From 143983b5851e5811b6a3e490a3481fe065246853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Fri, 19 Dec 2025 17:32:55 +0800 Subject: [PATCH] Remove certificate_public_key_sha256 for naive --- .github/CRONET_GO_VERSION | 2 +- docs/configuration/outbound/naive.md | 4 +- docs/configuration/outbound/naive.zh.md | 4 +- go.mod | 48 +++++------ go.sum | 96 +++++++++++----------- protocol/naive/outbound.go | 31 ++++--- test/naive_self_test.go | 103 ------------------------ 7 files changed, 94 insertions(+), 194 deletions(-) diff --git a/.github/CRONET_GO_VERSION b/.github/CRONET_GO_VERSION index 74f690d24..73d4820b5 100644 --- a/.github/CRONET_GO_VERSION +++ b/.github/CRONET_GO_VERSION @@ -1 +1 @@ -446096b34fb07e86541d927be26f8e5c42d41b4a +5e61220bb2d22453eb6d105077c88c8ab1e1c3b2 diff --git a/docs/configuration/outbound/naive.md b/docs/configuration/outbound/naive.md index a56036d96..d9af4fb1d 100644 --- a/docs/configuration/outbound/naive.md +++ b/docs/configuration/outbound/naive.md @@ -105,7 +105,9 @@ QUIC congestion control algorithm. TLS configuration, see [TLS](/configuration/shared/tls/#outbound). -Only `server_name`, `certificate`, `certificate_path`, `certificate_public_key_sha256` and `ech` are supported. +Only `server_name`, `certificate`, `certificate_path` and `ech` are supported. + +Self-signed certificates change traffic behavior significantly, which defeats the purpose of NaiveProxy's design to resist traffic analysis, and should not be used in production. ### Dial Fields diff --git a/docs/configuration/outbound/naive.zh.md b/docs/configuration/outbound/naive.zh.md index 40bcc2e56..078964079 100644 --- a/docs/configuration/outbound/naive.zh.md +++ b/docs/configuration/outbound/naive.zh.md @@ -105,7 +105,9 @@ QUIC 拥塞控制算法。 TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#outbound)。 -只有 `server_name`、`certificate`、`certificate_path`、`certificate_public_key_sha256` 和 `ech` 是被支持的。 +只有 `server_name`、`certificate`、`certificate_path` 和 `ech` 是被支持的。 + +自签名证书会显著改变流量行为,违背了 NaiveProxy 旨在抵抗流量分析的设计初衷,不应该在生产环境中使用。 ### 拨号字段 diff --git a/go.mod b/go.mod index 994922f2e..4fe0bbd6d 100644 --- a/go.mod +++ b/go.mod @@ -26,8 +26,8 @@ require ( github.com/sagernet/asc-go v0.0.0-20241217030726-d563060fe4e1 github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a github.com/sagernet/cors v1.2.1 - github.com/sagernet/cronet-go v0.0.0-20251218041957-eeb28f1dba2f - github.com/sagernet/cronet-go/all v0.0.0-20251218041957-eeb28f1dba2f + github.com/sagernet/cronet-go v0.0.0-20251219080614-460b6a5fb79d + github.com/sagernet/cronet-go/all v0.0.0-20251219080614-460b6a5fb79d github.com/sagernet/fswatch v0.1.1 github.com/sagernet/gomobile v0.1.10 github.com/sagernet/gvisor v0.0.0-20250811.0-sing-box-mod.1 @@ -108,28 +108,28 @@ require ( github.com/prometheus-community/pro-bing v0.4.0 // indirect github.com/quic-go/qpack v0.6.0 // indirect github.com/safchain/ethtool v0.3.0 // indirect - github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect - github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect + github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251219080137-fbc9bf07b76b // indirect + github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a // indirect