feat: add factory for TLS proxying with uTLS

This commit adds an experimental factory for create proxying TLS connections using uTLS rather than crypto/tls. A user has requested this functionality. For now, I'd like to avoid advertising it until I get confirmation that this interface is okay for the user who requested it. When it's confirmed it's okay, I'll change the README.
ooni · Dec 6, 2021 · d6f7e24 · d6f7e24 · frankwalter1301 · Dec 21, 2021
1 parent bde36fd
commit d6f7e24
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/tlsconn.go b/tlsconn.go
@@ -22,3 +22,9 @@ type TLSConn interface {
 	// in time by the given context.
 	HandshakeContext(ctx context.Context) error
 }
+
+// TLSClientFactory is the factory used when creating connections
+// using a proxy inside of the HTTP library. By default, this is
+// the tls.Client function. You'll need to override this factory if
+// you want to use refraction-networking/utls for proxied conns.
+var TLSClientFactory = tls.Client
diff --git a/transport.go b/transport.go
@@ -1519,7 +1519,7 @@ func (pconn *persistConn) addTLS(ctx context.Context, name string, trace *httptr
 		cfg.NextProtos = nil
 	}
 	plainConn := pconn.conn
-	tlsConn := tls.Client(plainConn, cfg)
+	tlsConn := TLSClientFactory(plainConn, cfg)
 	errc := make(chan error, 2)
 	var timer *time.Timer // for canceling TLS handshake
 	if d := pconn.t.TLSHandshakeTimeout; d != 0 {