Documentation
¶
Index ¶
- Variables
- func BuildCertificates(certConfigs []*Certificate) ([]tls.Certificate, error)
- func CalculatePEMCertChainSHA256Hash(certContent []byte) string
- func CertsToCertPool(certs [][]byte) (*x509.CertPool, error)
- func ConvertToGoECHKeys(data []byte) ([]tls.EncryptedClientHelloKey, error)
- func GenerateCertChainHash(rawCerts [][]byte) []byte
- func GetFingerprint(name string) (fingerprint *utls.ClientHelloID, found bool)
- type Certificate
- func (*Certificate) Descriptor() ([]byte, []int)deprecated
- func (x *Certificate) GetCertificate() []byte
- func (x *Certificate) GetCertificateFilepath() string
- func (x *Certificate) GetKey() []byte
- func (x *Certificate) GetKeyFilepath() string
- func (*Certificate) ProtoMessage()
- func (x *Certificate) ProtoReflect() protoreflect.Message
- func (x *Certificate) Reset()
- func (x *Certificate) String() string
- type Conn
- type Engine
- type EngineConfig
- type ForceALPN
- type Option
- type TlsConfig
- func (*TlsConfig) Descriptor() ([]byte, []int)deprecated
- func (x *TlsConfig) GetAllowInsecure() bool
- func (x *TlsConfig) GetCertificates() []*Certificate
- func (x *TlsConfig) GetDisableSystemRoot() bool
- func (x *TlsConfig) GetEchConfig() []byte
- func (x *TlsConfig) GetEchKey() []byte
- func (x *TlsConfig) GetEnableEch() bool
- func (x *TlsConfig) GetEnableSessionResumption() bool
- func (x *TlsConfig) GetForceAlpn() ForceALPN
- func (x *TlsConfig) GetImitate() string
- func (x *TlsConfig) GetIssueCas() []*Certificate
- func (x *TlsConfig) GetMasterKeyLog() string
- func (x *TlsConfig) GetNextProtocol() []string
- func (x *TlsConfig) GetNoSNI() bool
- func (x *TlsConfig) GetPinnedPeerCertificateChainSha256() [][]byte
- func (x *TlsConfig) GetRootCas() [][]byte
- func (x *TlsConfig) GetServerName() string
- func (c *TlsConfig) GetTLSConfig(opts ...Option) (*tls.Config, error)
- func (c *TlsConfig) GetUClient(conn net.Conn, tlsConfig *tls.Config) (net.Conn, error)
- func (x *TlsConfig) GetVerifyClientCertificate() bool
- func (c *TlsConfig) IsExperiment8357() bool
- func (*TlsConfig) ProtoMessage()
- func (x *TlsConfig) ProtoReflect() protoreflect.Message
- func (x *TlsConfig) Reset()
- func (x *TlsConfig) String() string
- func (c *TlsConfig) VerifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
- type UConn
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ForceALPN_name = map[int32]string{ 0: "TRANSPORT_PREFERENCE_TAKE_PRIORITY", 1: "NO_ALPN", 2: "UTLS_PRESET", } ForceALPN_value = map[string]int32{ "TRANSPORT_PREFERENCE_TAKE_PRIORITY": 0, "NO_ALPN": 1, "UTLS_PRESET": 2, } )
Enum value maps for ForceALPN.