github.com/sagernet/nftables v0.3.0-beta.4 // indirect github.com/spf13/pflag v1.0.6 // indirect diff --git a/go.sum b/go.sum index c2ceaafc1..dbba5d361 100644 --- a/go.sum +++ b/go.sum @@ -153,54 +153,54 @@ github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a h1:+NkI2670SQpQWvkk github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a/go.mod h1:63s7jpZqcDAIpj8oI/1v4Izok+npJOHACFCU6+huCkM= github.com/sagernet/cors v1.2.1 h1:Cv5Z8y9YSD6Gm+qSpNrL3LO4lD3eQVvbFYJSG7JCMHQ= github.com/sagernet/cors v1.2.1/go.mod h1:O64VyOjjhrkLmQIjF4KGRrJO/5dVXFdpEmCW/eISRAI= -github.com/sagernet/cronet-go v0.0.0-20251218041957-eeb28f1dba2f h1:WTHyVtd9nNZ4VB20aja31e0ZXXGrVlssAanJJBMc5BU= -github.com/sagernet/cronet-go v0.0.0-20251218041957-eeb28f1dba2f/go.mod h1:hwFHBEjjthyEquDULbr4c4ucMedp8Drb6Jvm2kt/0Bw= -github.com/sagernet/cronet-go/all v0.0.0-20251218041957-eeb28f1dba2f h1:qupezSQEMraq2yajI4HrWf9h9rY7RESUYbYHRRd49FY= -github.com/sagernet/cronet-go/all v0.0.0-20251218041957-eeb28f1dba2f/go.mod h1:onaFo5hJh1KsvuxkYTFLokh0Yx2oBh9J3yvFTnFB1Fc= -github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251218041530-c2a431c5f1f7 h1:jmDdDxVFN/W+pX/QRHYR6jFu5gosRPNSSPemGmchHpM= -github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:XXDwdjX/T8xftoeJxQmbBoYXZp8MAPFR2CwbFuTpEtw= -github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251218041530-c2a431c5f1f7 h1:zQeDQJg2YZSlmR5+mYV4KyqIWwe+SH5hnxTO4EalDwA= -github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:iNiUGoLtnr8/JTuVNj7XJbmpOAp2C6+B81KDrPxwaZM= -github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251218041530-c2a431c5f1f7 h1:85ck9+7Ftj+J3RO1uusn1Y3EXRLX9Dy0WIK/ZjRlQok= -github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:19ILNUOGIzRdOqa2mq+iY0JoHxuieB7/lnjYeaA2vEc= -github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:D//nc8RxHp7tTKcIYYQZ80wQBwxlCJv6HpkrCkqIVRo= -github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:JxzGyQf94Cr6sBShKqODGDyRUlESfJK/Njcz9Lz6qMQ= -github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251218041530-c2a431c5f1f7 h1:wwrQCcrwnHSY/Y4cy8JCiZLzuWXM8tENphhJtFplh0c= -github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:KN+9T9TBycGOLzmKU4QdcHAJEj6Nlx48ifnlTvvHMvs= -github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:Q52ojQVXk9f6Z+EWHWv+SJajNF56bVvgMyQP/7WV2TI= -github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:kojvtUc29KKnk8hs2QIANynVR59921SnGWA9kXohHc0= -github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7 h1:UzXQ09sZQZDlsZvWd4SAhtaF0RMxAVg4TEYsRNMutjU= -github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:hkQzRE5GDbaH1/ioqYh0Taho4L6i0yLRCVEZ5xHz5M0= -github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:sjSknfRi3fMJqwHW4pNL64SGq7Y5XIm4pz5Ds21hvKw= -github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:tzVJFTOm66UxLxy6K0ZN5Ic2PC79e+sKKnt+V9puEa4= -github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7 h1:uxb8pqzB4KH7ai6MocOWQPu3/+BAYISSIMPHWs0wtrQ= -github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:M/pN6m3j0HFU6/y83n0HU6GLYys3tYdr/xTE8hVEGMo= -github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251218041530-c2a431c5f1f7 h1:uV78fIQ2XdVQUzowiafKP2fs+rGlkI+9u7l1cBMlQlc= -github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:cGh5hO6eljCo6KMQ/Cel8Xgq4+etL0awZLRBDVG1EZQ= -github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251218041530-c2a431c5f1f7 h1:6d87Pvio5dpWakic3SNBVTwTlt8ZnvL1GWPPeY2xSLs= -github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:JFE0/cxaKkx0wqPMZU7MgaplQlU0zudv82dROJjClKU= -github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251218041530-c2a431c5f1f7 h1:tc3GdN9pAfZqdfb55DmtUSXEuKuecWNYSD/+4jclXmo= -github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:vU8VftFeSt7fURCa3JXD6+k6ss1YAX+idQjPvHmJ2tI= -github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251218041530-c2a431c5f1f7 h1:W5fN1B1wYgnh7Y5Nw+MgcDjsvdPvEPAGe27iemq2LJs= -github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:vCe4OUuL+XOUge9v3MyTD45BnuAXiH+DkjN9quDXJzQ= -github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251218041530-c2a431c5f1f7 h1:xfNH8CO8p2W8rtVFgyv8kiAkzoSArW6+h2s/p5ZNvP8= -github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:w9amBWrvjtohQzBGCKJ7LCh22LhTIJs4sE7cYaKQzM0= -github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:1mkhgxLOh1pPjBLgC/GK3Rhhinz0254OjGJRrivVhQ8= -github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:TqlsFtcYS/etTeck46kHBeT8Le0Igw1Q/AV88UnMS3s= -github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251218041530-c2a431c5f1f7 h1:zf252WwVhJYduTDBXvkBKdwSU+Ce0OToQzvy5SwPS3c= -github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:B6Qd0vys8sv9OKVRN6J9RqDzYRGE938Fb2zrYdBDyTQ= -github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251218041530-c2a431c5f1f7 h1:Nhkn2M2UsGe0hr6qOgNKvGKgAbo6EfWQto+YjlNWGqg= -github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:3tXMMFY7AHugOVBZ5Al7cL7JKsnFOe5bMVr0hZPk3ow= -github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7 h1:HSvWFyBDLC7grFuSwBSIaxLI/MVpe/w4qJJAWAZsBxc= -github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:aaX0YGl8nhGmfRWI8bc3BtDjY8Vzx6O0cS/e1uqxDq4= -github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:PJa1fhmbXWXCYk07DZhqzjP2u9rM/cnS0A1aaPU56pY= -github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:EdzMKA96xITc42QEI+ct4SwqX8Dn3ltKK8wzdkLWpSc= -github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7 h1:Tpskq8p8boYHkBya18ythhgWTMv8gFsseGk55MFW+/k= -github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:qix4kv1TTAJ5tY4lJ9vjhe9EY4mM+B7H5giOhbxDVcc= -github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251218041530-c2a431c5f1f7 h1:qjB64lzTP0ROuk9GCCwsNQ9ca37nIr75iOyc2vuGFQg= -github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:lm9w/oCCRyBiUa3G8lDQTT8x/ONUvgVR2iV9fVzUZB8= -github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:GDJjygR/HLWOzwAs0RjhvqN6d1rUm7WiDAmHNe8gRAM= -github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:n34YyLgapgjWdKa0IoeczjAFCwD3/dxbsH5sucKw0bw= +github.com/sagernet/cronet-go v0.0.0-20251219080614-460b6a5fb79d h1:Wfs4UEnHE3d0hHHG1NedCCwU2lUVlsgKblBGuOps8k4= +github.com/sagernet/cronet-go v0.0.0-20251219080614-460b6a5fb79d/go.mod h1:hwFHBEjjthyEquDULbr4c4ucMedp8Drb6Jvm2kt/0Bw= +github.com/sagernet/cronet-go/all v0.0.0-20251219080614-460b6a5fb79d h1:DZy1I3zKP5bRaFGDYStZWAXrtlxn3W4ONbFUD027sw8= +github.com/sagernet/cronet-go/all v0.0.0-20251219080614-460b6a5fb79d/go.mod