diff --git a/cmd/sing-box/cmd_generate_tls.go b/cmd/sing-box/cmd_generate_tls.go index d871566f..4cd4060d 100644 --- a/cmd/sing-box/cmd_generate_tls.go +++ b/cmd/sing-box/cmd_generate_tls.go @@ -30,7 +30,7 @@ func init() { } func generateTLSKeyPair(serverName string) error { - privateKeyPem, publicKeyPem, err := tls.GenerateKeyPair(time.Now, serverName, time.Now().AddDate(0, flagGenerateTLSKeyPairMonths, 0)) + privateKeyPem, publicKeyPem, err := tls.GenerateCertificate(nil, nil, time.Now, serverName, time.Now().AddDate(0, flagGenerateTLSKeyPairMonths, 0)) if err != nil { return err } diff --git a/common/tls/mkcert.go b/common/tls/mkcert.go index 1e71a763..12680c48 100644 --- a/common/tls/mkcert.go +++ b/common/tls/mkcert.go @@ -11,8 +11,8 @@ import ( "time" ) -func GenerateCertificate(timeFunc func() time.Time, serverName string) (*tls.Certificate, error) { - privateKeyPem, publicKeyPem, err := GenerateKeyPair(timeFunc, serverName, timeFunc().Add(time.Hour)) +func GenerateKeyPair(parent *x509.Certificate, parentKey any, timeFunc func() time.Time, serverName string) (*tls.Certificate, error) { + privateKeyPem, publicKeyPem, err := GenerateCertificate(parent, parentKey, timeFunc, serverName, timeFunc().Add(time.Hour)) if err != nil { return nil, err } @@ -23,7 +23,7 @@ func GenerateCertificate(timeFunc func() time.Time, serverName string) (*tls.Cer return &certificate, err } -func GenerateKeyPair(timeFunc func() time.Time, serverName string, expire time.Time) (privateKeyPem []byte, publicKeyPem []byte, err error) { +func GenerateCertificate(parent *x509.Certificate, parentKey any, timeFunc func() time.Time, serverName string, expire time.Time) (privateKeyPem []byte, publicKeyPem []byte, err error) { if timeFunc == nil { timeFunc = time.Now } @@ -47,7 +47,11 @@ func GenerateKeyPair(timeFunc func() time.Time, serverName string, expire time.T }, DNSNames: []string{serverName}, } - publicDer, err := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key) + if parent == nil { + parent = template + parentKey = key + } + publicDer, err := x509.CreateCertificate(rand.Reader, template, parent, key.Public(), parentKey) if err != nil { return } diff --git a/common/tls/std_server.go b/common/tls/std_server.go index 8eab87da..1e01bc50 100644 --- a/common/tls/std_server.go +++ b/common/tls/std_server.go @@ -222,7 +222,7 @@ func NewSTDServer(ctx context.Context, logger log.Logger, options option.Inbound } if certificate == nil && key == nil && options.Insecure { tlsConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) { - return GenerateCertificate(ntp.TimeFuncFromContext(ctx), info.ServerName) + return GenerateKeyPair(nil, nil, ntp.TimeFuncFromContext(ctx), info.ServerName) } } else { if certificate == nil { diff --git a/experimental/locale/locale.go b/experimental/locale/locale.go index b1736780..e5575af4 100644 --- a/experimental/locale/locale.go +++ b/experimental/locale/locale.go @@ -7,11 +7,13 @@ var ( type Locale struct { // deprecated messages for graphical clients + Locale string DeprecatedMessage string DeprecatedMessageNoLink string } var defaultLocal = &Locale{ + Locale: "en_US", DeprecatedMessage: "%s is deprecated in sing-box %s and will be removed in sing-box %s please checkout documentation for migration.", DeprecatedMessageNoLink: "%s is deprecated in sing-box %s and will be removed in sing-box %s.", } diff --git a/experimental/locale/locale_zh_CN.go b/experimental/locale/locale_zh_CN.go index 5db2f274..f5605d9d 100644 --- a/experimental/locale/locale_zh_CN.go +++ b/experimental/locale/locale_zh_CN.go @@ -4,6 +4,7 @@ var warningMessageForEndUsers = "\n\n如果您不明白此消息意味着什么 func init() { localeRegistry["zh_CN"] = &Locale{ + Locale: "zh_CN", DeprecatedMessage: "%s 已在 sing-box %s 中被弃用,且将在 sing-box %s 中被移除,请参阅迁移指南。" + warningMessageForEndUsers, DeprecatedMessageNoLink: "%s 已在 sing-box %s 中被弃用,且将在 sing-box %s 中被移除。" + warningMessageForEndUsers, }