Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix tls.WithDestination ignoring IP address #3177

Merged
merged 1 commit into from
Oct 12, 2024

Conversation

dyhkwong
Copy link
Contributor

@dyhkwong dyhkwong commented Oct 2, 2024

ServerName should be filled with server address if tlsSettings.serverName is not specified.

ServerName is used to verify the hostname on the returned certificates unless InsecureSkipVerify is given. It is also included in the client's handshake to support virtual hosting unless it is an IP address.

It is rare to have a certificate with IP addresses as Subject Alternate Name. However, this is indeed a bug, and this can be tested with self-signed certificates. Maybe the original author confused ServerName with SNI.

@codecov-commenter
Copy link

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 38.71%. Comparing base (5ca0f36) to head (b16e7f0).
Report is 2 commits behind head on master.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #3177      +/-   ##
==========================================
+ Coverage   38.68%   38.71%   +0.03%     
==========================================
  Files         760      760              
  Lines       43598    43605       +7     
==========================================
+ Hits        16867    16883      +16     
+ Misses      24878    24872       -6     
+ Partials     1853     1850       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Contributor

@xiaokangwang xiaokangwang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution! I think this pull request is ready to be merged in the next release.

@xiaokangwang xiaokangwang merged commit 5ffbc02 into v2fly:master Oct 12, 2024
38 of 39 checks passed
@dyhkwong dyhkwong deleted the fix-sni-ip branch October 19, 2024 06:22
nervmor added a commit to nervmor/v2ray-core that referenced this pull request Nov 11, 2024
* Always use a DNS Message ID of 0 for DoH and DoQ

* Fix DNS servers with same tag wrongly merged

* Do not include index in when adding slice to tree path

* Support "services" root config in cfgv4

* feat: packet_encoding for v4 config

* Fix HTTP2 proxy client with uTLS

* fix fallbackTag missing on leastping balancer

This fix fallbackTag not working when balancer type is set to "leastping"

* Fix `transportcommon.ListenWithSecuritySettings`

* feat: add MPTCP support

* feat: check the network is TCP before set MPTCP

This actually won't have any impact

* style: remove random trailing spaces

更改配置文件时在 config.json 发现一个,顺便看到 debina 更改日志里也有一个。

* Add (Experimental) Meyka Building Blocks to request Transport (v2fly#3120)

* add packetconn assembler

* let kcp use environment dependency injection

* Add destination override to simplified setting

* add dtls dialer

* add dtls listener

* add dtls to default

* fix bugs

* add debug options to freedom outbound

* fix kcp test failure for transport environment

* Chore: bump github.com/miekg/dns from 1.1.59 to 1.1.62

Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.59 to 1.1.62.
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](miekg/dns@v1.1.59...v1.1.62)

---
updated-dependencies:
- dependency-name: github.com/miekg/dns
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump github.com/quic-go/quic-go from 0.43.0 to 0.46.0

Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.43.0 to 0.46.0.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](quic-go/quic-go@v0.43.0...v0.46.0)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump github.com/refraction-networking/utls from 1.6.5 to 1.6.7

Bumps [github.com/refraction-networking/utls](https://github.com/refraction-networking/utls) from 1.6.5 to 1.6.7.
- [Release notes](https://github.com/refraction-networking/utls/releases)
- [Commits](refraction-networking/utls@v1.6.5...v1.6.7)

---
updated-dependencies:
- dependency-name: github.com/refraction-networking/utls
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* fix packetconn assembler does not close incoming packet processor

* Chore: bump golang.org/x/sys from 0.19.0 to 0.24.0

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.19.0 to 0.24.0.
- [Commits](golang/sys@v0.19.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump golang.org/x/net from 0.24.0 to 0.28.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.24.0 to 0.28.0.
- [Commits](golang/net@v0.24.0...v0.28.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump google.golang.org/grpc from 1.63.2 to 1.65.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.63.2 to 1.65.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.63.2...v1.65.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump google.golang.org/protobuf from 1.34.0 to 1.34.2

Bumps google.golang.org/protobuf from 1.34.0 to 1.34.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump github.com/gorilla/websocket from 1.5.1 to 1.5.3

Bumps [github.com/gorilla/websocket](https://github.com/gorilla/websocket) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/gorilla/websocket/releases)
- [Commits](gorilla/websocket@v1.5.1...v1.5.3)

---
updated-dependencies:
- dependency-name: github.com/gorilla/websocket
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump github.com/go-playground/validator/v10

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.20.0 to 10.22.0.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](go-playground/validator@v10.20.0...v10.22.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump github.com/pion/dtls/v2 from 2.2.7 to 2.2.12

Bumps [github.com/pion/dtls/v2](https://github.com/pion/dtls) from 2.2.7 to 2.2.12.
- [Release notes](https://github.com/pion/dtls/releases)
- [Changelog](https://github.com/pion/dtls/blob/master/.goreleaser.yml)
- [Commits](pion/dtls@v2.2.7...v2.2.12)

---
updated-dependencies:
- dependency-name: github.com/pion/dtls/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump github.com/pion/transport/v2 from 2.2.5 to 2.2.10

Bumps [github.com/pion/transport/v2](https://github.com/pion/transport) from 2.2.5 to 2.2.10.
- [Release notes](https://github.com/pion/transport/releases)
- [Changelog](https://github.com/pion/transport/blob/master/.goreleaser.yml)
- [Commits](pion/transport@v2.2.5...v2.2.10)

---
updated-dependencies:
- dependency-name: github.com/pion/transport/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump github.com/adrg/xdg from 0.4.0 to 0.5.0

Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/adrg/xdg/releases)
- [Commits](adrg/xdg@v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump github.com/go-chi/chi/v5 from 5.0.12 to 5.1.0

Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.0.12 to 5.1.0.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](go-chi/chi@v5.0.12...v5.1.0)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* update to v5.17.0

* fix: use sync.Map in request to packet conn server

* update to v5.17.1

* Feat: add special handling for /dev/fd address

to support socket activation

* fix windows build

* add more checks

* apply control func to activated sockets

* Add AllowInsecureIfPinnedPeerCertificate option to tls security

* Add pprof flag for debugging

* Use pprof build tag for pprof debugging

* Register pprof as a plugin

* Adjust default build set to remove pprof from default distribution

* Chore: bump golang.org/x/crypto from 0.26.0 to 0.27.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.26.0 to 0.27.0.
- [Commits](golang/crypto@v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump github.com/jhump/protoreflect from 1.16.0 to 1.17.0

Bumps [github.com/jhump/protoreflect](https://github.com/jhump/protoreflect) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/jhump/protoreflect/releases)
- [Commits](jhump/protoreflect@v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/jhump/protoreflect
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump golang.org/x/net from 0.28.0 to 0.29.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.28.0 to 0.29.0.
- [Commits](golang/net@v0.28.0...v0.29.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Chore: bump google.golang.org/grpc from 1.65.0 to 1.66.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.65.0 to 1.66.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.65.0...v1.66.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Add Add Hysteria2 Protocol

* update generated protocol for grpc transport

* removed unused hy2 config

* Add back tls certChainHash command

* Some fixes about Hysteria 2 (v2fly#3147)

* hysteria2: remove unused code

* hysteria2: don't ignore some errors

* hysteria2: properly implement TCP request padding

* hysteria2: fix dialer reuse

* update version to v5.18.0

* Add packetEncoding for Hysteria 2

* Chore: bump google.golang.org/grpc from 1.66.0 to 1.66.2

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.66.0 to 1.66.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.66.0...v1.66.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Update Go version to v1.23

* Update Go mod toolchain to v1.22

* Chore: bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0

Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.46.0 to 0.47.0.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](quic-go/quic-go@v0.46.0...v0.47.0)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* update version to v5.19.0

* Add Testing for meek, grpc, httpUpgrade Transport (v2fly#3160)

* Add instance management based testing

* Add testing for meek transport

* Add testing for grpc, httpupgrade transport

* 新增ECH客户端支持 (v2fly#3162)

* Add ECH support

* Use internet.DialSystem()
Why not

* Many fixes

* add support for parsing some shadowsocks links (v2fly#3169)

* generate alert instead of panic when encountering incorrect listen on port 0 on IPv4 or v6 address (v2fly#3172)

* Chore: bump google.golang.org/grpc from 1.66.2 to 1.67.1 (v2fly#3175)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.66.2 to 1.67.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.66.2...v1.67.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update version to v5.20.0

* hysteria2, grpc: fix the use of GetTLSConfig (v2fly#3176)

* Fix tls.WithDestination ignoring IP address (v2fly#3177)

* Add Mekya Stereotype (v2fly#3185)

* Add mekya stereotype config

* Add mekya stereotype config: autogenerated

* add autogenerated files

* add mekya stereotype

* add mekya stereotype: fixup

* add mekya stereotype to default distro

* add mekya testing

* drop unsupported domain address type in packet addr (v2fly#3186)

* feat: add jsonpb marshallers (v2fly#3165)

* Chore: bump golang.org/x/net from 0.29.0 to 0.30.0 (v2fly#3178)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.29.0 to 0.30.0.
- [Commits](golang/net@v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Chore: bump github.com/pires/go-proxyproto from 0.7.0 to 0.8.0 (v2fly#3183)

Bumps [github.com/pires/go-proxyproto](https://github.com/pires/go-proxyproto) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/pires/go-proxyproto/releases)
- [Commits](pires/go-proxyproto@v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: github.com/pires/go-proxyproto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Chore: bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (v2fly#3181)

Bumps google.golang.org/protobuf from 1.34.2 to 1.35.1.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Chore: bump github.com/go-playground/validator/v10 (v2fly#3150)

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.22.0 to 10.22.1.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](go-playground/validator@v10.22.0...v10.22.1)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix the use of ServerName in ECH config (v2fly#3188)

* update version to v5.21.0

* fix infinite loop when parsing empty nonnative subscription content (v2fly#3208)

* Chore: bump github.com/quic-go/quic-go from 0.47.0 to 0.48.1 (v2fly#3201)

Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.47.0 to 0.48.1.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](quic-go/quic-go@v0.47.0...v0.48.1)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Chore: bump github.com/adrg/xdg from 0.5.0 to 0.5.1 (v2fly#3193)

Bumps [github.com/adrg/xdg](https://github.com/adrg/xdg) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/adrg/xdg/releases)
- [Commits](adrg/xdg@v0.5.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/adrg/xdg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update version to v5.22.0

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dyhkwong <[email protected]>
Co-authored-by: Vigilans <[email protected]>
Co-authored-by: mkmark <[email protected]>
Co-authored-by: povsister <[email protected]>
Co-authored-by: Kaede Akino <[email protected]>
Co-authored-by: unknowndevQwQ <[email protected]>
Co-authored-by: Xiaokang Wang (Shelikhoo) <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Misaki Kasumi <[email protected]>
Co-authored-by: sunshineplan <[email protected]>
Co-authored-by: Jimmy Huang <[email protected]>
Co-authored-by: 风扇滑翔翼 <[email protected]>
Co-authored-by: Kasefuchs <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants