diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 7dc314b..3856b59 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,4 +1,4 @@ -name: 'Close stale issues and PRs' +name: 'Close stale issues' on: schedule: - cron: '30 1 * * *' @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v3 + - uses: actions/stale@v4 with: stale-issue-message: 'This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.' days-before-stale: 90 diff --git a/README.md b/README.md index 3ebaa0f..062450d 100644 --- a/README.md +++ b/README.md @@ -215,7 +215,7 @@ VLESS scheme: vless://uuid@host:port[?fallback=127.0.0.1:80] Trojan client scheme: - trojan://pass@host:port[?serverName=SERVERNAME][&skipVerify=true] + trojan://pass@host:port[?serverName=SERVERNAME][&skipVerify=true][&cert=PATH] trojanc://pass@host:port (cleartext, without TLS) Trojan server scheme: @@ -226,7 +226,7 @@ Available securities for vmess: none, aes-128-gcm, chacha20-poly1305 TLS client scheme: - tls://host:port[?serverName=SERVERNAME][&skipVerify=true][&alpn=proto1][&alpn=proto2] + tls://host:port[?serverName=SERVERNAME][&skipVerify=true][&cert=PATH][&alpn=proto1][&alpn=proto2] Proxy over tls client: tls://host:port[?skipVerify=true][&serverName=SERVERNAME],scheme:// @@ -245,7 +245,7 @@ Proxy over tls server: Websocket client scheme: ws://host:port[/path][?host=HOST][&origin=ORIGIN] - wss://host:port[/path][?serverName=SERVERNAME][&skipVerify=true][&host=HOST][&origin=ORIGIN] + wss://host:port[/path][?serverName=SERVERNAME][&skipVerify=true][&cert=PATH][&host=HOST][&origin=ORIGIN] Websocket server scheme: ws://:port[/path][?host=HOST] diff --git a/config.go b/config.go index 041a11a..9491035 100644 --- a/config.go +++ b/config.go @@ -190,7 +190,7 @@ func usage() { fmt.Fprintf(w, "\n") fmt.Fprintf(w, "Trojan client scheme:\n") - fmt.Fprintf(w, " trojan://pass@host:port[?serverName=SERVERNAME][&skipVerify=true]\n") + fmt.Fprintf(w, " trojan://pass@host:port[?serverName=SERVERNAME][&skipVerify=true][&cert=PATH]\n") fmt.Fprintf(w, " trojanc://pass@host:port (cleartext, without TLS)\n") fmt.Fprintf(w, "\n") @@ -204,7 +204,7 @@ func usage() { fmt.Fprintf(w, "\n") fmt.Fprintf(w, "TLS client scheme:\n") - fmt.Fprintf(w, " tls://host:port[?serverName=SERVERNAME][&skipVerify=true][&alpn=proto1][&alpn=proto2]\n") + fmt.Fprintf(w, " tls://host:port[?serverName=SERVERNAME][&skipVerify=true][&cert=PATH][&alpn=proto1][&alpn=proto2]\n") fmt.Fprintf(w, "\n") fmt.Fprintf(w, "Proxy over tls client:\n") @@ -227,7 +227,7 @@ func usage() { fmt.Fprintf(w, "Websocket client scheme:\n") fmt.Fprintf(w, " ws://host:port[/path][?host=HOST][&origin=ORIGIN]\n") - fmt.Fprintf(w, " wss://host:port[/path][?serverName=SERVERNAME][&skipVerify=true][&host=HOST][&origin=ORIGIN]\n") + fmt.Fprintf(w, " wss://host:port[/path][?serverName=SERVERNAME][&skipVerify=true][&cert=PATH][&host=HOST][&origin=ORIGIN]\n") fmt.Fprintf(w, "\n") fmt.Fprintf(w, "Websocket server scheme:\n") diff --git a/go.mod b/go.mod index 40ca0c4..f4fd258 100644 --- a/go.mod +++ b/go.mod @@ -7,12 +7,12 @@ require ( github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d github.com/dgryski/go-idea v0.0.0-20170306091226-d2fb45a411fb github.com/dgryski/go-rc2 v0.0.0-20150621095337-8a9021637152 - github.com/insomniacslk/dhcp v0.0.0-20210813103503-c143d771146e + github.com/insomniacslk/dhcp v0.0.0-20210817203519-d82598001386 github.com/nadoo/conflag v0.2.3 github.com/nadoo/ipset v0.3.0 github.com/xtaci/kcp-go/v5 v5.6.1 - golang.org/x/crypto v0.0.0-20210813211128-0a44fdfbc16e - golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912 + golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 + golang.org/x/sys v0.0.0-20210818153620-00dd8d7831e7 ) require ( diff --git a/go.sum b/go.sum index 75f43af..82d1fb0 100644 --- a/go.sum +++ b/go.sum @@ -39,8 +39,8 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8= github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis= -github.com/insomniacslk/dhcp v0.0.0-20210813103503-c143d771146e