From 907ebd63b60dd11599633740203f9fbcde959639 Mon Sep 17 00:00:00 2001 From: fregie Date: Mon, 31 May 2021 12:53:05 +0800 Subject: [PATCH] Fix: TLS ECC certificate failed to handshake (#352) Co-authored-by: loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com> --- go.mod | 1 - go.sum | 5 ----- tunnel/tls/server.go | 12 ++++++------ 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 57a6294b8..5f0cb5ddd 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,6 @@ go 1.16 require ( github.com/go-sql-driver/mysql v1.6.0 - github.com/huandu/go-clone v1.2.2 github.com/patrickmn/go-cache v2.1.0+incompatible // indirect github.com/refraction-networking/utls v0.0.0-20201210053706-2179f286686b github.com/shadowsocks/go-shadowsocks2 v0.1.5 diff --git a/go.sum b/go.sum index 0f24f2e8d..9778cfacc 100644 --- a/go.sum +++ b/go.sum @@ -158,10 +158,6 @@ github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0m github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/go-assert v1.1.5 h1:fjemmA7sSfYHJD7CUqs9qTwwfdNAx7/j2/ZlHXzNB3c= -github.com/huandu/go-assert v1.1.5/go.mod h1:yOLvuqZwmcHIC5rIzrBhT7D3Q9c3GFnd0JrPVhn/06U= -github.com/huandu/go-clone v1.2.2 h1:u6acA9meOiaf9arN8iOR17WcRLE9vab2PmCh6xdHTuw= -github.com/huandu/go-clone v1.2.2/go.mod h1:bPJ9bAG8fjyAEBRFt6toaGUZcGFGL3f6g5u6yW+9W14= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jhump/protoreflect v1.8.2 h1:k2xE7wcUomeqwY0LDCYA16y4WWfyTcMx5mKhk0d4ua0= @@ -308,7 +304,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= diff --git a/tunnel/tls/server.go b/tunnel/tls/server.go index 1a600a84a..f9f66d717 100644 --- a/tunnel/tls/server.go +++ b/tunnel/tls/server.go @@ -17,8 +17,6 @@ import ( "sync/atomic" "time" - "github.com/huandu/go-clone" - "github.com/p4gefau1t/trojan-go/common" "github.com/p4gefau1t/trojan-go/config" "github.com/p4gefau1t/trojan-go/log" @@ -50,7 +48,6 @@ type Server struct { cancel context.CancelFunc underlay tunnel.Server nextHTTP int32 - setNextHTTPOnce sync.Once portOverrider map[string]int } @@ -107,8 +104,7 @@ func (s *Server) acceptLoop() { if s.verifySNI && !matched { return nil, common.NewError("sni mismatched: " + hello.ServerName + ", expected: " + s.sni) } - keyPairCopied := clone.Clone(&s.keyPair[0]).(*tls.Certificate) - return keyPairCopied, nil + return &s.keyPair[0], nil }, } @@ -209,6 +205,8 @@ func (s *Server) AcceptPacket(tunnel.Tunnel) (tunnel.PacketConn, error) { func (s *Server) checkKeyPairLoop(checkRate time.Duration, keyPath string, certPath string, password string) { var lastKeyBytes, lastCertBytes []byte + ticker := time.NewTicker(checkRate) + for { log.Debug("checking cert...") keyBytes, err := ioutil.ReadFile(keyPath) @@ -234,11 +232,13 @@ func (s *Server) checkKeyPairLoop(checkRate time.Duration, keyPath string, certP lastKeyBytes = keyBytes lastCertBytes = certBytes } + select { - case <-time.After(checkRate): + case <-ticker.C: continue case <-s.ctx.Done(): log.Debug("exiting") + ticker.Stop() return } }