Documentation ¶
Index ¶
- Variables
- func CalculatePEMCertChainSHA256Hash(certContent []byte) string
- func Client(c net.Conn, config *tls.Config) net.Conn
- func GenerateCertChainHash(rawCerts [][]byte) []byte
- func GenerateCertPublicKeyHash(cert *x509.Certificate) []byte
- func GetFingerprint(name string) (fingerprint *utls.ClientHelloID)
- func NewGrpcUtls(c *gotls.Config, fingerprint *utls.ClientHelloID) credentials.TransportCredentials
- func Server(c net.Conn, config *tls.Config) net.Conn
- func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) net.Conn
- type Certificate
- func (*Certificate) Descriptor() ([]byte, []int)deprecated
- func (x *Certificate) GetBuildChain() bool
- func (x *Certificate) GetCertificate() []byte
- func (x *Certificate) GetCertificatePath() string
- func (x *Certificate) GetKey() []byte
- func (x *Certificate) GetKeyPath() string
- func (x *Certificate) GetOcspStapling() uint64
- func (x *Certificate) GetOneTimeLoading() bool
- func (x *Certificate) GetUsage() Certificate_Usage
- func (*Certificate) ProtoMessage()
- func (x *Certificate) ProtoReflect() protoreflect.Message
- func (x *Certificate) Reset()
- func (x *Certificate) String() string
- type Certificate_Usage
- func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor
- func (x Certificate_Usage) Enum() *Certificate_Usage
- func (Certificate_Usage) EnumDescriptor() ([]byte, []int)deprecated
- func (x Certificate_Usage) Number() protoreflect.EnumNumber
- func (x Certificate_Usage) String() string
- func (Certificate_Usage) Type() protoreflect.EnumType
- type Config
- func (c *Config) BuildCertificates() []*tls.Certificate
- func (*Config) Descriptor() ([]byte, []int)deprecated
- func (x *Config) GetAllowInsecure() bool
- func (x *Config) GetCertificate() []*Certificate
- func (x *Config) GetCipherSuites() string
- func (x *Config) GetDisableSystemRoot() bool
- func (x *Config) GetEnableSessionResumption() bool
- func (x *Config) GetFingerprint() string
- func (x *Config) GetMasterKeyLog() string
- func (x *Config) GetMaxVersion() string
- func (x *Config) GetMinVersion() string
- func (x *Config) GetNextProtocol() []string
- func (x *Config) GetPinnedPeerCertificateChainSha256() [][]byte
- func (x *Config) GetPinnedPeerCertificatePublicKeySha256() [][]byte
- func (x *Config) GetPreferServerCipherSuites() booldeprecated
- func (x *Config) GetRejectUnknownSni() bool
- func (x *Config) GetServerName() string
- func (c *Config) GetTLSConfig(opts ...Option) *tls.Config
- func (*Config) ProtoMessage()
- func (x *Config) ProtoReflect() protoreflect.Message
- func (x *Config) Reset()
- func (x *Config) String() string
- type Conn
- type Interface
- type Option
- type UConn
Constants ¶
This section is empty.
Variables ¶
var ( Certificate_Usage_name = map[int32]string{ 0: "ENCIPHERMENT", 1: "AUTHORITY_VERIFY", 2: "AUTHORITY_ISSUE", } Certificate_Usage_value = map[string]int32{ "ENCIPHERMENT": 0, "AUTHORITY_VERIFY": 1, "AUTHORITY_ISSUE": 2, } )
Enum value maps for Certificate_Usage.
