diff --git a/listener/anytls/server.go b/listener/anytls/server.go index aa8d946a..2293f7c9 100644 --- a/listener/anytls/server.go +++ b/listener/anytls/server.go @@ -86,6 +86,11 @@ func New(config LC.AnyTLSServer, tunnel C.Tunnel, additions ...inbound.Addition) if err != nil { return nil, err } + if len(tlsConfig.Certificates) > 0 { + l = tls.NewListener(l, tlsConfig) + } else { + return nil, errors.New("disallow using AnyTLS without certificates config") + } sl.listeners = append(sl.listeners, l) go func() { @@ -130,8 +135,6 @@ func (l *Listener) AddrList() (addrList []net.Addr) { func (l *Listener) HandleConn(conn net.Conn, h *sing.ListenerHandler) { ctx := context.TODO() - - conn = tls.Server(conn, l.tlsConfig) defer conn.Close() b := buf.NewPacket() diff --git a/listener/inbound/anytls_test.go b/listener/inbound/anytls_test.go new file mode 100644 index 00000000..3c4b8ba0 --- /dev/null +++ b/listener/inbound/anytls_test.go @@ -0,0 +1,54 @@ +package inbound_test + +import ( + "net/netip" + "testing" + + "github.com/metacubex/mihomo/adapter/outbound" + "github.com/metacubex/mihomo/listener/inbound" + + "github.com/stretchr/testify/assert" +) + +func testInboundAnyTLS(t *testing.T, inboundOptions inbound.AnyTLSOption, outboundOptions outbound.AnyTLSOption) { + inboundOptions.BaseOption = inbound.BaseOption{ + NameStr: "anytls_inbound", + Listen: "127.0.0.1", + Port: "0", + } + inboundOptions.Users = map[string]string{"test": userUUID} + in, err := inbound.NewAnyTLS(&inboundOptions) + assert.NoError(t, err) + + tunnel := NewHttpTestTunnel() + defer tunnel.Close() + + err = in.Listen(tunnel) + assert.NoError(t, err) + defer in.Close() + + addrPort, err := netip.ParseAddrPort(in.Address()) + assert.NoError(t, err) + + outboundOptions.Name = "anytls_outbound" + outboundOptions.Server = addrPort.Addr().String() + outboundOptions.Port = int(addrPort.Port()) + outboundOptions.Password = userUUID + + out, err := outbound.NewAnyTLS(outboundOptions) + assert.NoError(t, err) + defer out.Close() + + tunnel.DoTest(t, out) +} + +func TestInboundAnyTLS_TLS(t *testing.T) { + inboundOptions := inbound.AnyTLSOption{ + Certificate: tlsCertificate, + PrivateKey: tlsPrivateKey, + } + outboundOptions := outbound.AnyTLSOption{ + Fingerprint: tlsFingerprint, + } + testInboundAnyTLS(t, inboundOptions, outboundOptions) +} diff --git a/listener/inbound/common_test.go b/listener/inbound/common_test.go index 29d04566..3fabc1d1 100644 --- a/listener/inbound/common_test.go +++ b/listener/inbound/common_test.go @@ -15,6 +15,7 @@ import ( "time" N "github.com/metacubex/mihomo/common/net" + "github.com/metacubex/mihomo/common/utils" "github.com/metacubex/mihomo/component/ca" "github.com/metacubex/mihomo/component/generater" C "github.com/metacubex/mihomo/constant" @@ -27,6 +28,7 @@ import ( var httpPath = "/inbound_test" var httpData = make([]byte, 10240) var remoteAddr = netip.MustParseAddr("1.2.3.4") +var userUUID = utils.NewUUIDV4().String() var tlsCertificate, tlsPrivateKey, tlsFingerprint, _ = N.NewRandomTLSKeyPair() var tlsConfigCert, _ = tls.X509KeyPair([]byte(tlsCertificate), []byte(tlsPrivateKey)) var tlsConfig = &tls.Config{Certificates: []tls.Certificate{tlsConfigCert}, NextProtos: []string{"h2", "http/1.1"}} diff --git a/listener/inbound/trojan_test.go b/listener/inbound/trojan_test.go index ad35b881..971a25c7 100644 --- a/listener/inbound/trojan_test.go +++ b/listener/inbound/trojan_test.go @@ -6,13 +6,11 @@ import ( "testing" "github.com/metacubex/mihomo/adapter/outbound" - "github.com/metacubex/mihomo/common/utils" "github.com/metacubex/mihomo/listener/inbound" "github.com/stretchr/testify/assert" ) func testInboundTrojan(t *testing.T, inboundOptions inbound.TrojanOption, outboundOptions outbound.TrojanOption) { - userUUID := utils.NewUUIDV4().String() inboundOptions.BaseOption = inbound.BaseOption{ NameStr: "trojan_inbound", Listen: "127.0.0.1", @@ -46,7 +44,7 @@ func testInboundTrojan(t *testing.T, inboundOptions inbound.TrojanOption, outbou tunnel.DoTest(t, out) } -func TestInboundTrojan_Tls(t *testing.T) { +func TestInboundTrojan_TLS(t *testing.T) { inboundOptions := inbound.TrojanOption{ Certificate: tlsCertificate, PrivateKey: tlsPrivateKey, @@ -162,7 +160,7 @@ func TestInboundTrojan_Reality_Grpc(t *testing.T) { testInboundTrojan(t, inboundOptions, outboundOptions) } -func TestInboundTrojan_Tls_TrojanSS(t *testing.T) { +func TestInboundTrojan_TLS_TrojanSS(t *testing.T) { inboundOptions := inbound.TrojanOption{ Certificate: tlsCertificate, PrivateKey: tlsPrivateKey, diff --git a/listener/inbound/vless_test.go b/listener/inbound/vless_test.go index ed7a5073..f1e37ac5 100644 --- a/listener/inbound/vless_test.go +++ b/listener/inbound/vless_test.go @@ -6,13 +6,11 @@ import ( "testing" "github.com/metacubex/mihomo/adapter/outbound" - "github.com/metacubex/mihomo/common/utils" "github.com/metacubex/mihomo/listener/inbound" "github.com/stretchr/testify/assert" ) func testInboundVless(t *testing.T, inboundOptions inbound.VlessOption, outboundOptions outbound.VlessOption) { - userUUID := utils.NewUUIDV4().String() inboundOptions.BaseOption = inbound.BaseOption{ NameStr: "vless_inbound", Listen: "127.0.0.1", @@ -46,7 +44,7 @@ func testInboundVless(t *testing.T, inboundOptions inbound.VlessOption, outbound tunnel.DoTest(t, out) } -func TestInboundVless_Tls(t *testing.T) { +func TestInboundVless_TLS(t *testing.T) { inboundOptions := inbound.VlessOption{ Certificate: tlsCertificate, PrivateKey: tlsPrivateKey, diff --git a/listener/inbound/vmess_test.go b/listener/inbound/vmess_test.go index 4fd63c41..aa877861 100644 --- a/listener/inbound/vmess_test.go +++ b/listener/inbound/vmess_test.go @@ -6,13 +6,11 @@ import ( "testing" "github.com/metacubex/mihomo/adapter/outbound" - "github.com/metacubex/mihomo/common/utils" "github.com/metacubex/mihomo/listener/inbound" "github.com/stretchr/testify/assert" ) func testInboundVMess(t *testing.T, inboundOptions inbound.VmessOption, outboundOptions outbound.VmessOption) { - userUUID := utils.NewUUIDV4().String() inboundOptions.BaseOption = inbound.BaseOption{ NameStr: "vmess_inbound", Listen: "127.0.0.1", @@ -54,7 +52,7 @@ func TestInboundVMess_Basic(t *testing.T) { testInboundVMess(t, inboundOptions, outboundOptions) } -func TestInboundVMess_Tls(t *testing.T) { +func TestInboundVMess_TLS(t *testing.T) { inboundOptions := inbound.VmessOption{ Certificate: tlsCertificate, PrivateKey: tlsPrivateKey,