h1:ttrVy1tKtnMySMy7pbVtMQSweHyLLQuLCcRj4lbGCBQ= -github.com/insomniacslk/dhcp v0.0.0-20210813103503-c143d771146e/go.mod h1:h+MxyHxRg9NH3terB1nfRIUaQEcI0XOVkdR9LNBlp8E= +github.com/insomniacslk/dhcp v0.0.0-20210817203519-d82598001386 h1:tVT6eeQjYk8cStFUlU7vfFpwUrzRHhC48VUhb2gbF9M= +github.com/insomniacslk/dhcp v0.0.0-20210817203519-d82598001386/go.mod h1:h+MxyHxRg9NH3terB1nfRIUaQEcI0XOVkdR9LNBlp8E= github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw= github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ= github.com/jsimonetti/rtnetlink v0.0.0-20201009170750-9c6f07d100c1/go.mod h1:hqoO/u39cqLeBLebZ8fWdE96O7FxrAsRYhnVOdgHxok= @@ -104,8 +104,8 @@ golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210813211128-0a44fdfbc16e h1:VvfwVmMH40bpMeizC9/K7ipM5Qjucuu16RWfneFPyhQ= -golang.org/x/crypto v0.0.0-20210813211128-0a44fdfbc16e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ= +golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -156,8 +156,8 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912 h1:uCLL3g5wH2xjxVREVuAbP9JM5PPKjRbXKRa6IBjkzmU= -golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210818153620-00dd8d7831e7 h1:/bmDWM82ZX7TawqxuI8kVjKI0TXHdSY6pHJArewwHtU= +golang.org/x/sys v0.0.0-20210818153620-00dd8d7831e7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go index 9d87b3d..a9fbfc7 100644 --- a/proxy/tls/tls.go +++ b/proxy/tls/tls.go @@ -2,9 +2,12 @@ package tls import ( stdtls "crypto/tls" + "crypto/x509" "errors" + "fmt" "net" "net/url" + "os" "strings" "github.com/nadoo/glider/log" @@ -80,6 +83,19 @@ func NewTLSDialer(s string, d proxy.Dialer) (proxy.Dialer, error) { MinVersion: stdtls.VersionTLS12, } + if t.certFile != "" { + certData, err := os.ReadFile(t.certFile) + if err != nil { + return nil, fmt.Errorf("[tls] read cert file error: %s", err) + } + + certPool := x509.NewCertPool() + if !certPool.AppendCertsFromPEM(certData) { + return nil, fmt.Errorf("[tls] can not append cert file: %s", t.certFile) + } + t.config.RootCAs = certPool + } + return t, err } diff --git a/proxy/trojan/client.go b/proxy/trojan/client.go index 28c6183..49bc8c5 100644 --- a/proxy/trojan/client.go +++ b/proxy/trojan/client.go @@ -2,8 +2,10 @@ package trojan import ( "crypto/tls" + "crypto/x509" "fmt" "net" + "os" "github.com/nadoo/glider/log" "github.com/nadoo/glider/pool" @@ -34,6 +36,19 @@ func NewTrojanDialer(s string, d proxy.Dialer) (proxy.Dialer, error) { MinVersion: tls.VersionTLS12, } + if t.certFile != "" { + certData, err := os.ReadFile(t.certFile) + if err != nil { + return nil, fmt.Errorf("[trojan] read cert file error: %s", err) + } + + certPool := x509.NewCertPool() + if !certPool.AppendCertsFromPEM(certData) { + return nil, fmt.Errorf("[trojan] can not append cert file: %s", t.certFile) + } + t.tlsConfig.RootCAs = certPool + } + return t, err } diff --git a/proxy/vmess/user.go b/proxy/vmess/user.go index 29bc424..441f4e9 100644 --- a/proxy/vmess/user.go +++ b/proxy/vmess/user.go @@ -73,7 +73,6 @@ func StrToUUID(s string) (uuid [16]byte, err error) { return } - // GetKey returns the key of AES-128-CFB encrypter. // Key:MD5(UUID + []byte('c48619fe-8f02-49e0-b9e9-edf763e17e21')) func GetKey(uuid [16]byte) []byte { diff --git a/proxy/ws/client.go b/proxy/ws/client.go index 9fed0d9..5c7c10b 100644 --- a/proxy/ws/client.go +++ b/proxy/ws/client.go @@ -2,11 +2,13 @@ package ws import ( "crypto/tls" + "crypto/x509" "errors" "fmt" "io" "net" "net/textproto" + "os" "github.com/nadoo/glider/pool" "github.com/nadoo/glider/proxy" @@ -34,6 +36,19 @@ func NewWSSDialer(s string, d proxy.Dialer) (proxy.Dialer, error) { MinVersion: tls.VersionTLS12, } + if w.certFile != "" { + certData, err := os.ReadFile(w.certFile) + if err != nil { + return nil, fmt.Errorf("[wss] read cert file error: %s", err) + } + + certPool := x509.NewCertPool() + if !certPool.AppendCertsFromPEM(certData) { + return nil, fmt.Errorf("[wss] can not append cert file: %s", w.certFile) + } + w.tlsConfig.RootCAs = certPool + } + return w, err }