tls

package
v5.25.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 21, 2025 License: MIT Imports: 26 Imported by: 19

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	Certificate_Usage_name = map[int32]string{
		0: "ENCIPHERMENT",
		1: "AUTHORITY_VERIFY",
		2: "AUTHORITY_ISSUE",
		3: "AUTHORITY_VERIFY_CLIENT",
	}
	Certificate_Usage_value = map[string]int32{
		"ENCIPHERMENT":            0,
		"AUTHORITY_VERIFY":        1,
		"AUTHORITY_ISSUE":         2,
		"AUTHORITY_VERIFY_CLIENT": 3,
	}
)

Enum value maps for Certificate_Usage.

View Source
var (
	Config_TLSVersion_name = map[int32]string{
		0: "Default",
		1: "TLS1_0",
		2: "TLS1_1",
		3: "TLS1_2",
		4: "TLS1_3",
	}
	Config_TLSVersion_value = map[string]int32{
		"Default": 0,
		"TLS1_0":  1,
		"TLS1_1":  2,
		"TLS1_2":  3,
		"TLS1_3":  4,
	}
)

Enum value maps for Config_TLSVersion.

View Source
var File_transport_internet_tls_config_proto protoreflect.FileDescriptor

Functions

func ApplyECH added in v5.20.0

func ApplyECH(c *Config, config *tls.Config) error

func CalculatePEMCertChainSHA256Hash

func CalculatePEMCertChainSHA256Hash(certContent []byte) string

func GenerateCertChainHash

func GenerateCertChainHash(rawCerts [][]byte) []byte

func NewTLSSecurityEngineFromConfig added in v5.2.0

func NewTLSSecurityEngineFromConfig(config *Config) (security.Engine, error)

func QueryRecord added in v5.20.0

func QueryRecord(domain string, server string) ([]byte, error)

func Server

func Server(c net.Conn, config *tls.Config) net.Conn

Server initiates a TLS server handshake on the given connection.

Types

type Certificate

type Certificate struct {

	// TLS certificate in x509 format.
	Certificate []byte `protobuf:"bytes,1,opt,name=Certificate,proto3" json:"Certificate,omitempty"`
	// TLS key in x509 format.
	Key             []byte            `protobuf:"bytes,2,opt,name=Key,proto3" json:"Key,omitempty"`
	Usage           Certificate_Usage `protobuf:"varint,3,opt,name=usage,proto3,enum=v2ray.core.transport.internet.tls.Certificate_Usage" json:"usage,omitempty"`
	CertificateFile string            `protobuf:"bytes,96001,opt,name=certificate_file,json=certificateFile,proto3" json:"certificate_file,omitempty"`
	KeyFile         string            `protobuf:"bytes,96002,opt,name=key_file,json=keyFile,proto3" json:"key_file,omitempty"`
	// contains filtered or unexported fields
}

func ParseCertificate

func ParseCertificate(c *cert.Certificate) *Certificate

ParseCertificate converts a cert.Certificate to Certificate.

func (*Certificate) Descriptor deprecated

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCertificate

func (x *Certificate) GetCertificate() []byte

func (*Certificate) GetCertificateFile

func (x *Certificate) GetCertificateFile() string

func (*Certificate) GetKey

func (x *Certificate) GetKey() []byte

func (*Certificate) GetKeyFile

func (x *Certificate) GetKeyFile() string

func (*Certificate) GetUsage

func (x *Certificate) GetUsage() Certificate_Usage

func (*Certificate) ProtoMessage

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset

func (x *Certificate) Reset()

func (*Certificate) String

func (x *Certificate) String() string

type Certificate_Usage

type Certificate_Usage int32
const (
	Certificate_ENCIPHERMENT            Certificate_Usage = 0
	Certificate_AUTHORITY_VERIFY        Certificate_Usage = 1
	Certificate_AUTHORITY_ISSUE         Certificate_Usage = 2
	Certificate_AUTHORITY_VERIFY_CLIENT Certificate_Usage = 3
)

func (Certificate_Usage) Descriptor

func (Certificate_Usage) Enum

func (Certificate_Usage) EnumDescriptor deprecated

func (Certificate_Usage) EnumDescriptor() ([]byte, []int)

Deprecated: Use Certificate_Usage.Descriptor instead.

