feat: add fingerprint for tls verify

2022-07-10 20:44:24 +08:00
parent 60e1947ed2
commit fef9f95e65
15 changed files with 137 additions and 31 deletions
--- a/dns/client.go
+++ b/dns/client.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	tlsC "github.com/Dreamacro/clash/common/tls"
 	"go.uber.org/atomic"
 	"net"
 	"net/netip"
@ -77,7 +78,7 @@ func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (*D.Msg, error)
 	ch := make(chan result, 1)
 	go func() {
 		if strings.HasSuffix(c.Client.Net, "tls") {
-			conn = tls.Client(conn, c.Client.TLSConfig)
+			conn = tls.Client(conn, tlsC.MixinTLSConfig(c.Client.TLSConfig))
 		}

 		msg, _, err := c.Client.ExchangeWithConn(m, &D.Conn{
--- a/dns/doh.go
+++ b/dns/doh.go
@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"crypto/tls"
+	tls2 "github.com/Dreamacro/clash/common/tls"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	"github.com/lucas-clemente/quic-go"
@ -119,6 +120,7 @@ func newDohTransport(r *Resolver, preferH3 bool, proxyAdapter string) *dohTransp
 					return dialContextExtra(ctx, proxyAdapter, "tcp", ip, port)
 				}
 			},
+			TLSClientConfig: tls2.GetDefaultTLSConfig(),
 		},
 		preferH3: preferH3,
 	}
@ -156,6 +158,7 @@ func newDohTransport(r *Resolver, preferH3 bool, proxyAdapter string) *dohTransp
 					}
 				}
 			},
+			TLSClientConfig: tls2.GetDefaultTLSConfig(),
 		}
 	}

--- a/dns/doq.go
+++ b/dns/doq.go
@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
+	tlsC "github.com/Dreamacro/clash/common/tls"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	"github.com/lucas-clemente/quic-go"
@ -128,13 +129,15 @@ func (dc *quicClient) getSession(ctx context.Context) (quic.Connection, error) {
 }

 func (dc *quicClient) openSession(ctx context.Context) (quic.Connection, error) {
-	tlsConfig := &tls.Config{
-		InsecureSkipVerify: false,
-		NextProtos: []string{
-			NextProtoDQ,
-		},
-		SessionTicketsDisabled: false,
-	}
+	tlsConfig := tlsC.MixinTLSConfig(
+		&tls.Config{
+			InsecureSkipVerify: false,
+			NextProtos: []string{
+				NextProtoDQ,
+			},
+			SessionTicketsDisabled: false,
+		})
+
 	quicConfig := &quic.Config{
 		ConnectionIDLength:   12,
 		HandshakeIdleTimeout: time.Second * 8,