var File_transport_internet_tls_config_proto protoreflect.FileDescriptor
var ModernFingerprints = map[string]*utls.ClientHelloID{ "hellofirefox_99": &utls.HelloFirefox_99, "hellofirefox_102": &utls.HelloFirefox_102, "hellofirefox_105": &utls.HelloFirefox_105, "hellochrome_83": &utls.HelloChrome_83, "hellochrome_87": &utls.HelloChrome_87, "hellochrome_96": &utls.HelloChrome_96, "hellochrome_100": &utls.HelloChrome_100, "hellochrome_102": &utls.HelloChrome_102, "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, "helloios_13": &utls.HelloIOS_13, "helloios_14": &utls.HelloIOS_14, "helloedge_85": &utls.HelloEdge_85, "helloedge_106": &utls.HelloEdge_106, "hellosafari_16_0": &utls.HelloSafari_16_0, "hello360_11_0": &utls.Hello360_11_0, "helloqq_11_1": &utls.HelloQQ_11_1, }
var OtherFingerprints = map[string]*utls.ClientHelloID{ "hellogolang": &utls.HelloGolang, "hellorandomized": &utls.HelloRandomized, "hellorandomizedalpn": &utls.HelloRandomizedALPN, "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, "hellofirefox_auto": &utls.HelloFirefox_Auto, "hellofirefox_55": &utls.HelloFirefox_55, "hellofirefox_56": &utls.HelloFirefox_56, "hellofirefox_63": &utls.HelloFirefox_63, "hellofirefox_65": &utls.HelloFirefox_65, "hellochrome_auto": &utls.HelloChrome_Auto, "hellochrome_58": &utls.HelloChrome_58, "hellochrome_62": &utls.HelloChrome_62, "hellochrome_70": &utls.HelloChrome_70, "hellochrome_72": &utls.HelloChrome_72, "helloios_auto": &utls.HelloIOS_Auto, "helloios_11_1": &utls.HelloIOS_11_1, "helloios_12_1": &utls.HelloIOS_12_1, "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, "helloedge_auto": &utls.HelloEdge_Auto, "hellosafari_auto": &utls.HelloSafari_Auto, "hello360_auto": &utls.Hello360_Auto, "hello360_7_5": &utls.Hello360_7_5, "helloqq_auto": &utls.HelloQQ_Auto, }
var PresetFingerprints = map[string]*utls.ClientHelloID{ "chrome": &utls.HelloChrome_Auto, "firefox": &utls.HelloFirefox_Auto, "safari": &utls.HelloSafari_Auto, "ios": &utls.HelloIOS_Auto, "android": &utls.HelloAndroid_11_OkHttp, "edge": &utls.HelloEdge_Auto, "360": &utls.Hello360_Auto, "qq": &utls.HelloQQ_Auto, "random": nil, "randomized": nil, }
Functions ¶
func CalculatePEMCertChainSHA256Hash ¶ added in v1.5.1
func GenerateCertChainHash ¶ added in v1.5.1
func GenerateCertPublicKeyHash ¶ added in v1.8.0
func GenerateCertPublicKeyHash(cert *x509.Certificate) []byte
func GetFingerprint ¶ added in v1.7.3
func GetFingerprint(name string) (fingerprint *utls.ClientHelloID)
func NewGrpcUtls ¶ added in v1.6.1
func NewGrpcUtls(c *gotls.Config, fingerprint *utls.ClientHelloID) credentials.TransportCredentials
NewGrpcUtls uses c to construct a TransportCredentials based on uTLS.
Types ¶
type Certificate ¶
type Certificate struct { // TLS certificate in x509 format. Certificate []byte `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"` // TLS key in x509 format. Key []byte `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` Usage Certificate_Usage `protobuf:"varint,3,opt,name=usage,proto3,enum=xray.transport.internet.tls.Certificate_Usage" json:"usage,omitempty"` OcspStapling uint64 `protobuf:"varint,4,opt,name=ocsp_stapling,json=ocspStapling,proto3" json:"ocsp_stapling,omitempty"` // TLS certificate path CertificatePath string `protobuf:"bytes,5,opt,name=certificate_path,json=certificatePath,proto3" json:"certificate_path,omitempty"` // TLS Key path KeyPath string `protobuf:"bytes,6,opt,name=key_path,json=keyPath,proto3" json:"key_path,omitempty"` // If true, one-Time Loading OneTimeLoading bool `protobuf:"varint,7,opt,name=One_time_loading,json=OneTimeLoading,proto3" json:"One_time_loading,omitempty"` BuildChain bool `protobuf:"varint,8,opt,name=build_chain,json=buildChain,proto3" json:"build_chain,omitempty"` // contains filtered or unexported fields }
func ParseCertificate ¶
func ParseCertificate(c *cert.Certificate) *Certificate
ParseCertificate converts a cert.Certificate to Certificate.
func (*Certificate) Descriptor
deprecated
func (*Certificate) Descriptor() ([]byte, []int)
Deprecated: Use Certificate.ProtoReflect.Descriptor instead.
func (*Certificate) GetBuildChain ¶ added in v1.8.22
func (x *Certificate) GetBuildChain() bool
func (*Certificate) GetCertificate ¶
func (x *Certificate) GetCertificate() []byte
func (*Certificate) GetCertificatePath ¶ added in v1.3.0
func (x *Certificate) GetCertificatePath() string
func (*Certificate) GetKey ¶
func (x *Certificate) GetKey() []byte
func (*Certificate) GetKeyPath ¶ added in v1.3.0
func (x *Certificate) GetKeyPath() string
func (*Certificate) GetOcspStapling ¶ added in v1.1.5
func (x *Certificate) GetOcspStapling() uint64
func (*Certificate) GetOneTimeLoading ¶ added in v1.3.1
func (x *Certificate) GetOneTimeLoading() bool
func (*Certificate) GetUsage ¶
func (x *Certificate) GetUsage() Certificate_Usage
func (*Certificate) ProtoMessage ¶
func (*Certificate) ProtoMessage()
func (*Certificate) ProtoReflect ¶
func (x *Certificate) ProtoReflect() protoreflect.Message
func (*Certificate) Reset ¶
func (x *Certificate) Reset()
func (*Certificate) String ¶
func (x *Certificate) String() string
type Certificate_Usage ¶
type Certificate_Usage int32
const ( Certificate_ENCIPHERMENT Certificate_Usage = 0 Certificate_AUTHORITY_VERIFY Certificate_Usage = 1 Certificate_AUTHORITY_ISSUE Certificate_Usage = 2 )
func (Certificate_Usage) Descriptor ¶
func (Certificate_Usage) Descriptor() protoreflect.EnumDescriptor
func (Certificate_Usage) Enum ¶
func (x Certificate_Usage) Enum() *Certificate_Usage
func (Certificate_Usage) EnumDescriptor
deprecated
func (Certificate_Usage) EnumDescriptor() ([]byte, []int)
Deprecated: Use Certificate_Usage.Descriptor instead.
