MCPcopy
hub / github.com/MetaCubeX/mihomo / GetTLSConfig

Function GetTLSConfig

component/ca/config.go:87–124  ·  view source on GitHub ↗
(opt Option)

Source from the content-addressed store, hash-verified

85}
86
87func GetTLSConfig(opt Option) (tlsConfig *tls.Config, err error) {
88 tlsConfig = opt.TLSConfig
89 if tlsConfig == nil {
90 tlsConfig = &tls.Config{}
91 }
92 tlsConfig.Time = ntp.Now
93
94 if opt.ZeroTrust {
95 tlsConfig.RootCAs = zeroTrustCertPool()
96 } else {
97 tlsConfig.RootCAs = GetCertPool()
98 }
99
100 if len(opt.Fingerprint) > 0 {
101 verifier, err := NewFingerprintVerifier(opt.Fingerprint, tlsConfig.Time)
102 if err != nil {
103 return nil, err
104 }
105 tlsConfig.VerifyConnection = func(state tls.ConnectionState) error {
106 // [ConnectionState.ServerName] can return the actual ServerName needed for verification,
107 // avoiding inconsistencies caused by [tlsConfig.ServerName] being modified after the [NewFingerprintVerifier] call.
108 // https://github.com/golang/go/issues/36736#issuecomment-587925536
109 return verifier(state.PeerCertificates, state.ServerName)
110 }
111 tlsConfig.InsecureSkipVerify = true
112 }
113
114 if len(opt.Certificate) > 0 || len(opt.PrivateKey) > 0 {
115 certLoader, err := NewTLSKeyPairLoader(opt.Certificate, opt.PrivateKey)
116 if err != nil {
117 return nil, err
118 }
119 tlsConfig.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
120 return certLoader()
121 }
122 }
123 return tlsConfig, nil
124}
125
126var zeroTrustCertPool = once.OnceValue(func() *x509.CertPool {
127 if len(_CaCertificates) != 0 { // always using embed cert first

Callers 15

HttpRequestFunction · 0.92
openConnectionMethod · 0.92
createTransportMethod · 0.92
dialContextMethod · 0.92
NewGostWebsocketFunction · 0.92
buildHTTPTransportFunction · 0.92
NewV2rayObfsFunction · 0.92
ToStdConfigMethod · 0.92
NewShadowTLSFunction · 0.92
URLTestMethod · 0.92
NewTuicFunction · 0.92
NewHttpFunction · 0.92

Calls 3

GetCertPoolFunction · 0.85
NewFingerprintVerifierFunction · 0.85
NewTLSKeyPairLoaderFunction · 0.85

Tested by

no test coverage detected