tls

package
v5.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2024 License: MIT Imports: 26 Imported by: 19

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	Certificate_Usage_name = map[int32]string{
		0: "ENCIPHERMENT",
		1: "AUTHORITY_VERIFY",
		2: "AUTHORITY_ISSUE",
		3: "AUTHORITY_VERIFY_CLIENT",
	}
	Certificate_Usage_value = map[string]int32{
		"ENCIPHERMENT":            0,
		"AUTHORITY_VERIFY":        1,
		"AUTHORITY_ISSUE":         2,
		"AUTHORITY_VERIFY_CLIENT": 3,
	}
)

Enum value maps for Certificate_Usage.

View Source 
var (
	Config_TLSVersion_name = map[int32]string{
		0: "Default",
		1: "TLS1_0",
		2: "TLS1_1",
		3: "TLS1_2",
		4: "TLS1_3",
	}
	Config_TLSVersion_value = map[string]int32{
		"Default": 0,
		"TLS1_0":  1,
		"TLS1_1":  2,
		"TLS1_2":  3,
		"TLS1_3":  4,
	}
)

Enum value maps for Config_TLSVersion.

View Source 
var File_transport_internet_tls_config_proto protoreflect.FileDescriptor

Functions

func ApplyECH added in v5.20.0 

func ApplyECH(c *Config, config *tls.Config) error

func CalculatePEMCertChainSHA256Hash 

func CalculatePEMCertChainSHA256Hash(certContent []byte) string

func GenerateCertChainHash 

func GenerateCertChainHash(rawCerts [][]byte) []byte

func NewTLSSecurityEngineFromConfig added in v5.2.0 

func NewTLSSecurityEngineFromConfig(config *Config) (security.Engine, error)

func QueryRecord added in v5.20.0 

func QueryRecord(domain string, server string) ([]byte, error)

func Server 

func Server(c net.Conn, config *tls.Config) net.Conn

Server initiates a TLS server handshake on the given connection.

Types

type Certificate 

type Certificate struct {

	// TLS certificate in x509 format.
	Certificate []byte `protobuf:"bytes,1,opt,name=Certificate,proto3" json:"Certificate,omitempty"`
	// TLS key in x509 format.
	Key             []byte            `protobuf:"bytes,2,opt,name=Key,proto3" json:"Key,omitempty"`
	Usage           Certificate_Usage `protobuf:"varint,3,opt,name=usage,proto3,enum=v2ray.core.transport.internet.tls.Certificate_Usage" json:"usage,omitempty"`
	CertificateFile string            `protobuf:"bytes,96001,opt,name=certificate_file,json=certificateFile,proto3" json:"certificate_file,omitempty"`
	KeyFile         string            `protobuf:"bytes,96002,opt,name=key_file,json=keyFile,proto3" json:"key_file,omitempty"`
	// contains filtered or unexported fields
}

func ParseCertificate 

func ParseCertificate(c *cert.Certificate) *Certificate

ParseCertificate converts a cert.Certificate to Certificate.

func (*Certificate) Descriptor deprecated 

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetCertificate 

func (x *Certificate) GetCertificate() []byte

func (*Certificate) GetCertificateFile 

func (x *Certificate) GetCertificateFile() string

func (*Certificate) GetKey 

func (x *Certificate) GetKey() []byte

func (*Certificate) GetKeyFile 

func (x *Certificate) GetKeyFile() string

func (*Certificate) GetUsage 

func (x *Certificate) GetUsage() Certificate_Usage

func (*Certificate) ProtoMessage 

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect 

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset 

func (x *Certificate) Reset()

func (*Certificate) String 

func (x *Certificate) String() string

type Certificate_Usage 

type Certificate_Usage int32
const (
	Certificate_ENCIPHERMENT            Certificate_Usage = 0
	Certificate_AUTHORITY_VERIFY        Certificate_Usage = 1
	Certificate_AUTHORITY_ISSUE         Certificate_Usage = 2
	Certificate_AUTHORITY_VERIFY_CLIENT Certificate_Usage = 3
)

func (Certificate_Usage) Descriptor 

func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor

func (Certificate_Usage) Enum 

func (x Certificate_Usage) Enum() *Certificate_Usage

func (Certificate_Usage) EnumDescriptor deprecated 

func (Certificate_Usage) EnumDescriptor() ([]byte, []int)

Deprecated: Use Certificate_Usage.Descriptor instead.

func (Certificate_Usage) Number 

func (x Certificate_Usage) Number() protoreflect.EnumNumber

func (Certificate_Usage) String 

func (x Certificate_Usage) String() string

func (Certificate_Usage) Type 

func (Certificate_Usage) Type() protoreflect.EnumType

type Config 

type Config struct {

	// Whether or not to allow self-signed certificates.
	AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"`
	// List of certificates to be served on server.
	Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"`
	// Override server name.
	ServerName string `protobuf:"bytes,3,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"`
	// Lists of string as ALPN values.
	NextProtocol []string `protobuf:"bytes,4,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"`
	// Whether or not to enable session (ticket) resumption.
	EnableSessionResumption bool `` /* 133-byte string literal not displayed */
	// If true, root certificates on the system will not be loaded for
	// verification.
	DisableSystemRoot bool `protobuf:"varint,6,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"`
	// @Document A pinned certificate chain sha256 hash.
	// @Document If the server's hash does not match this value, the connection will be aborted.
	// @Document This value replace allow_insecure.
	// @Critical
	PinnedPeerCertificateChainSha256 [][]byte `` /* 163-byte string literal not displayed */
	// If true, the client is required to present a certificate.
	VerifyClientCertificate bool `` /* 133-byte string literal not displayed */
	// Minimum TLS version to support.
	MinVersion Config_TLSVersion `` /* 149-byte string literal not displayed */
	// Maximum TLS version to support.
	MaxVersion Config_TLSVersion `` /* 150-byte string literal not displayed */
	// Whether or not to allow self-signed certificates when pinned_peer_certificate_chain_sha256 is present.
	AllowInsecureIfPinnedPeerCertificate bool `` /* 179-byte string literal not displayed */
	// ECH Config in bytes format
	EchConfig []byte `protobuf:"bytes,16,opt,name=ech_config,json=echConfig,proto3" json:"ech_config,omitempty"`
	// DOH server to query HTTPS record for ECH
	Ech_DOHserver string `protobuf:"bytes,17,opt,name=ech_DOHserver,json=echDOHserver,proto3" json:"ech_DOHserver,omitempty"`
	// contains filtered or unexported fields
}

func ConfigFromStreamSettings 

func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config

ConfigFromStreamSettings fetches Config from stream settings. Nil if not found.

func (*Config) BuildCertificates 

func (c *Config) BuildCertificates() []tls.Certificate

BuildCertificates builds a list of TLS certificates from proto definition.

func (*Config) Descriptor deprecated 

func (*Config) Descriptor() ([]byte, []int)

Deprecated: Use Config.ProtoReflect.Descriptor instead.

func (*Config) GetAllowInsecure 

func (x *Config) GetAllowInsecure() bool

func (*Config) GetAllowInsecureIfPinnedPeerCertificate added in v5.18.0 

func (x *Config) GetAllowInsecureIfPinnedPeerCertificate() bool

func (*Config) GetCertificate 

func (x *Config) GetCertificate() []*Certificate

func (*Config) GetDisableSystemRoot 

func (x *Config) GetDisableSystemRoot() bool

func (*Config) GetEchConfig added in v5.20.0 

func (x *Config) GetEchConfig() []byte

func (*Config) GetEch_DOHserver added in v5.20.0 

func (x *Config) GetEch_DOHserver() string

func (*Config) GetEnableSessionResumption 

func (x *Config) GetEnableSessionResumption() bool

func (*Config) GetMaxVersion added in v5.15.0 

func (x *Config) GetMaxVersion() Config_TLSVersion

func (*Config) GetMinVersion added in v5.15.0 

func (x *Config) GetMinVersion() Config_TLSVersion

func (*Config) GetNextProtocol 

func (x *Config) GetNextProtocol() []string

func (*Config) GetPinnedPeerCertificateChainSha256 

func (x *Config) GetPinnedPeerCertificateChainSha256() [][]byte

func (*Config) GetServerName 

func (x *Config) GetServerName() string

func (*Config) GetTLSConfig 

func (c *Config) GetTLSConfig(opts ...Option) *tls.Config

GetTLSConfig converts this Config into tls.Config.

func (*Config) GetVerifyClientCertificate 

func (x *Config) GetVerifyClientCertificate() bool

func (*Config) IsExperiment8357 

func (c *Config) IsExperiment8357() bool

func (*Config) ProtoMessage 

func (*Config) ProtoMessage()

func (*Config) ProtoReflect 

func (x *Config) ProtoReflect() protoreflect.Message

func (*Config) Reset 

func (x *Config) Reset()

func (*Config) String 

func (x *Config) String() string

type Config_TLSVersion added in v5.15.0 

type Config_TLSVersion int32
const (
	Config_Default Config_TLSVersion = 0
	Config_TLS1_0  Config_TLSVersion = 1
	Config_TLS1_1  Config_TLSVersion = 2
	Config_TLS1_2  Config_TLSVersion = 3
	Config_TLS1_3  Config_TLSVersion = 4
)

func (Config_TLSVersion) Descriptor added in v5.15.0 

func (Config_TLSVersion) Descriptor() protoreflect.EnumDescriptor

func (Config_TLSVersion) Enum added in v5.15.0 

func (x Config_TLSVersion) Enum() *Config_TLSVersion

func (Config_TLSVersion) EnumDescriptor deprecated added in v5.15.0 

func (Config_TLSVersion) EnumDescriptor() ([]byte, []int)

Deprecated: Use Config_TLSVersion.Descriptor instead.

func (Config_TLSVersion) Number added in v5.15.0 

func (x Config_TLSVersion) Number() protoreflect.EnumNumber

func (Config_TLSVersion) String added in v5.15.0 

func (x Config_TLSVersion) String() string

func (Config_TLSVersion) Type added in v5.15.0 

func (Config_TLSVersion) Type() protoreflect.EnumType

type Conn 

type Conn struct {
	*tls.Conn
}

func Client 

func Client(c net.Conn, config *tls.Config) *Conn

Client initiates a TLS client handshake on the given connection.

func (*Conn) GetConnectionApplicationProtocol added in v5.7.0 

func (c *Conn) GetConnectionApplicationProtocol() (string, error)

func (*Conn) HandshakeAddress 

func (c *Conn) HandshakeAddress() net.Address

func (*Conn) WriteMultiBuffer 

func (c *Conn) WriteMultiBuffer(mb buf.MultiBuffer) error

type Engine added in v5.2.0 

type Engine struct {
	// contains filtered or unexported fields
}

func (*Engine) Client added in v5.2.0 

func (e *Engine) Client(conn net.Conn, opts ...security.Option) (security.Conn, error)

type Option 

type Option func(*tls.Config)

Option for building TLS config.

func WithDestination 

func WithDestination(dest net.Destination) Option

WithDestination sets the server name in TLS config.

func WithNextProto 

func WithNextProto(protocol ...string) Option

WithNextProto sets the ALPN values in TLS config.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.