h1:eKeQLIddaQGZD2/jc0t+AdTnHve3Yo+uMujwgNOCfz0= +github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251219080137-fbc9bf07b76b h1:+WRqXRiHEom7+lZUEA4qPVfNQB7Rx4++6JEN8cd5CgQ= +github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:XXDwdjX/T8xftoeJxQmbBoYXZp8MAPFR2CwbFuTpEtw= +github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251219080137-fbc9bf07b76b h1:ofD/ZwijuG5ccz0afLcvbfssIG+q/Bp8A2sziYYlJ28= +github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:iNiUGoLtnr8/JTuVNj7XJbmpOAp2C6+B81KDrPxwaZM= +github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251219080137-fbc9bf07b76b h1:m3Hv8Hs6x6JdFNe93nzh1XhdZ7DmkfOKheloDmQmGQo= +github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:19ILNUOGIzRdOqa2mq+iY0JoHxuieB7/lnjYeaA2vEc= +github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:gA8bzjowa5Lmih+hBjjh6xsjghmGTIojKNtPzVDG93A= +github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:JxzGyQf94Cr6sBShKqODGDyRUlESfJK/Njcz9Lz6qMQ= +github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251219080137-fbc9bf07b76b h1:0ASeUCDj66dAHaCU/HkgbuSm/1co+yHbrq13BokW/us= +github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:KN+9T9TBycGOLzmKU4QdcHAJEj6Nlx48ifnlTvvHMvs= +github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:NsbDT3L2pLS0Qsh0MPEn+IPkL33XoL7eFs56EA0jBeo= +github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:kojvtUc29KKnk8hs2QIANynVR59921SnGWA9kXohHc0= +github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b h1:hIMIG2AuF3n9yelPvfUB3jyW2vWJnPiJfhE3hGUGJDk= +github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:hkQzRE5GDbaH1/ioqYh0Taho4L6i0yLRCVEZ5xHz5M0= +github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:/l1dS38ijnn0IHtAdFH3Y8cahAGw6ii0TYow0jUNBGM= +github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:tzVJFTOm66UxLxy6K0ZN5Ic2PC79e+sKKnt+V9puEa4= +github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b h1:m29qbSNfdNuTYEgTkph9TQUIyu7wIrY3PAvbgl23OjA= +github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:M/pN6m3j0HFU6/y83n0HU6GLYys3tYdr/xTE8hVEGMo= +github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251219080137-fbc9bf07b76b h1:mmOPED30mKTr0DucTYQeJBHtjAgvBO7huwdG3gL6Gyw= +github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:cGh5hO6eljCo6KMQ/Cel8Xgq4+etL0awZLRBDVG1EZQ= +github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251219080137-fbc9bf07b76b h1:y7V2c5QwMY07ME/M+cI/W1ZNw2QFT2oMw99GaPtK0MY= +github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:JFE0/cxaKkx0wqPMZU7MgaplQlU0zudv82dROJjClKU= +github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251219080137-fbc9bf07b76b h1:txNHLfT1miemCZgCrtrA+eTbGfsfN46wHIpOShALNzI= +github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:vU8VftFeSt7fURCa3JXD6+k6ss1YAX+idQjPvHmJ2tI= +github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251219080137-fbc9bf07b76b h1:FVPZ3TKAoIeM1hTCqUn0D7gHx6rDkKqhx+E8yaYNbXI= +github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:vCe4OUuL+XOUge9v3MyTD45BnuAXiH+DkjN9quDXJzQ= +github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251219080137-fbc9bf07b76b