View Source
var ErrInvalidLen = errors.New("goech: invalid length")
View Source
var File_protos_tls_certificate_proto protoreflect.FileDescriptor
View Source
var File_protos_tls_tls_proto protoreflect.FileDescriptor
View Source
var ModernFingerprints = map[string]*utls.ClientHelloID{ "hellofirefox_99": &utls.HelloFirefox_99, "hellofirefox_102": &utls.HelloFirefox_102, "hellofirefox_105": &utls.HelloFirefox_105, "hellofirefox_120": &utls.HelloFirefox_120, "hellochrome_83": &utls.HelloChrome_83, "hellochrome_87": &utls.HelloChrome_87, "hellochrome_96": &utls.HelloChrome_96, "hellochrome_100": &utls.HelloChrome_100, "hellochrome_102": &utls.HelloChrome_102, "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, "hellochrome_120": &utls.HelloChrome_120, "hellochrome_131": &utls.HelloChrome_131, "helloios_13": &utls.HelloIOS_13, "helloios_14": &utls.HelloIOS_14, "helloedge_85": &utls.HelloEdge_85, "helloedge_106": &utls.HelloEdge_106, "hellosafari_16_0": &utls.HelloSafari_16_0, "hello360_11_0": &utls.Hello360_11_0, "helloqq_11_1": &utls.HelloQQ_11_1, }
View Source
var OtherFingerprints = map[string]*utls.ClientHelloID{ "hellogolang": &utls.HelloGolang, "hellorandomized": &utls.HelloRandomized, "hellorandomizedalpn": &utls.HelloRandomizedALPN, "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, "hellofirefox_auto": &utls.HelloFirefox_Auto, "hellofirefox_55": &utls.HelloFirefox_55, "hellofirefox_56": &utls.HelloFirefox_56, "hellofirefox_63": &utls.HelloFirefox_63, "hellofirefox_65": &utls.HelloFirefox_65, "hellochrome_auto": &utls.HelloChrome_Auto, "hellochrome_58": &utls.HelloChrome_58, "hellochrome_62": &utls.HelloChrome_62, "hellochrome_70": &utls.HelloChrome_70, "hellochrome_72": &utls.HelloChrome_72, "helloios_auto": &utls.HelloIOS_Auto, "helloios_11_1": &utls.HelloIOS_11_1, "helloios_12_1": &utls.HelloIOS_12_1, "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, "helloedge_auto": &utls.HelloEdge_Auto, "hellosafari_auto": &utls.HelloSafari_Auto, "hello360_auto": &utls.Hello360_Auto, "hello360_7_5": &utls.Hello360_7_5, "helloqq_auto": &utls.HelloQQ_Auto, "hellochrome_100_psk": &utls.HelloChrome_100_PSK, "hellochrome_112_psk_shuf": &utls.HelloChrome_112_PSK_Shuf, "hellochrome_114_padding_psk_shuf": &utls.HelloChrome_114_Padding_PSK_Shuf, "hellochrome_115_pq": &utls.HelloChrome_115_PQ, "hellochrome_115_pq_psk": &utls.HelloChrome_115_PQ_PSK, "hellochrome_120_pq": &utls.HelloChrome_120_PQ, }
View Source
var PresetFingerprints = map[string]*utls.ClientHelloID{ "chrome": &utls.HelloChrome_Auto, "firefox": &utls.HelloFirefox_Auto, "safari": &utls.HelloSafari_Auto, "ios": &utls.HelloIOS_Auto, "android": &utls.HelloAndroid_11_OkHttp, "edge": &utls.HelloEdge_Auto, "360": &utls.Hello360_Auto, "qq": &utls.HelloQQ_Auto, "random": nil, "randomized": nil, "randomizednoalpn": nil, "unsafe": nil, }
Functions ¶
func BuildCertificates ¶
func BuildCertificates(certConfigs []*Certificate) ([]tls.Certificate, error)
func ConvertToGoECHKeys ¶
func ConvertToGoECHKeys(data []byte) ([]tls.EncryptedClientHelloKey, error)
func GenerateCertChainHash ¶
func GetFingerprint ¶
func GetFingerprint(name string) (fingerprint *utls.ClientHelloID, found bool)
Types ¶
type Certificate ¶
type Certificate struct {
Certificate []byte `protobuf:"bytes,1,opt,name=certificate,proto3" json:"certificate,omitempty"`
Key []byte `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
CertificateFilepath string `protobuf:"bytes,4,opt,name=certificate_filepath,json=certificateFilepath,proto3" json:"certificate_filepath,omitempty"`
KeyFilepath string `protobuf:"bytes,5,opt,name=key_filepath,json=keyFilepath,proto3" json:"key_filepath,omitempty"`
// contains filtered or unexported fields
}
func ParseCertificate ¶
func ParseCertificate(c *cert.Certificate) *Certificate
ParseCertificate converts a cert.Certificate to Certificate.
func (*Certificate) Descriptor
deprecated
func (*Certificate) Descriptor() ([]byte, []int)
Deprecated: Use Certificate.ProtoReflect.Descriptor instead.
