v5: Remove v2ctl & wv2ray (rebased from 7c1ab06206)

transport/internet/domainsocket/config.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package domainsocket
 
 import (

transport/internet/domainsocket/dial.go

@@ -1,5 +1,5 @@
-//go:build !windows && !wasm && !confonly
-// +build !windows,!wasm,!confonly
+// +build !windows
+// +build !wasm
 
 package domainsocket
 

transport/internet/domainsocket/listener.go

@@ -1,5 +1,5 @@
-//go:build !windows && !wasm && !confonly
-// +build !windows,!wasm,!confonly
+// +build !windows
+// +build !wasm
 
 package domainsocket
 

transport/internet/http/config.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package http
 
 import (

transport/internet/http/dialer.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package http
 
 import (
@@ -10,9 +7,10 @@ import (
 	"net/url"
 	"sync"
 
+	core "github.com/v2fly/v2ray-core/v4"
+
 	"golang.org/x/net/http2"
 
-	core "github.com/v2fly/v2ray-core/v4"
 	"github.com/v2fly/v2ray-core/v4/common"
 	"github.com/v2fly/v2ray-core/v4/common/buf"
 	"github.com/v2fly/v2ray-core/v4/common/net"
@@ -26,24 +24,16 @@ var (
 	globalDialerAccess sync.Mutex
 )
 
-type dialerCanceller func()
-
-func getHTTPClient(ctx context.Context, dest net.Destination, tlsSettings *tls.Config) (*http.Client, dialerCanceller) {
+func getHTTPClient(ctx context.Context, dest net.Destination, tlsSettings *tls.Config) *http.Client {
 	globalDialerAccess.Lock()
 	defer globalDialerAccess.Unlock()
 
-	canceller := func() {
-		globalDialerAccess.Lock()
-		defer globalDialerAccess.Unlock()
-		delete(globalDialerMap, dest)
-	}
-
 	if globalDialerMap == nil {
 		globalDialerMap = make(map[net.Destination]*http.Client)
 	}
 
 	if client, found := globalDialerMap[dest]; found {
-		return client, canceller
+		return client
 	}
 
 	transport := &http2.Transport{
@@ -90,7 +80,7 @@ func getHTTPClient(ctx context.Context, dest net.Destination, tlsSettings *tls.C
 	}
 
 	globalDialerMap[dest] = client
-	return client, canceller
+	return client
 }
 
 // Dial dials a new TCP connection to the given destination.
@@ -100,7 +90,7 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me
 	if tlsConfig == nil {
 		return nil, newError("TLS must be enabled for http transport.").AtWarning()
 	}
-	client, canceller := getHTTPClient(ctx, dest, tlsConfig)
+	client := getHTTPClient(ctx, dest, tlsConfig)
 
 	opts := pipe.OptionsFromContext(ctx)
 	preader, pwriter := pipe.New(opts...)
@@ -138,7 +128,6 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me
 
 	response, err := client.Do(request) // nolint: bodyclose
 	if err != nil {
-		canceller()
 		return nil, newError("failed to dial to ", dest).Base(err).AtWarning()
 	}
 	if response.StatusCode != 200 {

transport/internet/http/hub.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package http
 
 import (

transport/internet/kcp/config.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package kcp
 
 import (

transport/internet/kcp/connection.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package kcp
 
 import (

transport/internet/kcp/crypt.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package kcp
 
 import (

transport/internet/kcp/dialer.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package kcp
 
 import (

transport/internet/kcp/io.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package kcp
 
 import (

transport/internet/kcp/listener.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package kcp
 
 import (

transport/internet/kcp/output.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package kcp
 
 import (

transport/internet/kcp/receiving.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package kcp
 
 import (

transport/internet/kcp/segment.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package kcp
 
 import (

transport/internet/kcp/sending.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package kcp
 
 import (

transport/internet/quic/config.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package quic
 
 import (

transport/internet/quic/conn.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package quic
 
 import (

transport/internet/quic/dialer.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package quic
 
 import (

transport/internet/quic/hub.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package quic
 
 import (

transport/internet/quic/pool.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package quic
 
 import (

transport/internet/quic/quic.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package quic
 
 import (

transport/internet/tcp/config.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package tcp
 
 import (

transport/internet/tcp/dialer.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package tcp
 
 import (

transport/internet/tcp/hub.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package tcp
 
 import (

transport/internet/tcp/sockopt_freebsd.go

@@ -1,5 +1,4 @@
-//go:build freebsd && !confonly
-// +build freebsd,!confonly
+// +build freebsd
 
 package tcp
 

transport/internet/tcp/sockopt_linux.go

@@ -1,5 +1,4 @@
-//go:build linux && !confonly
-// +build linux,!confonly
+// +build linux
 
