fix: ALPN missed when using socks5 proxy with rustls backend#2164
Merged
seanmonstar merged 1 commit intoseanmonstar:masterfrom Mar 24, 2024
cxw620:patch-alpn
Merged
fix: ALPN missed when using socks5 proxy with rustls backend#2164seanmonstar merged 1 commit intoseanmonstar:masterfrom cxw620:patch-alpn
seanmonstar merged 1 commit intoseanmonstar:masterfrom
cxw620:patch-alpn
Conversation
Contributor
Author
|
I've tested this PR and it's working well. Would you mind taking a look at it? Thanks! |
Contributor
Author
|
@seanmonstar Could you provide an update on this PR? Any feedback or comments on it? Thanks :D |
seanmonstar
reviewed
Mar 22, 2024
| use tokio_rustls::TlsConnector as RustlsConnector; | ||
|
|
||
| let tls = tls_proxy.clone(); | ||
| let tls = tls.clone(); |
Owner
There was a problem hiding this comment.
Shouldn't this still use the proxy TLS? Should the fix instead be that we set ALPN on the proxy TLS?
Contributor
Author
There was a problem hiding this comment.
we can see when connect_via_proxy and ProxyScheme::Socks5, we call self.connect_socks(dst, proxy_scheme).await, dst is our target.
#[cfg(feature = "__rustls")]
Inner::RustlsTls { tls, .. } => {
if dst.scheme() == Some(&Scheme::HTTPS) {
use std::convert::TryFrom;
use tokio_rustls::TlsConnector as RustlsConnector;
let tls = tls.clone();
let host = dst.host().ok_or("no host in url")?.to_string();
let conn = socks::connect(proxy, dst, dns).await?; // create proxy tunnel through socks server and connect to dst.
let conn = TokioIo::new(conn);
let conn = TokioIo::new(conn);
let server_name =
rustls_pki_types::ServerName::try_from(host.as_str().to_owned())
.map_err(|_| "Invalid Server Name")?;
let io = RustlsConnector::from(tls) // here we create TLS connector for HTTPS through socks tunnel, so `tls` should not be proxy TLS.
.connect(server_name, conn)
.await?;
let io = TokioIo::new(io);
return Ok(Conn {
inner: self.verbose.wrap(RustlsTlsConn { inner: io }),
is_proxy: false,
tls_info: false,
});
}
}
seanmonstar
approved these changes
Mar 24, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
reopen PR, fix #2118