Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0dc5e30

Browse files
wwqgtxxwwqgtxx
committed
feat: add mTLS support for client & server
`certificate` and `private-key` for proxies `client-auth-type` and `client-auth-cert` for listeners
1 parent 40b2cde commit 0dc5e30

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

54 files changed

+761
-321
lines changed

adapter/outbound/anytls.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ type AnyTLSOption struct {
3636
ClientFingerprint string `proxy:"client-fingerprint,omitempty"`
3737
SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
3838
Fingerprint string `proxy:"fingerprint,omitempty"`
39+
Certificate string `proxy:"certificate,omitempty"`
40+
PrivateKey string `proxy:"private-key,omitempty"`
3941
UDP bool `proxy:"udp,omitempty"`
4042
IdleSessionCheckInterval int `proxy:"idle-session-check-interval,omitempty"`
4143
IdleSessionTimeout int `proxy:"idle-session-timeout,omitempty"`
@@ -120,6 +122,8 @@ func NewAnyTLS(option AnyTLSOption) (*AnyTLS, error) {
120122
SkipCertVerify: option.SkipCertVerify,
121123
NextProtos: option.ALPN,
122124
FingerPrint: option.Fingerprint,
125+
Certificate: option.Certificate,
126+
PrivateKey: option.PrivateKey,
123127
ClientFingerprint: option.ClientFingerprint,
124128
ECH: echConfig,
125129
}

adapter/outbound/http.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,8 @@ type HttpOption struct {
3737
SNI string `proxy:"sni,omitempty"`
3838
SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
3939
Fingerprint string `proxy:"fingerprint,omitempty"`
40+
Certificate string `proxy:"certificate,omitempty"`
41+
PrivateKey string `proxy:"private-key,omitempty"`
4042
Headers map[string]string `proxy:"headers,omitempty"`
4143
}
4244

@@ -173,6 +175,8 @@ func NewHttp(option HttpOption) (*Http, error) {
173175
ServerName: sni,
174176
},
175177
Fingerprint: option.Fingerprint,
178+
Certificate: option.Certificate,
179+
PrivateKey: option.PrivateKey,
176180
})
177181
if err != nil {
178182
return nil, err

adapter/outbound/hysteria.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,8 @@ type HysteriaOption struct {
125125
ECHOpts ECHOptions `proxy:"ech-opts,omitempty"`
126126
SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
127127
Fingerprint string `proxy:"fingerprint,omitempty"`
128+
Certificate string `proxy:"certificate,omitempty"`
129+
PrivateKey string `proxy:"private-key,omitempty"`
128130
ALPN []string `proxy:"alpn,omitempty"`
129131
ReceiveWindowConn int `proxy:"recv-window-conn,omitempty"`
130132
ReceiveWindow int `proxy:"recv-window,omitempty"`
@@ -165,6 +167,8 @@ func NewHysteria(option HysteriaOption) (*Hysteria, error) {
165167
MinVersion: tls.VersionTLS13,
166168
},
167169
Fingerprint: option.Fingerprint,
170+
Certificate: option.Certificate,
171+
PrivateKey: option.PrivateKey,
168172
})
169173
if err != nil {
170174
return nil, err

adapter/outbound/hysteria2.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,8 @@ type Hysteria2Option struct {
5555
ECHOpts ECHOptions `proxy:"ech-opts,omitempty"`
5656
SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
5757
Fingerprint string `proxy:"fingerprint,omitempty"`
58+
Certificate string `proxy:"certificate,omitempty"`
59+
PrivateKey string `proxy:"private-key,omitempty"`
5860
ALPN []string `proxy:"alpn,omitempty"`
5961
CWND int `proxy:"cwnd,omitempty"`
6062
UdpMTU int `proxy:"udp-mtu,omitempty"`
@@ -146,6 +148,8 @@ func NewHysteria2(option Hysteria2Option) (*Hysteria2, error) {
146148
MinVersion: tls.VersionTLS13,
147149
},
148150
Fingerprint: option.Fingerprint,
151+
Certificate: option.Certificate,
152+
PrivateKey: option.PrivateKey,
149153
})
150154
if err != nil {
151155
return nil, err

