diff --git a/adapter/outbound/reality.go b/adapter/outbound/reality.go index 05f49d11..9d892f96 100644 --- a/adapter/outbound/reality.go +++ b/adapter/outbound/reality.go @@ -11,31 +11,25 @@ import ( ) type RealityOptions struct { - ServerName string `proxy:"server-name"` - PublicKey string `proxy:"public-key"` - ShortID string `proxy:"short-id"` + PublicKey string `proxy:"public-key"` + ShortID string `proxy:"short-id"` } func (o RealityOptions) Parse() (*tlsC.RealityConfig, error) { - if o.PublicKey != "" || o.ServerName != "" { - if o.PublicKey != "" && o.ServerName != "" { - config := new(tlsC.RealityConfig) + if o.PublicKey != "" { + config := new(tlsC.RealityConfig) - n, err := base64.RawURLEncoding.Decode(config.PublicKey[:], []byte(o.PublicKey)) - if err != nil || n != curve25519.ScalarSize { - return nil, errors.New("invalid REALITY public key") - } - - config.ShortID, err = hex.DecodeString(o.ShortID) - if err != nil { - return nil, errors.New("invalid REALITY short ID") - } - - config.ServerName = o.ServerName - - return config, nil + n, err := base64.RawURLEncoding.Decode(config.PublicKey[:], []byte(o.PublicKey)) + if err != nil || n != curve25519.ScalarSize { + return nil, errors.New("invalid REALITY public key") } - return nil, errors.New("invalid REALITY protocol option") + + config.ShortID, err = hex.DecodeString(o.ShortID) + if err != nil { + return nil, errors.New("invalid REALITY short ID") + } + + return config, nil } return nil, nil } diff --git a/component/tls/reality.go b/component/tls/reality.go index cdad690f..732613d8 100644 --- a/component/tls/reality.go +++ b/component/tls/reality.go @@ -30,21 +30,21 @@ import ( ) type RealityConfig struct { - ServerName string - PublicKey [curve25519.ScalarSize]byte - ShortID []byte + PublicKey [curve25519.ScalarSize]byte + ShortID []byte } func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config, realityConfig *RealityConfig) (net.Conn, error) { if fingerprint, exists := GetFingerprint(ClientFingerprint); exists { verifier := &realityVerifier{ - serverName: realityConfig.ServerName, + serverName: tlsConfig.ServerName, + } + uConfig := &utls.Config{ + ServerName: tlsConfig.ServerName, + InsecureSkipVerify: true, + SessionTicketsDisabled: true, + VerifyPeerCertificate: verifier.VerifyPeerCertificate, } - uConfig := copyConfig(tlsConfig) - uConfig.ServerName = realityConfig.ServerName - uConfig.InsecureSkipVerify = true - uConfig.SessionTicketsDisabled = true - uConfig.VerifyPeerCertificate = verifier.VerifyPeerCertificate clientID := utls.ClientHelloID{ Client: fingerprint.Client, Version: fingerprint.Version, diff --git a/docs/config.yaml b/docs/config.yaml index 03b35cc8..971ca124 100644 --- a/docs/config.yaml +++ b/docs/config.yaml @@ -451,13 +451,11 @@ proxies: # socks5 udp: true xudp: true flow: xtls-rprx-vision + servername: www.microsoft.com # REALITY servername reality-opts: - server-name: www.microsoft.com public-key: xxx - short-id: xxx - client-fingerprint: chrome - # fingerprint: xxxx - # skip-cert-verify: true + short-id: xxx # optional + client-fingerprint: chrome # cannot be empty - name: "vless-ws" type: vless