-
Notifications
You must be signed in to change notification settings - Fork 0
/
https_impl.go
115 lines (103 loc) · 3.27 KB
/
https_impl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package chained
import (
"context"
"net"
"sync"
"time"
tls "github.com/refraction-networking/utls"
"github.com/getlantern/common/config"
"github.com/getlantern/errors"
"github.com/getlantern/flashlight/v7/common"
"github.com/getlantern/flashlight/v7/ops"
"github.com/getlantern/hellosplitter"
"github.com/getlantern/tlsdialer/v3"
)
type httpsImpl struct {
nopCloser
dialCore coreDialer
addr string
tlsConfig *tls.Config
roller *helloRoller
tlsClientHelloSplitting bool
requiresSessionTickets bool
proxyConfig *config.ProxyConfig
connWrappers []connWrapper
sync.Mutex
}
func newHTTPSImpl(configDir, name, addr string, pc *config.ProxyConfig, uc common.UserConfig, dialCore coreDialer,
connWrappers ...connWrapper) (proxyImpl, error) {
tlsConfig, hellos, err := tlsConfigForProxy(context.Background(), configDir, name, pc, uc)
if err != nil {
return nil, log.Error(errors.Wrap(err).With("addr", addr))
}
if len(hellos) == 0 {
return nil, log.Error(errors.New("expected at least one hello"))
}
return &httpsImpl{
dialCore: dialCore,
addr: addr,
tlsConfig: tlsConfig,
roller: &helloRoller{hellos: hellos},
tlsClientHelloSplitting: pc.TLSClientHelloSplitting,
requiresSessionTickets: pc.TLSClientSessionState != "",
proxyConfig: pc,
connWrappers: connWrappers,
}, nil
}
func (impl *httpsImpl) dialServer(op *ops.Op, ctx context.Context) (net.Conn, error) {
r := impl.roller.getCopy()
defer impl.roller.updateTo(r)
currentHello := r.current()
helloID, helloSpec, err := currentHello.utlsSpec()
if err != nil {
r.advance()
return nil, errors.New("failed to generate valid utls hello spec, advancing roller: %v", err)
}
if impl.requiresSessionTickets && helloID != tls.HelloGolang {
supportsSessionTickets, err := currentHello.supportsSessionTickets()
if err != nil {
r.advance()
return nil, errors.New("unable to determine if hello %v supports session tickets, advancing roller: %v", helloID, err)
}
if !supportsSessionTickets {
r.advance()
return nil, errors.New("session ticket is required, but hello %v does not support them; advancing roller", helloID)
}
}
d := tlsdialer.Dialer{
DoDial: func(network, addr string, timeout time.Duration) (net.Conn, error) {
tcpConn, err := impl.dialCore(op, ctx, impl.addr)
if err != nil {
return nil, err
}
if impl.tlsClientHelloSplitting {
tcpConn = hellosplitter.Wrap(tcpConn, splitClientHello)
}
for _, wrapper := range impl.connWrappers {
tcpConn = wrapper(tcpConn, impl.proxyConfig)
}
return tcpConn, err
},
Timeout: timeoutFor(ctx),
SendServerName: impl.tlsConfig.ServerName != "",
Config: impl.tlsConfig.Clone(),
ClientHelloID: helloID,
ClientHelloSpec: helloSpec,
}
result, err := d.DialForTimings("tcp", impl.addr)
if err != nil {
if isHelloErr(err) {
log.Debugf("got error likely related to bad hello; advancing roller: %v", err)
r.advance()
}
return nil, err
}
return result.Conn, nil
}
func timeoutFor(ctx context.Context) time.Duration {
deadline, ok := ctx.Deadline()
if ok {
return time.Until(deadline)
}
return chainedDialTimeout
}