adapter/outbound/shadowsocks.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,8 @@ type v2rayObfsOption struct {
6565
TLS bool `obfs:"tls,omitempty"`
6666
ECHOpts ECHOptions `obfs:"ech-opts,omitempty"`
6767
Fingerprint string `obfs:"fingerprint,omitempty"`
68+
Certificate string `obfs:"certificate,omitempty"`
69+
PrivateKey string `obfs:"private-key,omitempty"`
6870
Headers map[string]string `obfs:"headers,omitempty"`
6971
SkipCertVerify bool `obfs:"skip-cert-verify,omitempty"`
7072
Mux bool `obfs:"mux,omitempty"`
@@ -79,6 +81,8 @@ type gostObfsOption struct {
7981
TLS bool `obfs:"tls,omitempty"`
8082
ECHOpts ECHOptions `obfs:"ech-opts,omitempty"`
8183
Fingerprint string `obfs:"fingerprint,omitempty"`
84+
Certificate string `obfs:"certificate,omitempty"`
85+
PrivateKey string `obfs:"private-key,omitempty"`
8286
Headers map[string]string `obfs:"headers,omitempty"`
8387
SkipCertVerify bool `obfs:"skip-cert-verify,omitempty"`
8488
Mux bool `obfs:"mux,omitempty"`
@@ -88,6 +92,8 @@ type shadowTLSOption struct {
8892
Password string `obfs:"password,omitempty"`
8993
Host string `obfs:"host"`
9094
Fingerprint string `obfs:"fingerprint,omitempty"`
95+
Certificate string `obfs:"certificate,omitempty"`
96+
PrivateKey string `obfs:"private-key,omitempty"`
9197
SkipCertVerify bool `obfs:"skip-cert-verify,omitempty"`
9298
Version int `obfs:"version,omitempty"`
9399
ALPN []string `obfs:"alpn,omitempty"`
@@ -302,6 +308,8 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
302308
v2rayOption.TLS = true
303309
v2rayOption.SkipCertVerify = opts.SkipCertVerify
304310
v2rayOption.Fingerprint = opts.Fingerprint
311+
v2rayOption.Certificate = opts.Certificate
312+
v2rayOption.PrivateKey = opts.PrivateKey
305313

306314
echConfig, err := opts.ECHOpts.Parse()
307315
if err != nil {
@@ -330,6 +338,8 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
330338
gostOption.TLS = true
331339
gostOption.SkipCertVerify = opts.SkipCertVerify
332340
gostOption.Fingerprint = opts.Fingerprint
341+
gostOption.Certificate = opts.Certificate
342+
gostOption.PrivateKey = opts.PrivateKey
333343

334344
echConfig, err := opts.ECHOpts.Parse()
335345
if err != nil {
@@ -350,6 +360,8 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
350360
Password: opt.Password,
351361
Host: opt.Host,
352362
Fingerprint: opt.Fingerprint,
363+
Certificate: opt.Certificate,
364+
PrivateKey: opt.PrivateKey,
353365
ClientFingerprint: option.ClientFingerprint,
354366
SkipCertVerify: opt.SkipCertVerify,
355367
Version: opt.Version,

adapter/outbound/socks5.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@ type Socks5Option struct {
3939
UDP bool `proxy:"udp,omitempty"`
4040
SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
4141
Fingerprint string `proxy:"fingerprint,omitempty"`
42+
Certificate string `proxy:"certificate,omitempty"`
43+
PrivateKey string `proxy:"private-key,omitempty"`
4244
}
4345

4446
// StreamConnContext implements C.ProxyAdapter
@@ -200,6 +202,8 @@ func NewSocks5(option Socks5Option) (*Socks5, error) {
200202
ServerName: option.Server,
201203
},
202204
Fingerprint: option.Fingerprint,
205+
Certificate: option.Certificate,
206+
PrivateKey: option.PrivateKey,
203207
})
204208
if err != nil {
205209
return nil, err

adapter/outbound/trojan.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,8 @@ type TrojanOption struct {
4848
SNI string `proxy:"sni,omitempty"`
4949
SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
5050
Fingerprint string `proxy:"fingerprint,omitempty"`
51+
Certificate string `proxy:"certificate,omitempty"`
52+
PrivateKey string `proxy:"private-key,omitempty"`
5153
UDP bool `proxy:"udp,omitempty"`
5254
Network string `proxy:"network,omitempty"`
5355
ECHOpts ECHOptions `proxy:"ech-opts,omitempty"`
@@ -108,6 +110,8 @@ func (t *Trojan) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.
108110
ServerName: t.option.SNI,
109111
},
110112
Fingerprint: t.option.Fingerprint,
113+
Certificate: t.option.Certificate,
114+
PrivateKey: t.option.PrivateKey,
111115
})
112116
if err != nil {
113117
return nil, err
@@ -127,6 +131,8 @@ func (t *Trojan) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.
127131
Host: t.option.SNI,
128132
SkipCertVerify: t.option.SkipCertVerify,
129133
FingerPrint: t.option.Fingerprint,
134+
Certificate: t.option.Certificate,
135+
PrivateKey: t.option.PrivateKey,
130136
ClientFingerprint: t.option.ClientFingerprint,
131137
NextProtos: alpn,
132138
ECH: t.echConfig,
@@ -372,6 +378,8 @@ func NewTrojan(option TrojanOption) (*Trojan, error) {
372378
ServerName: option.SNI,
373379
},
374380
Fingerprint: option.Fingerprint,
381+
Certificate: option.Certificate,
382+
PrivateKey: option.PrivateKey,
375383
})
376384
if err != nil {
377385
return nil, err

adapter/outbound/tuic.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,8 @@ type TuicOption struct {
5555
CWND int `proxy:"cwnd,omitempty"`
5656
SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
5757
Fingerprint string `proxy:"fingerprint,omitempty"`
58+
Certificate string `proxy:"certificate,omitempty"`
59+
PrivateKey string `proxy:"private-key,omitempty"`
5860
ReceiveWindowConn int `proxy:"recv-window-conn,omitempty"`
5961
ReceiveWindow int `proxy:"recv-window,omitempty"`
6062
DisableMTUDiscovery bool `proxy:"disable-mtu-discovery,omitempty"`
@@ -170,6 +172,8 @@ func NewTuic(option TuicOption) (*Tuic, error) {
170172
MinVersion: tls.VersionTLS13,
171173
},
172174
Fingerprint: option.Fingerprint,
175+
Certificate: option.Certificate,
176+
PrivateKey: option.PrivateKey,
173177
})
174178
if err != nil {
175179
return nil, err

adapter/outbound/vless.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,8 @@ type VlessOption struct {
6767
WSHeaders map[string]string `proxy:"ws-headers,omitempty"`
6868
SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
6969
Fingerprint string `proxy:"fingerprint,omitempty"`
70+
Certificate string `proxy:"certificate,omitempty"`
71+
PrivateKey string `proxy:"private-key,omitempty"`
7072
ServerName string `proxy:"servername,omitempty"`
7173
ClientFingerprint string `proxy:"client-fingerprint,omitempty"`
7274
}
@@ -103,6 +105,8 @@ func (v *Vless) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.M
103105
NextProtos: []string{"http/1.1"},
104106
},
105107
Fingerprint: v.option.Fingerprint,
108+
Certificate: v.option.Certificate,
109+
PrivateKey: v.option.PrivateKey,
106110
})
107111
if err != nil {
108112
return nil, err
@@ -206,6 +210,8 @@ func (v *Vless) streamTLSConn(ctx context.Context, conn net.Conn, isH2 bool) (ne
206210
Host: host,
207211
SkipCertVerify: v.option.SkipCertVerify,
208212
FingerPrint: v.option.Fingerprint,
213+
Certificate: v.option.Certificate,
214+
PrivateKey: v.option.PrivateKey,
209215
ClientFingerprint: v.option.ClientFingerprint,
210216
ECH: v.echConfig,
211217
Reality: v.realityConfig,
@@ -505,6 +511,8 @@ func NewVless(option VlessOption) (*Vless, error) {
505511
ServerName: v.option.ServerName,
506512
},
507513
Fingerprint: v.option.Fingerprint,
514+
Certificate: v.option.Certificate,
515+
PrivateKey: v.option.PrivateKey,
508516
})
509517
if err != nil {
510518
return nil, err

adapter/outbound/vmess.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,8 @@ type VmessOption struct {
5858
ALPN []string `proxy:"alpn,omitempty"`
5959
SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
6060
Fingerprint string `proxy:"fingerprint,omitempty"`
61+
Certificate string `proxy:"certificate,omitempty"`
62+
PrivateKey string `proxy:"private-key,omitempty"`
6163
ServerName string `proxy:"servername,omitempty"`
6264
ECHOpts ECHOptions `proxy:"ech-opts,omitempty"`
6365
RealityOpts RealityOptions `proxy:"reality-opts,omitempty"`
@@ -130,6 +132,8 @@ func (v *Vmess) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.M
130132
NextProtos: []string{"http/1.1"},
131133
},
132134
Fingerprint: v.option.Fingerprint,
135+
Certificate: v.option.Certificate,
136+
PrivateKey: v.option.PrivateKey,
133137
})
134138
if err != nil {
135139
return nil, err
@@ -179,6 +183,8 @@ func (v *Vmess) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.M
179183
Host: host,
180184
SkipCertVerify: v.option.SkipCertVerify,
181185
FingerPrint: v.option.Fingerprint,
186+
Certificate: v.option.Certificate,
187+
PrivateKey: v.option.PrivateKey,
182188
NextProtos: []string{"h2"},
183189
ClientFingerprint: v.option.ClientFingerprint,
184190
Reality: v.realityConfig,
@@ -209,6 +215,8 @@ func (v *Vmess) StreamConnContext(ctx context.Context, c net.Conn, metadata *C.M
209215
Host: host,
210216
SkipCertVerify: v.option.SkipCertVerify,
211217
FingerPrint: v.option.Fingerprint,
218+
Certificate: v.option.Certificate,
219+
PrivateKey: v.option.PrivateKey,
212220
ClientFingerprint: v.option.ClientFingerprint,
213221
ECH: v.echConfig,
214222
Reality: v.realityConfig,
@@ -508,6 +516,8 @@ func NewVmess(option VmessOption) (*Vmess, error) {
508516
ServerName: v.option.ServerName,
509517
},
510518
Fingerprint: v.option.Fingerprint,
519+
Certificate: v.option.Certificate,
520+
PrivateKey: v.option.PrivateKey,
511521
})
512522
if err != nil {
513523
return nil, err

0 commit comments

Comments
 (0)