func (Certificate_Usage) Number

func (Certificate_Usage) String

func (x Certificate_Usage) String() string

func (Certificate_Usage) Type

type Config

type Config struct {

	// Whether or not to allow self-signed certificates.
	AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"`
	// List of certificates to be served on server.
	Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"`
	// Override server name.
	ServerName string `protobuf:"bytes,3,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"`
	// Lists of string as ALPN values.
	NextProtocol []string `protobuf:"bytes,4,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"`
	// Whether or not to enable session (ticket) resumption.
	EnableSessionResumption bool `` /* 133-byte string literal not displayed */
	// If true, root certificates on the system will not be loaded for
	// verification.
	DisableSystemRoot bool `protobuf:"varint,6,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"`
	// @Document A pinned certificate chain sha256 hash.
	// @Document If the server's hash does not match this value, the connection will be aborted.
	// @Document This value replace allow_insecure.
	// @Critical
	PinnedPeerCertificateChainSha256 [][]byte `` /* 163-byte string literal not displayed */
	// If true, the client is required to present a certificate.
	VerifyClientCertificate bool `` /* 133-byte string literal not displayed */
	// Minimum TLS version to support.
	MinVersion Config_TLSVersion `` /* 149-byte string literal not displayed */
	// Maximum TLS version to support.
	MaxVersion Config_TLSVersion `` /* 150-byte string literal not displayed */
	// Whether or not to allow self-signed certificates when pinned_peer_certificate_chain_sha256 is present.
	AllowInsecureIfPinnedPeerCertificate bool `` /* 179-byte string literal not displayed */
	// ECH Config in bytes format
	EchConfig []byte `protobuf:"bytes,16,opt,name=ech_config,json=echConfig,proto3" json:"ech_config,omitempty"`
	// DOH server to query HTTPS record for ECH
	Ech_DOHserver string `protobuf:"bytes,17,opt,name=ech_DOHserver,json=echDOHserver,proto3" json:"ech_DOHserver,omitempty"`
	// contains filtered or unexported fields
}

func ConfigFromStreamSettings

func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config

ConfigFromStreamSettings fetches Config from stream settings. Nil if not found.

func (*Config) BuildCertificates

func (c *Config) BuildCertificates() []tls.Certificate

BuildCertificates builds a list of TLS certificates from proto definition.

func (*Config) Descriptor deprecated

func (*Config) Descriptor() ([]byte, []int)

Deprecated: Use Config.ProtoReflect.Descriptor instead.

func (*Config) GetAllowInsecure

func (x *Config) GetAllowInsecure() bool

func (*Config) GetAllowInsecureIfPinnedPeerCertificate added in v5.18.0

func (x *Config) GetAllowInsecureIfPinnedPeerCertificate() bool

func (*Config) GetCertificate

func (x *Config) GetCertificate() []*Certificate

func (*Config) GetDisableSystemRoot

func (x *Config) GetDisableSystemRoot() bool

func (*Config) GetEchConfig added in v5.20.0

func (x *Config) GetEchConfig() []byte

func (*Config) GetEch_DOHserver added in v5.20.0

func (x *Config) GetEch_DOHserver() string

func (*Config) GetEnableSessionResumption

func (x *Config) GetEnableSessionResumption() bool

func (*Config) GetMaxVersion added in v5.15.0

func (x *Config) GetMaxVersion() Config_TLSVersion

func (*Config) GetMinVersion added in v5.15.0

func (x *Config) GetMinVersion() Config_TLSVersion

func (*Config) GetNextProtocol

func (x *Config) GetNextProtocol() []string

func (*Config) GetPinnedPeerCertificateChainSha256

func (x *Config) GetPinnedPeerCertificateChainSha256() [][]byte

func (*Config) GetServerName

func (x *Config) GetServerName() string

func (*Config) GetTLSConfig

func (c *Config) GetTLSConfig(opts ...Option) *tls.Config

GetTLSConfig converts this Config into tls.Config.

func (*Config) GetVerifyClientCertificate

func (x *Config) GetVerifyClientCertificate() bool

func (*Config) IsExperiment8357

func (c *Config) IsExperiment8357() bool

func (*Config) ProtoMessage

func (*Config) ProtoMessage()

func (*Config) ProtoReflect

func (x *Config) ProtoReflect() protoreflect.Message

func (*Config) Reset

func (x *Config) Reset()

func (*Config) String

func (x *Config) String() string

type Config_TLSVersion added in v5.15.0

type Config_TLSVersion int32
const (
	Config_Default Config_TLSVersion = 0
	Config_TLS1_0  Config_TLSVersion = 1
	Config_TLS1_1  Config_TLSVersion = 2
	Config_TLS1_2  Config_TLSVersion = 3
	Config_TLS1_3  Config_TLSVersion = 4
)

func (Config_TLSVersion) Descriptor added in v5.15.0

func (Config_TLSVersion) Enum added in v5.15.0

func (Config_TLSVersion) EnumDescriptor deprecated added in v5.15.0

func (Config_TLSVersion) EnumDescriptor() ([]byte, []int)

Deprecated: Use Config_TLSVersion.Descriptor instead.

func (Config_TLSVersion) Number added in v5.15.0

func (Config_TLSVersion) String added in v5.15.0

func (x Config_TLSVersion) String() string

func (Config_TLSVersion) Type added in v5.15.0

type Conn

type Conn struct {
	*tls.Conn
}

func Client

func Client(c net.Conn, config *tls.Config) *Conn

Client initiates a TLS client handshake on the given connection.

func (*Conn) GetConnectionApplicationProtocol added in v5.7.0

func (c *Conn) GetConnectionApplicationProtocol() (string, error)

func (*Conn) HandshakeAddress

func (c *Conn) HandshakeAddress() net.Address

func (*Conn) WriteMultiBuffer

func (c *Conn) WriteMultiBuffer(mb buf.MultiBuffer) error

type Engine added in v5.2.0

type Engine struct {
	// contains filtered or unexported fields
}

func (*Engine) Client added in v5.2.0

func (e *Engine) Client(conn net.Conn, opts ...security.Option) (security.Conn, error)

type Option

type Option func(*tls.Config)

Option for building TLS config.

func WithDestination

func WithDestination(dest net.Destination) Option

WithDestination sets the server name in TLS config.

func WithNextProto

func WithNextProto(protocol ...string) Option

WithNextProto sets the ALPN values in TLS config.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL