From eef613993fdaa330faeaa187c2d2bca6389c4b86 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sun, 27 Oct 2024 21:06:56 +0000 Subject: [PATCH] Raise link error when SNI supplied on unsupported link type Closes #1196 --- src/core/link.go | 1 + src/core/link_socks.go | 3 +++ src/core/link_tcp.go | 3 +++ src/core/link_unix.go | 3 +++ src/core/link_ws.go | 3 +++ src/core/link_wss.go | 3 +++ 6 files changed, 16 insertions(+) diff --git a/src/core/link.go b/src/core/link.go index 04fe0266..c2267f24 100644 --- a/src/core/link.go +++ b/src/core/link.go @@ -126,6 +126,7 @@ const ErrLinkPinnedKeyInvalid = linkError("pinned public key is invalid") const ErrLinkPasswordInvalid = linkError("invalid password supplied") const ErrLinkUnrecognisedSchema = linkError("link schema unknown") const ErrLinkMaxBackoffInvalid = linkError("max backoff duration invalid") +const ErrLinkSNINotSupported = linkError("SNI not supported on this link type") func (l *links) add(u *url.URL, sintf string, linkType linkType) error { var retErr error diff --git a/src/core/link_socks.go b/src/core/link_socks.go index b92374d4..0f66661b 100644 --- a/src/core/link_socks.go +++ b/src/core/link_socks.go @@ -23,6 +23,9 @@ func (l *links) newLinkSOCKS() *linkSOCKS { } func (l *linkSOCKS) dial(_ context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) { + if url.Scheme != "sockstls" && options.tlsSNI != "" { + return nil, ErrLinkSNINotSupported + } var proxyAuth *proxy.Auth if url.User != nil && url.User.Username() != "" { proxyAuth = &proxy.Auth{ diff --git a/src/core/link_tcp.go b/src/core/link_tcp.go index 4ee50941..38c42def 100644 --- a/src/core/link_tcp.go +++ b/src/core/link_tcp.go @@ -67,6 +67,9 @@ func (l *linkTCP) dialersFor(url *url.URL, info linkInfo) ([]*tcpDialer, error) } func (l *linkTCP) dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) { + if options.tlsSNI != "" { + return nil, ErrLinkSNINotSupported + } dialers, err := l.dialersFor(url, info) if err != nil { return nil, err diff --git a/src/core/link_unix.go b/src/core/link_unix.go index ddbfa0ad..1da6931d 100644 --- a/src/core/link_unix.go +++ b/src/core/link_unix.go @@ -31,6 +31,9 @@ func (l *links) newLinkUNIX() *linkUNIX { } func (l *linkUNIX) dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) { + if options.tlsSNI != "" { + return nil, ErrLinkSNINotSupported + } addr, err := net.ResolveUnixAddr("unix", url.Path) if err != nil { return nil, err diff --git a/src/core/link_ws.go b/src/core/link_ws.go index 0602ed28..59816098 100644 --- a/src/core/link_ws.go +++ b/src/core/link_ws.go @@ -87,6 +87,9 @@ func (l *links) newLinkWS() *linkWS { } func (l *linkWS) dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) { + if options.tlsSNI != "" { + return nil, ErrLinkSNINotSupported + } wsconn, _, err := websocket.Dial(ctx, url.String(), &websocket.DialOptions{ Subprotocols: []string{"ygg-ws"}, }) diff --git a/src/core/link_wss.go b/src/core/link_wss.go index 0bdb4f3a..f09d7955 100644 --- a/src/core/link_wss.go +++ b/src/core/link_wss.go @@ -27,6 +27,9 @@ func (l *links) newLinkWSS() *linkWSS { } func (l *linkWSS) dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) { + if options.tlsSNI != "" { + return nil, ErrLinkSNINotSupported + } wsconn, _, err := websocket.Dial(ctx, url.String(), &websocket.DialOptions{ Subprotocols: []string{"ygg-ws"}, })