func (Certificate_Usage) Number ¶
func (x Certificate_Usage) Number() protoreflect.EnumNumber
func (Certificate_Usage) String ¶
func (x Certificate_Usage) String() string
func (Certificate_Usage) Type ¶
func (Certificate_Usage) Type() protoreflect.EnumType
type Config ¶
type Config struct { // Whether or not to allow self-signed certificates. AllowInsecure bool `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"` // List of certificates to be served on server. Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"` // Override server name. ServerName string `protobuf:"bytes,3,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"` // Lists of string as ALPN values. NextProtocol []string `protobuf:"bytes,4,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"` // Whether or not to enable session (ticket) resumption. EnableSessionResumption bool `` /* 133-byte string literal not displayed */ // If true, root certificates on the system will not be loaded for // verification. DisableSystemRoot bool `protobuf:"varint,6,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"` // The minimum TLS version. MinVersion string `protobuf:"bytes,7,opt,name=min_version,json=minVersion,proto3" json:"min_version,omitempty"` // The maximum TLS version. MaxVersion string `protobuf:"bytes,8,opt,name=max_version,json=maxVersion,proto3" json:"max_version,omitempty"` // Specify cipher suites, except for TLS 1.3. CipherSuites string `protobuf:"bytes,9,opt,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` // Whether the server selects its most preferred ciphersuite. // Deprecated: crypto/tls has ignored this field. // // Deprecated: Marked as deprecated in transport/internet/tls/config.proto. PreferServerCipherSuites bool `` /* 139-byte string literal not displayed */ // TLS Client Hello fingerprint (uTLS). Fingerprint string `protobuf:"bytes,11,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` RejectUnknownSni bool `protobuf:"varint,12,opt,name=reject_unknown_sni,json=rejectUnknownSni,proto3" json:"reject_unknown_sni,omitempty"` // @Document A pinned certificate chain sha256 hash. // @Document If the server's hash does not match this value, the connection will be aborted. // @Document This value replace allow_insecure. // @Critical PinnedPeerCertificateChainSha256 [][]byte `` /* 164-byte string literal not displayed */ // @Document A pinned certificate public key sha256 hash. // @Document If the server's public key hash does not match this value, the connection will be aborted. // @Document This value replace allow_insecure. // @Critical PinnedPeerCertificatePublicKeySha256 [][]byte `` /* 178-byte string literal not displayed */ MasterKeyLog string `protobuf:"bytes,15,opt,name=master_key_log,json=masterKeyLog,proto3" json:"master_key_log,omitempty"` // contains filtered or unexported fields }
func ConfigFromStreamSettings ¶
func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config
ConfigFromStreamSettings fetches Config from stream settings. Nil if not found.
func (*Config) BuildCertificates ¶
func (c *Config) BuildCertificates() []*tls.Certificate
BuildCertificates builds a list of TLS certificates from proto definition.
func (*Config) Descriptor
deprecated
func (*Config) GetAllowInsecure ¶
func (*Config) GetCertificate ¶
func (x *Config) GetCertificate() []*Certificate
func (*Config) GetCipherSuites ¶ added in v1.1.4
func (*Config) GetDisableSystemRoot ¶
func (*Config) GetEnableSessionResumption ¶ added in v1.2.0
func (*Config) GetFingerprint ¶ added in v1.4.1
func (*Config) GetMasterKeyLog ¶ added in v1.8.7
func (*Config) GetMaxVersion ¶ added in v1.1.4
func (*Config) GetMinVersion ¶ added in v1.1.4
func (*Config) GetNextProtocol ¶
func (*Config) GetPinnedPeerCertificateChainSha256 ¶ added in v1.5.1
func (*Config) GetPinnedPeerCertificatePublicKeySha256 ¶ added in v1.8.0
func (*Config) GetPreferServerCipherSuites
deprecated
added in
v1.1.4
func (*Config) GetRejectUnknownSni ¶ added in v1.4.3
func (*Config) GetServerName ¶
func (*Config) GetTLSConfig ¶
GetTLSConfig converts this Config into tls.Config.
func (*Config) ProtoMessage ¶
func (*Config) ProtoMessage()
func (*Config) ProtoReflect ¶
func (x *Config) ProtoReflect() protoreflect.Message
type Conn ¶
func (*Conn) HandshakeAddressContext ¶ added in v1.8.8
func (*Conn) NegotiatedProtocol ¶ added in v1.6.1
func (*Conn) WriteMultiBuffer ¶
func (c *Conn) WriteMultiBuffer(mb buf.MultiBuffer) error
type Option ¶
Option for building TLS config.
func WithDestination ¶
func WithDestination(dest net.Destination) Option
WithDestination sets the server name in TLS config. Due to the incorrect structure of GetTLSConfig(), the config.ServerName will always be empty. So the real logic for SNI is: set it to dest -> overwrite it with servername(if it's len>0).
func WithNextProto ¶
WithNextProto sets the ALPN values in TLS config.