protocol.NewID(uuid.New())
serverPort := tcp.PickPort()
serverConfig := &core.Config{
Inbound: []*core.InboundHandlerConfig{
{
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
PortRange: net.SinglePortRange(serverPort),
Listen: net.NewIPOrDomain(net.LocalHostIP),
StreamSettings: &internet.StreamConfig{
SecurityType: serial.GetMessageType(&tls.Config{}),
SecuritySettings: []*anypb.Any{
serial.ToTypedMessage(&tls.Config{
Certificate: []*tls.Certificate{{
Certificate: certPEM,
Key: keyPEM,
}},
}),
},
},
}),
ProxySettings: serial.ToTypedMessage(&inbound.Config{
User: []*protocol.User{
{
Account: serial.ToTypedMessage(&vmess.Account{
Id: userID.String(),
}),
},
},
}),
},
},
Outbound: []*core.OutboundHandlerConfig{
{
ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
},
},
}
clientPort := tcp.PickPort()
clientConfig := &core.Config{
Inbound: []*core.InboundHandlerConfig{
{
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
PortRange: net.SinglePortRange(clientPort),
Listen: net.NewIPOrDomain(net.LocalHostIP),
}),
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
Address: net.NewIPOrDomain(dest.Address),
Port: uint32(dest.Port),
NetworkList: &net.NetworkList{
Network: []net.Network{net.Network_TCP},
},
}),
},
},
Outbound: []*core.OutboundHandlerConfig{
{
ProxySettings: serial.ToTypedMessage(&outbound.Config{
Receiver: []*protocol.ServerEndpoint{
{
Address: net.NewIPOrDomain(net.LocalHostIP),
Port: uint32(serverPort),
User: []*protocol.User{
{
Account: serial.ToTypedMessage(&vmess.Account{
Id: userID.String(),
}),
},
},
},
},
}),
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
StreamSettings: &internet.StreamConfig{
SecurityType: serial.GetMessageType(&tls.Config{}),
SecuritySettings: []*anypb.Any{
serial.ToTypedMessage(&tls.Config{
DisableSystemRoot: true,
Certificate: []*tls.Certificate{{
Certificate: certPEM,
Usage: tls.Certificate_AUTHORITY_VERIFY,
}},
}),
},
},
}),
},
},
}
servers, err := InitializeServerConfigs(serverConfig, clientConfig)
common.Must(err)
defer CloseAllServers(servers)
for i := 0; i < 10; i++ {
if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil {
t.Error(err)
}
}
}
func TestDNSNamesCertificate(t *testing.T) {
tcpServer := tcp.Server{
MsgProcessor: xor,
}
dest, err := tcpServer.Start()
common.Must(err)
defer tcpServer.Close()
caCert, err := cert.Generate(nil, cert.DNSNames("v2fly.org"), cert.Authority(true), cert.KeyUsage(x509.KeyUsageDigitalSignature|x509.KeyUsageKeyEncipherment|x509.KeyUsageCertSign))
common.Must(err)
certPEM, keyPEM := caCert.ToPEM()
userID := protocol.NewID(uuid.New())
serverPort := tcp.PickPort()
serverConfig := &core.Config{
Inbound: []*core.InboundHandlerConfig{
{
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
PortRange: net.SinglePortRange(serverPort),
Listen: net.NewIPOrDomain(net.LocalHostIP),
StreamSettings: &internet.StreamConfig{
SecurityType: serial.GetMessageType(&tls.Config{}),
SecuritySettings: []*anypb.Any{
serial.ToTypedMessage(&tls.Config{
Certificate: []*tls.Certificate{{
Certificate: certPEM,
Key: keyPEM,
}},
}),
},
},
}),
ProxySettings: serial.ToTypedMessage(&inbound.Config{
User: []*protocol.User{
{
Account: serial.ToTypedMessage(&vmess.Account{
Id: userID.String(),
}),
},
},
}),
},
},
Outbound: []*core.OutboundHandlerConfig{
{
ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
},
},
}
clientPort := tcp.PickPort()
clientConfig := &core.Config{
Inbound: []*core.InboundHandlerConfig{
{
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
PortRange: net.SinglePortRange(clientPort),
Listen: net.NewIPOrDomain(net.LocalHostIP),
}),
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
Address: net.NewIPOrDomain(dest.Address),
Port: uint32(dest.Port),
NetworkList: &net.NetworkList{
Network: []net.Network{net.Network_TCP},
},
}),
},
},
Outbound: []*core.OutboundHandlerConfig{
{
ProxySettings: serial.ToTypedMessage(&outbound.Config{
Receiver: []*protocol.ServerEndpoint{
{
Address: net.NewIPOrDomain(net.LocalHostIP),
Port: uint32(serverPort),
User: []*protocol.User{
{
Account: serial.ToTypedMessage(&vmess.Account{
Id: userID.String(),
}),
},
},
},
},
}),
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
StreamSettings: &internet.StreamConfig{
SecurityType: serial.GetMessageType(&tls.Config{}),
SecuritySettings: []*anypb.Any{
serial.ToTypedMessage(&tls.Config{
DisableSystemRoot: true,
ServerName: "v2fly.org",
Certificate: []*tls.Certificate{{
Certificate: certPEM,
Usage: tls.Certificate_AUTHORITY_VERIFY,
}},
}),
},
},
}),
},
},
}
servers, err := InitializeServerConfigs(serverConfig, clientConfig)
common.Must(err)
defer CloseAllServers(servers)
for i := 0; i < 10; i++ {
if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil {
t.Error(err)
}
}
}
func TestTLSOverKCP(t *testing.T) { func TestTLSOverKCP(t *testing.T) {
tcpServer := tcp.Server{ tcpServer := tcp.Server{
MsgProcessor: xor, MsgProcessor: xor,

9
transport/internet/tls/config.go
View File

@ -303,8 +303,13 @@ type Option func(*tls.Config)
// WithDestination sets the server name in TLS config. // WithDestination sets the server name in TLS config.
func WithDestination(dest net.Destination) Option { func WithDestination(dest net.Destination) Option {
return func(config *tls.Config) { return func(config *tls.Config) {
if dest.Address.Family().IsDomain() && config.ServerName == "" { if config.ServerName == "" {
config.ServerName = dest.Address.Domain() switch dest.Address.Family() {
case net.AddressFamilyDomain:
config.ServerName = dest.Address.Domain()
case net.AddressFamilyIPv4, net.AddressFamilyIPv6:
config.ServerName = dest.Address.IP().String()
}
} }
} }
} }