From e8a8465220e06c99a7b098a449cc9204283debf6 Mon Sep 17 00:00:00 2001
From: hmol233 <82594500+hmol233@users.noreply.github.com>
Date: Mon, 10 May 2021 00:28:40 +0800
Subject: [PATCH] Fix reject unknown sni with single cert

---
 transport/internet/tls/config.go  | 4 ++--
 transport/internet/xtls/config.go | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/transport/internet/tls/config.go b/transport/internet/tls/config.go
index daca8f16..71bd52ce 100644
--- a/transport/internet/tls/config.go
+++ b/transport/internet/tls/config.go
@@ -214,10 +214,10 @@ func getGetCertificateFunc(c *tls.Config, ca []*Certificate) func(hello *tls.Cli
 func getNewGetCertificateFunc(certs []*tls.Certificate, rejectUnknownSNI bool) func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 	return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		if len(certs) == 0 {
-			return nil, newError("empty certs")
+			return nil, errNoCertificates
 		}
 		sni := strings.ToLower(hello.ServerName)
-		if len(certs) == 1 || sni == "" {
+		if !rejectUnknownSNI && (len(certs) == 1 || sni == "") {
 			return certs[0], nil
 		}
 		gsni := "*"
diff --git a/transport/internet/xtls/config.go b/transport/internet/xtls/config.go
index b74976cb..071bcc8f 100644
--- a/transport/internet/xtls/config.go
+++ b/transport/internet/xtls/config.go
@@ -215,10 +215,10 @@ func getGetCertificateFunc(c *xtls.Config, ca []*Certificate) func(hello *xtls.C
 func getNewGetCertificateFunc(certs []*xtls.Certificate, rejectUnknownSNI bool) func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
 	return func(hello *xtls.ClientHelloInfo) (*xtls.Certificate, error) {
 		if len(certs) == 0 {
-			return nil, newError("empty certs")
+			return nil, errNoCertificates
 		}
 		sni := strings.ToLower(hello.ServerName)
-		if len(certs) == 1 || sni == "" {
+		if !rejectUnknownSNI && (len(certs) == 1 || sni == "") {
 			return certs[0], nil
 		}
 		gsni := "*"