mirror of
https://github.com/MetaCubeX/Clash.Meta.git
synced 2025-04-18 08:20:53 +00:00
fixed: support to use custom tls cert to vmess wss
This commit is contained in:
achenging
parent
1c5f4a3ab1
commit
9d27bdc646
2 changed files with 36 additions and 1 deletions
|
|
@ -7,6 +7,7 @@ import (
|
|||
"crypto/x509"
|
||||
_ "embed"
|
||||
"encoding/hex"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
|
|
@ -14,6 +15,9 @@ import (
|
|||
"strings"
|
||||
"sync"
|
||||
|
||||
log "github.com/metacubex/mihomo/log"
|
||||
|
||||
CN "github.com/metacubex/mihomo/common/net"
|
||||
C "github.com/metacubex/mihomo/constant"
|
||||
)
|
||||
|
||||
|
|
@ -27,14 +31,38 @@ var _CaCertificates []byte
|
|||
var DisableEmbedCa, _ = strconv.ParseBool(os.Getenv("DISABLE_EMBED_CA"))
|
||||
var DisableSystemCa, _ = strconv.ParseBool(os.Getenv("DISABLE_SYSTEM_CA"))
|
||||
|
||||
func AddCertificateKeyPair(certificate string, privateKey string) {
|
||||
|
||||
certKeyPair, err := CN.ParseCert(certificate, privateKey, C.Path)
|
||||
if err != nil {
|
||||
log.Warnln("failed to parse certificate and privateKey: %v", err)
|
||||
}
|
||||
for _, certPEM := range certKeyPair.Certificate {
|
||||
// []byte to x509.Certificate
|
||||
customCertificate, err := x509.ParseCertificate(certPEM)
|
||||
if err != nil {
|
||||
log.Warnln("failed to parse x509 certificate: %v", err)
|
||||
}
|
||||
trustCerts = append(trustCerts, customCertificate)
|
||||
globalCertPool.AddCert(customCertificate)
|
||||
}
|
||||
}
|
||||
func AddCertificate(certificate string) error {
|
||||
mutex.Lock()
|
||||
defer mutex.Unlock()
|
||||
if certificate == "" {
|
||||
return fmt.Errorf("certificate is empty")
|
||||
}
|
||||
if cert, err := x509.ParseCertificate([]byte(certificate)); err == nil {
|
||||
|
||||
block, _ := pem.Decode([]byte(certificate))
|
||||
if block == nil {
|
||||
log.Fatalln("failed to parse PEM block containing the certificate")
|
||||
return fmt.Errorf("decode certificate failed")
|
||||
}
|
||||
|
||||
if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
|
||||
trustCerts = append(trustCerts, cert)
|
||||
globalCertPool.AddCert(cert)
|
||||
return nil
|
||||
} else {
|
||||
return fmt.Errorf("add certificate failed")
|
||||
|
|
|
|||
|
|
@ -89,7 +89,14 @@ func ApplyConfig(cfg *config.Config, force bool) {
|
|||
|
||||
tunnel.OnSuspend()
|
||||
|
||||
//This method is confusing, when ResetCertificate
|
||||
//it will clear the trusted certificates and call the initialize CertPool internally
|
||||
//it will not add any certificates to the global
|
||||
ca.ResetCertificate()
|
||||
//check the private key and certificate , add the global certs
|
||||
if cfg.TLS.PrivateKey != "" && cfg.TLS.Certificate != "" {
|
||||
ca.AddCertificateKeyPair(cfg.TLS.Certificate, cfg.TLS.PrivateKey)
|
||||
}
|
||||
for _, c := range cfg.TLS.CustomTrustCert {
|
||||
if err := ca.AddCertificate(c); err != nil {
|
||||
log.Warnln("%s\nadd error: %s", c, err.Error())
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue