evan/gost
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix TLS Client verification and SSL Pinning introduced in uTLS

Browse Source
This commit is contained in:
wenyifan 2022-10-27 09:15:31 +08:00
parent b1cd2b2c37
commit a37f4d0019
4 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gost.go
View File

@ -20,7 +20,7 @@ import (
) )
// Version is the gost version. // Version is the gost version.
const Version = "2.11.2-EvanMod-v1.2.2" const Version = "2.11.2-EvanMod-v1.2.3"
const ProxyAgent = "nginx" const ProxyAgent = "nginx"
// Debug is a flag that enables the debug log. // Debug is a flag that enables the debug log.

4
strong_mod.sh
View File

@ -1,2 +1,6 @@
sed -b -i s/\*gost./*evan./g $1 sed -b -i s/\*gost./*evan./g $1
sed -b -i s/]gost./]evan./g $1 sed -b -i s/]gost./]evan./g $1
sed -b -i s#ginuerzh/gost#evanevan/evan#g $1
sed -b -i s#go-gost#ev-evan#g $1
sed -b -i s#gost.#evan.#g $1
sed -b -i s#cmd/gost#cmd/evan#g $1

17
tls.go
View File

@ -280,10 +280,23 @@ func wrapTLSClient(conn net.Conn, tlsConfig *tls.Config, timeout time.Duration,
//tlsConn := tls.Client(conn, tlsConfig) //tlsConn := tls.Client(conn, tlsConfig)
var tlsConn *utls.UConn var tlsConn *utls.UConn
utlsConf := &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName, ClientAuth: utls.ClientAuthType(tlsConfig.ClientAuth), ClientCAs: tlsConfig.ClientCAs, RootCAs: tlsConfig.RootCAs}
if len(tlsConfig.Certificates) > 0 {
for _, certificate := range tlsConfig.Certificates {
utlsConf.Certificates = append(utlsConf.Certificates, utls.Certificate{
Certificate: certificate.Certificate,
PrivateKey: certificate.PrivateKey,
OCSPStaple: certificate.OCSPStaple,
SignedCertificateTimestamps: certificate.SignedCertificateTimestamps,
Leaf: certificate.Leaf,
})
}
}
if h2Alpn { if h2Alpn {
tlsConn = utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloChrome_Auto) tlsConn = utls.UClient(conn, utlsConf, utls.HelloChrome_Auto)
} else { } else {
tlsConn = utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom) tlsConn = utls.UClient(conn, utlsConf, utls.HelloCustom)
tlsConn.ApplyPreset(newWsSpec()) tlsConn.ApplyPreset(newWsSpec())
} }

14
ws.go
View File

@ -837,7 +837,19 @@ func websocketClientConn(url string, conn net.Conn, tlsConfig *tls.Config, optio
return conn, nil return conn, nil
}, },
NetDialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) { NetDialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
client := utls.UClient(conn, &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName}, utls.HelloCustom) utlsConf := &utls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName, ClientAuth: utls.ClientAuthType(tlsConfig.ClientAuth), ClientCAs: tlsConfig.ClientCAs, RootCAs: tlsConfig.RootCAs}
if len(tlsConfig.Certificates) > 0 {
for _, certificate := range tlsConfig.Certificates {
utlsConf.Certificates = append(utlsConf.Certificates, utls.Certificate{
Certificate: certificate.Certificate,
PrivateKey: certificate.PrivateKey,
OCSPStaple: certificate.OCSPStaple,
SignedCertificateTimestamps: certificate.SignedCertificateTimestamps,
Leaf: certificate.Leaf,
})
}
}
client := utls.UClient(conn, utlsConf, utls.HelloCustom)
client.ApplyPreset(newWsSpec()) client.ApplyPreset(newWsSpec())
err := client.Handshake() err := client.Handshake()
if err != nil { if err != nil {