mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 20:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

Add InsecureSkipTimeVerify (#174)

Browse source 
* add `InsecureSkipTimeVerify`

* fix the cache verification when `InsecureServerNameToVerify` set

* better description of `InsecureSkipTimeVerify`

Co-authored-by: Gaukas Wang <i@gauk.as>

* minimize the change made + wrap the modified section

* fix: use tab replace space indentation

---------

Co-authored-by: Gaukas Wang <i@gauk.as>
This commit is contained in:
molon 2023-03-13 00:58:57 +08:00 committed by GitHub
parent dae72adb81
commit 17e2929ff7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

28
handshake_client.go
View file

@ -303,14 +303,26 @@ func (c *Conn) loadSession(hello *clientHelloMsg) (cacheKey string,
return cacheKey, nil, nil, nil, nil
}
serverCert := session.serverCertificates[0]
if c.config.time().After(serverCert.NotAfter) {
// Expired certificate, delete the entry.
c.config.ClientSessionCache.Put(cacheKey, nil)
return cacheKey, nil, nil, nil, nil
// [UTLS SECTION START]
if !c.config.InsecureSkipTimeVerify {
if c.config.time().After(serverCert.NotAfter) {
// Expired certificate, delete the entry.
c.config.ClientSessionCache.Put(cacheKey, nil)
return cacheKey, nil, nil, nil, nil
}
}
if err := serverCert.VerifyHostname(c.config.ServerName); err != nil {
return cacheKey, nil, nil, nil, nil
var dnsName string
if len(c.config.InsecureServerNameToVerify) == 0 {
dnsName = c.config.ServerName
} else if c.config.InsecureServerNameToVerify != "*" {
dnsName = c.config.InsecureServerNameToVerify
}
if len(dnsName) > 0 {
if err := serverCert.VerifyHostname(dnsName); err != nil {
return cacheKey, nil, nil, nil, nil
}
}
// [UTLS SECTION END]
}
if session.vers != VersionTLS13 {
@ -895,6 +907,10 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
Intermediates: x509.NewCertPool(),
}
if c.config.InsecureSkipTimeVerify {
opts.CurrentTime = certs[0].NotAfter
}
if len(c.config.InsecureServerNameToVerify) == 0 {
opts.DNSName = c.config.ServerName
} else if c.config.InsecureServerNameToVerify != "*" {