ouczbs/FastGithub
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

增加TlsIgnoreNameMismatch配置

Browse Source
This commit is contained in:
xljiulang 2021-07-21 00:55:30 +08:00
parent cf0bb56c57
commit dfa6bc1367
6 changed files with 35 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
FastGithub.Core/DomainConfig.cs
View File

@ -17,6 +17,12 @@ namespace FastGithub
/// </summary> /// </summary>
public string? TlsSniPattern { get; init; } public string? TlsSniPattern { get; init; }
/// <summary>
/// 是否忽略服务器证书域名不匹配
/// 当不发送SNI时服务器可能发回域名不匹配的证书
/// </summary>
public bool TlsIgnoreNameMismatch { get; init; }
/// <summary> /// <summary>
/// 请求超时时长 /// 请求超时时长
/// </summary> /// </summary>

10
FastGithub.ReverseProxy/HttpClient.cs
View File

@ -11,6 +11,7 @@ namespace FastGithub.ReverseProxy
class HttpClient : HttpMessageInvoker class HttpClient : HttpMessageInvoker
{ {
private readonly TlsSniPattern tlsSniPattern; private readonly TlsSniPattern tlsSniPattern;
private readonly bool tlsIgnoreNameMismatch;
/// <summary> /// <summary>
/// YARP的HttpClient /// YARP的HttpClient
@ -18,10 +19,14 @@ namespace FastGithub.ReverseProxy
/// <param name="handler"></param> /// <param name="handler"></param>
/// <param name="tlsSniPattern"></param> /// <param name="tlsSniPattern"></param>
/// <param name="disposeHandler"></param> /// <param name="disposeHandler"></param>
public HttpClient(HttpMessageHandler handler, TlsSniPattern tlsSniPattern, bool disposeHandler = false) : public HttpClient(
base(handler, disposeHandler) HttpMessageHandler handler,
TlsSniPattern tlsSniPattern,
bool tlsIgnoreNameMismatch,
bool disposeHandler = false) : base(handler, disposeHandler)
{ {
this.tlsSniPattern = tlsSniPattern; this.tlsSniPattern = tlsSniPattern;
this.tlsIgnoreNameMismatch = tlsIgnoreNameMismatch;
} }
/// <summary> /// <summary>
@ -37,6 +42,7 @@ namespace FastGithub.ReverseProxy
Host = request.RequestUri?.Host, Host = request.RequestUri?.Host,
IsHttps = request.RequestUri?.Scheme == Uri.UriSchemeHttps, IsHttps = request.RequestUri?.Scheme == Uri.UriSchemeHttps,
TlsSniPattern = this.tlsSniPattern, TlsSniPattern = this.tlsSniPattern,
TlsIgnoreNameMismatch = this.tlsIgnoreNameMismatch
}); });
return base.SendAsync(request, cancellationToken); return base.SendAsync(request, cancellationToken);
} }

7
FastGithub.ReverseProxy/HttpClientHanlder.cs
View File

@ -64,6 +64,11 @@ namespace FastGithub.ReverseProxy
{ {
if (errors == SslPolicyErrors.RemoteCertificateNameMismatch) if (errors == SslPolicyErrors.RemoteCertificateNameMismatch)
{ {
if (requestContext.TlsIgnoreNameMismatch == true)
{
return true;
}
var host = requestContext.Host; var host = requestContext.Host;
var dnsNames = ReadDnsNames(cert); var dnsNames = ReadDnsNames(cert);
return dnsNames.Any(dns => IsMatch(dns, host)); return dnsNames.Any(dns => IsMatch(dns, host));
@ -97,7 +102,7 @@ namespace FastGithub.ReverseProxy
if (list.Count >= 2 && list[0] is int nameType && nameType == 2) if (list.Count >= 2 && list[0] is int nameType && nameType == 2)
{ {
var dnsName = list[1]?.ToString(); var dnsName = list[1]?.ToString();
if(dnsName!=null) if (dnsName != null)
{ {
yield return dnsName; yield return dnsName;
} }

5
FastGithub.ReverseProxy/RequestContext.cs
View File

@ -19,5 +19,10 @@
/// 获取或设置Sni值的表达式 /// 获取或设置Sni值的表达式
/// </summary> /// </summary>
public TlsSniPattern TlsSniPattern { get; set; } public TlsSniPattern TlsSniPattern { get; set; }
/// <summary>
/// 是否忽略服务器证书域名不匹配
/// </summary>
public bool TlsIgnoreNameMismatch { get; set; }
} }
} }

2
FastGithub.ReverseProxy/ReverseProxyMiddleware.cs
View File

@ -57,7 +57,7 @@ namespace FastGithub.ReverseProxy
var requestConfig = new ForwarderRequestConfig { Timeout = domainConfig.Timeout }; var requestConfig = new ForwarderRequestConfig { Timeout = domainConfig.Timeout };
var tlsSniPattern = domainConfig.GetTlsSniPattern(); var tlsSniPattern = domainConfig.GetTlsSniPattern();
using var httpClient = new HttpClient(this.httpClientHanlder, tlsSniPattern); using var httpClient = new HttpClient(this.httpClientHanlder, tlsSniPattern, domainConfig.TlsIgnoreNameMismatch);
var error = await httpForwarder.SendAsync(context, destinationPrefix, httpClient, requestConfig); var error = await httpForwarder.SendAsync(context, destinationPrefix, httpClient, requestConfig);
await HandleErrorAsync(context, error); await HandleErrorAsync(context, error);

14
FastGithub/appsettings.json
View File

@ -8,12 +8,18 @@
"IPAddress": "114.114.114.114", "IPAddress": "114.114.114.114",
"Port": 53 "Port": 53
}, },
"DomainConfigs": { // *0 "DomainConfigs": { // *0
"github.com": { "github.com": {
"TlsSni": false, // tlsSNI "TlsSni": false, // tlsSNI
"TlsSniPattern": null, // SNI@domain @ipadressip @random "TlsSniPattern": null, // SNI@domain @ipadressip @random
"TlsIgnoreNameMismatch": false, // SNIfalse
"Timeout": null, // "00:02:00"null "Timeout": null, // "00:02:00"null
"Destination": null // Urinull "Destination": null // Urinull
//"Response": { // Response
// "StatusCode": 404,
// "ContentType": "text/plain;charset=utf-8",
// "ContentValue": "阻断的请求"
//}
}, },
"githubstatus.com": { "githubstatus.com": {
"TlsSni": false "TlsSni": false
@ -61,10 +67,8 @@
"Destination": "https://fdn.geekzu.org/" "Destination": "https://fdn.geekzu.org/"
}, },
"i.stack.imgur.com": { "i.stack.imgur.com": {
"Response": { // "Response": {
"StatusCode": 404, "StatusCode": 404
"ContentType": "text/plain;charset=utf-8",
"ContentValue": "阻断的请求"
} }
}, },
"lh*.googleusercontent.com": { "lh*.googleusercontent.com": {