 package tcp
 

transport/internet/tcp/sockopt_other.go

@@ -1,5 +1,4 @@
-//go:build !linux && !freebsd && !confonly
-// +build !linux,!freebsd,!confonly
+// +build !linux,!freebsd
 
 package tcp
 

transport/internet/tls/config.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package tls
 
 import (
@@ -36,32 +33,6 @@ func ParseCertificate(c *cert.Certificate) *Certificate {
 func (c *Config) loadSelfCertPool() (*x509.CertPool, error) {
 	root := x509.NewCertPool()
 	for _, cert := range c.Certificate {
-		/* Do not treat client certificate authority as a peer certificate authority.
-		   This is designed to prevent a client certificate with a permissive key usage from being used to attacker server.
-		   In next release, the certificate usage will be enforced strictly.
-		   Only a certificate with AUTHORITY_VERIFY usage will be accepted.
-		*/
-		if cert.Usage == Certificate_AUTHORITY_VERIFY_CLIENT {
-			continue
-		}
-		if !root.AppendCertsFromPEM(cert.Certificate) {
-			return nil, newError("failed to append cert").AtWarning()
-		}
-	}
-	return root, nil
-}
-
-func (c *Config) loadSelfCertPoolClientCA() (*x509.CertPool, error) {
-	root := x509.NewCertPool()
-	for _, cert := range c.Certificate {
-		/* Do not treat client certificate authority as a peer certificate authority.
-		   This is designed to prevent a client certificate with a permissive key usage from being used to attacker server.
-		   In next release, the certificate usage will be enforced strictly.
-		   Only a certificate with AUTHORITY_VERIFY usage will be accepted.
-		*/
-		if cert.Usage != Certificate_AUTHORITY_VERIFY_CLIENT {
-			continue
-		}
 		if !root.AppendCertsFromPEM(cert.Certificate) {
 			return nil, newError("failed to append cert").AtWarning()
 		}
@@ -228,11 +199,6 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 		newError("failed to load system root certificate").AtError().Base(err).WriteToLog()
 	}
 
-	clientRoot, err := c.loadSelfCertPoolClientCA()
-	if err != nil {
-		newError("failed to load client root certificate").AtError().Base(err).WriteToLog()
-	}
-
 	if c == nil {
 		return &tls.Config{
 			ClientSessionCache:     globalSessionCache,
@@ -242,6 +208,7 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 			SessionTicketsDisabled: true,
 		}
 	}
+
 	config := &tls.Config{
 		ClientSessionCache:     globalSessionCache,
 		RootCAs:                root,
@@ -249,15 +216,12 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 		NextProtos:             c.NextProtocol,
 		SessionTicketsDisabled: !c.EnableSessionResumption,
 		VerifyPeerCertificate:  c.verifyPeerCert,
-		ClientCAs:              clientRoot,
 	}
 
 	for _, opt := range opts {
 		opt(config)
 	}
-	if c.VerifyClientCertificate {
-		config.ClientAuth = tls.RequireAndVerifyClientCert
-	}
+
 	config.Certificates = c.BuildCertificates()
 	config.BuildNameToCertificate()
 

transport/internet/tls/config_other.go

@@ -1,5 +1,4 @@
-//go:build !windows && !confonly
-// +build !windows,!confonly
+// +build !windows
 
 package tls
 
@@ -45,15 +44,6 @@ func (c *Config) getCertPool() (*x509.CertPool, error) {
 		return nil, newError("system root").AtWarning().Base(err)
 	}
 	for _, cert := range c.Certificate {
-		/* Do not treat client certificate authority as a peer certificate authority.
-		   This is designed to prevent a client certificate with a permissive key usage from being used to attacker server.
-		   In next release, the certificate usage will be enforced strictly.
-		   Only a certificate with AUTHORITY_VERIFY usage will be accepted.
-		*/
-		if cert.Usage == Certificate_AUTHORITY_VERIFY_CLIENT {
-			continue
-		}
-
 		if !pool.AppendCertsFromPEM(cert.Certificate) {
 			return nil, newError("append cert to root").AtWarning().Base(err)
 		}

transport/internet/tls/config_windows.go

@@ -1,5 +1,4 @@
-//go:build windows && !confonly
-// +build windows,!confonly
+// +build windows
 
 package tls
 

transport/internet/tls/tls.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package tls
 
 import (

transport/internet/websocket/config.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package websocket
 
 import (

transport/internet/websocket/connection.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package websocket
 
 import (

transport/internet/websocket/dialer.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package websocket
 
 import (

transport/internet/websocket/hub.go

@@ -1,6 +1,3 @@
-//go:build !confonly
-// +build !confonly
-
 package websocket
 
 import (