h1:4ei7Sz97XCFXh+FUi2cKGHrhqD0A8lxdjZxST7NzDrQ= +github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:w9amBWrvjtohQzBGCKJ7LCh22LhTIJs4sE7cYaKQzM0= +github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:W0SrTDGPaKfcgjiZDkYeWqpICeVkwydaa228znP4q2c= +github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:TqlsFtcYS/etTeck46kHBeT8Le0Igw1Q/AV88UnMS3s= +github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251219080137-fbc9bf07b76b h1:WD7V83I/FDatR0zXq6gSxh8gGZCD+fUZjLb1f+OVuF0= +github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:B6Qd0vys8sv9OKVRN6J9RqDzYRGE938Fb2zrYdBDyTQ= +github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251219080137-fbc9bf07b76b h1:M1V7j6Bke+v9aXeEK/NcWqoPwl84h97fmL3XSJJmNJw= +github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:3tXMMFY7AHugOVBZ5Al7cL7JKsnFOe5bMVr0hZPk3ow= +github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b h1:DmLB0sgGw7vNao08a7NJ0xMJbZpeL49rAphknfRRs5I= +github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:aaX0YGl8nhGmfRWI8bc3BtDjY8Vzx6O0cS/e1uqxDq4= +github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:j8tKUY2VVnK/RxIvX75G/nLGu53to6LaDRH/NTzyLDw= +github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:EdzMKA96xITc42QEI+ct4SwqX8Dn3ltKK8wzdkLWpSc= +github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b h1:+1hjEBE2hUGUxDKtNg+gBYYCHXPQao273PjimC67v38= +github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:qix4kv1TTAJ5tY4lJ9vjhe9EY4mM+B7H5giOhbxDVcc= +github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251219080137-fbc9bf07b76b h1:22Jx/y6cz2lVeUwbN/lmNOUjhEWYpohGEYpW/zdDcBk= +github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:lm9w/oCCRyBiUa3G8lDQTT8x/ONUvgVR2iV9fVzUZB8= +github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:7juUKsCbreYSP8gALPf45kut0zdSpZXrk2TLIwQ2zOo= +github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:n34YyLgapgjWdKa0IoeczjAFCwD3/dxbsH5sucKw0bw= github.com/sagernet/fswatch v0.1.1 h1:YqID+93B7VRfqIH3PArW/XpJv5H4OLEVWDfProGoRQs= github.com/sagernet/fswatch v0.1.1/go.mod h1:nz85laH0mkQqJfaOrqPpkwtU1znMFNVTpT/5oRsVz/o= github.com/sagernet/gomobile v0.1.10 h1:ElqZ0OVDvyQlU91MU0C9cfU0FrILBbc65+NOKzZ1t0c= diff --git a/protocol/naive/outbound.go b/protocol/naive/outbound.go index 8bda26ec1..53e3e3a48 100644 --- a/protocol/naive/outbound.go +++ b/protocol/naive/outbound.go @@ -176,22 +176,21 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL return nil, E.New("unknown quic congestion control: ", options.QUICCongestionControl) } client, err := cronet.NewNaiveClient(cronet.NaiveClientConfig{ - Context: ctx, - ServerAddress: serverAddress, - ServerName: serverName, - Username: options.Username, - Password: options.Password, - InsecureConcurrency: options.InsecureConcurrency, - ExtraHeaders: extraHeaders, - TrustedRootCertificates: trustedRootCertificates, - TrustedCertificatePublicKeySHA256: options.TLS.CertificatePublicKeySHA256, - Dialer: outboundDialer, - DNSResolver: dnsResolver, - ECHEnabled: echEnabled, - ECHConfigList: echConfigList, - ECHQueryServerName: echQueryServerName, - QUIC: options.QUIC, - QUICCongestionControl: quicCongestionControl, + Context: ctx, + ServerAddress: serverAddress, + ServerName: serverName, + Username: options.Username, + Password: options.Password, + InsecureConcurrency: options.InsecureConcurrency, + ExtraHeaders: extraHeaders, + TrustedRootCertificates: trustedRootCertificates, + Dialer: outboundDialer, + DNSResolver: dnsResolver, + ECHEnabled: echEnabled, + ECHConfigList: echConfigList, + ECHQueryServerName: echQueryServerName, + QUIC: options.QUIC, + QUICCongestionControl: quicCongestionControl, }) if err != nil { return nil, err diff --git a/test/naive_self_test.go b/test/naive_self_test.go index a40f2f78b..873e7b9ef 100644 --- a/test/naive_self_test.go +++ b/test/naive_self_test.go @@ -1,9 +1,6 @@ package main import ( - "crypto/sha256" - "crypto/x509" - "encoding/pem" "net/netip" "os" "strings" @@ -109,106 +106,6 @@ func TestNaiveSelf(t *testing.T) { testTCP(t, clientPort, testPort) } -func TestNaiveSelfPublicKeySHA256(t *testing.T) { - _, certPem, keyPem := createSelfSignedCertificate(t, "example.org") - - // Read and parse the server certificate to get its public key SHA256 - certPemContent, err := os.ReadFile(certPem) - require.NoError(t, err) - block, _ := pem.Decode(certPemContent) - require.NotNil(t, block) - cert, err := x509.ParseCertificate(block.Bytes) - require.NoError(t, err) - - // Calculate SHA256 of SPKI (Subject Public Key Info) - spkiBytes, err := x509.MarshalPKIXPublicKey(cert.PublicKey) - require.NoError(t, err) - pinHash := sha256.Sum256(spkiBytes) - - startInstance(t, option.Options{ - Inbounds: []option.Inbound{ - { - Type: C.TypeMixed, - Tag: "mixed-in", - Options: &option.HTTPMixedInboundOptions{ - ListenOptions: option.ListenOptions{ - Listen: common.Ptr(badoption.Addr(netip.IPv4Unspecified())), - ListenPort: clientPort, - }, - }, - }, - { - Type: C.TypeNaive, - Tag: "naive-in", - Options: &option.NaiveInboundOptions{ - ListenOptions: option.ListenOptions{ - Listen: common.Ptr(badoption.Addr(netip.IPv4Unspecified())), - ListenPort: serverPort, - }, - Users: []auth.User{ - { - Username: "sekai", - Password: "password", - }, - }, - Network: network.NetworkTCP, - InboundTLSOptionsContainer: option.InboundTLSOptionsContainer{ - TLS: &option.InboundTLSOptions{ - Enabled: true, - ServerName: "example.org", - CertificatePath: certPem, - KeyPath: keyPem, - }, - }, - }, - }, - }, - Outbounds: []option.Outbound{ - { - Type: C.TypeDirect, - }, - { - Type: C.TypeNaive, - Tag: "naive-out", - Options: &option.NaiveOutboundOptions{ - ServerOptions: option.ServerOptions{ - Server: "127.0.0.1", - ServerPort: serverPort, - }, - Username: "sekai", - Password: "password", - OutboundTLSOptionsContainer: option.OutboundTLSOptionsContainer{ - TLS: &option.OutboundTLSOptions{ - Enabled: true, - ServerName: "example.org", - CertificatePublicKeySHA256: [][]byte{pinHash[:]}, - }, - }, - }, - }, - }, - Route: &option.RouteOptions{ - Rules: []option.Rule{ - { - Type: C.RuleTypeDefault, - DefaultOptions: option.DefaultRule{ - RawDefaultRule: option.RawDefaultRule{ - Inbound: []string{"mixed-in"}, - }, - RuleAction: option.RuleAction{ - Action: C.RuleActionTypeRoute, - RouteOptions: option.RouteActionOptions{ - Outbound: "naive-out", - }, - }, - }, - }, - }, - }, - }) - testTCP(t, clientPort, testPort) -} - func TestNaiveSelfECH(t *testing.T) { caPem, certPem, keyPem := createSelfSignedCertificate(t, "example.org") caPemContent, err := os.ReadFile(caPem)