connCtx.tlsHandshake

addon-dailer
lqqyt2423 3 years ago
parent 896ea2997f
commit fade639367

@ -160,7 +160,7 @@ func (connCtx *ConnContext) initHttpsServerConn() {
}
}
func (connCtx *ConnContext) getCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
func (connCtx *ConnContext) tlsHandshake(clientHello *tls.ClientHelloInfo) error {
cfg := &tls.Config{
InsecureSkipVerify: connCtx.proxy.Opts.SslInsecure,
KeyLogWriter: getTlsKeyLogWriter(),
@ -189,7 +189,7 @@ func (connCtx *ConnContext) getCertificate(clientHello *tls.ClientHelloInfo) (*t
if err != nil {
connCtx.ServerConn.tlsHandshakeErr = err
close(connCtx.ServerConn.tlsHandshaked)
return nil, err
return err
}
connCtx.ServerConn.tlsConn = tlsConn
@ -197,8 +197,7 @@ func (connCtx *ConnContext) getCertificate(clientHello *tls.ClientHelloInfo) (*t
connCtx.ServerConn.tlsState = &tlsState
close(connCtx.ServerConn.tlsHandshaked)
// todo: change here
return connCtx.proxy.interceptor.(*middle).ca.GetCert(clientHello.ServerName)
return nil
}
// wrap tcpConn for remote client

@ -122,7 +122,10 @@ func newMiddle(proxy *Proxy) (interceptor, error) {
SessionTicketsDisabled: true, // 设置此值为 true ,确保每次都会调用下面的 GetCertificate 方法
GetCertificate: func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
connCtx := clientHello.Context().Value(connContextKey).(*ConnContext)
return connCtx.getCertificate(clientHello)
if err := connCtx.tlsHandshake(clientHello); err != nil {
return nil, err
}
return ca.GetCert(clientHello.ServerName)
},
},
}

Loading…
Cancel
Save