func (*Certificate) GetCertificate ¶
func (x *Certificate) GetCertificate() []byte
func (*Certificate) GetCertificateFilepath ¶
func (x *Certificate) GetCertificateFilepath() string
func (*Certificate) GetKey ¶
func (x *Certificate) GetKey() []byte
func (*Certificate) GetKeyFilepath ¶
func (x *Certificate) GetKeyFilepath() string
func (*Certificate) ProtoMessage ¶
func (*Certificate) ProtoMessage()
func (*Certificate) ProtoReflect ¶
func (x *Certificate) ProtoReflect() protoreflect.Message
func (*Certificate) Reset ¶
func (x *Certificate) Reset()
func (*Certificate) String ¶
func (x *Certificate) String() string
type Conn ¶
a wrapper of tls.Conn
func (*Conn) GetConnectionApplicationProtocol ¶
func (*Conn) HandshakeAddress ¶
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
func (*Engine) GetClientConn ¶
type EngineConfig ¶
type EngineConfig struct {
Config *TlsConfig
DnsServer i.ECHResolver
}
type ForceALPN ¶
type ForceALPN int32
func (ForceALPN) Descriptor ¶
func (ForceALPN) Descriptor() protoreflect.EnumDescriptor
func (ForceALPN) EnumDescriptor
deprecated
func (ForceALPN) Number ¶
func (x ForceALPN) Number() protoreflect.EnumNumber
func (ForceALPN) Type ¶
func (ForceALPN) Type() protoreflect.EnumType
type Option ¶
func WithDestination ¶
func WithDestination(dest net.Destination) Option
if c.ServerName has been specified, dont apply dest as ServerName
func WithNextProtocol ¶
type TlsConfig ¶
type TlsConfig struct {
// certs to be provided to peer
Certificates []*Certificate `protobuf:"bytes,1,rep,name=certificates,proto3" json:"certificates,omitempty"`
// certs to be used as root CA
RootCas [][]byte `protobuf:"bytes,2,rep,name=root_cas,json=rootCas,proto3" json:"root_cas,omitempty"`
// certs to issue certificates which will be provided to peer
IssueCas []*Certificate `protobuf:"bytes,3,rep,name=issue_cas,json=issueCas,proto3" json:"issue_cas,omitempty"`
// if not specified, the server name will be destination domain of the connection if
// it is a domain
ServerName string `protobuf:"bytes,4,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"`
DisableSystemRoot bool `protobuf:"varint,5,opt,name=disable_system_root,json=disableSystemRoot,proto3" json:"disable_system_root,omitempty"`
AllowInsecure bool `protobuf:"varint,6,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"`
NextProtocol []string `protobuf:"bytes,7,rep,name=next_protocol,json=nextProtocol,proto3" json:"next_protocol,omitempty"`
EnableSessionResumption bool `` /* 133-byte string literal not displayed */
// A list of byte slice, each of which is a hash of a cert chain.
PinnedPeerCertificateChainSha256 [][]byte `` /* 163-byte string literal not displayed */
VerifyClientCertificate bool `` /* 134-byte string literal not displayed */
// utls-related
Imitate string `protobuf:"bytes,11,opt,name=imitate,proto3" json:"imitate,omitempty"`
// utls-related
NoSNI bool `protobuf:"varint,12,opt,name=noSNI,proto3" json:"noSNI,omitempty"`
// utls-related
ForceAlpn ForceALPN `protobuf:"varint,13,opt,name=force_alpn,json=forceAlpn,proto3,enum=x.tls.ForceALPN" json:"force_alpn,omitempty"`
MasterKeyLog string `protobuf:"bytes,14,opt,name=master_key_log,json=masterKeyLog,proto3" json:"master_key_log,omitempty"`
// server ech key
EchKey []byte `protobuf:"bytes,15,opt,name=ech_key,json=echKey,proto3" json:"ech_key,omitempty"`
// client ech config
EchConfig []byte `protobuf:"bytes,16,opt,name=ech_config,json=echConfig,proto3" json:"ech_config,omitempty"`
// client only
// enable ech
EnableEch bool `protobuf:"varint,17,opt,name=enable_ech,json=enableEch,proto3" json:"enable_ech,omitempty"`
// contains filtered or unexported fields
}
func (*TlsConfig) Descriptor
deprecated
func (*TlsConfig) GetAllowInsecure ¶
func (*TlsConfig) GetCertificates ¶
func (x *TlsConfig) GetCertificates() []*Certificate
func (*TlsConfig) GetDisableSystemRoot ¶
func (*TlsConfig) GetEchConfig ¶
func (*TlsConfig) GetEnableEch ¶
func (*TlsConfig) GetEnableSessionResumption ¶
func (*TlsConfig) GetForceAlpn ¶
func (*TlsConfig) GetImitate ¶
func (*TlsConfig) GetIssueCas ¶
func (x *TlsConfig) GetIssueCas() []*Certificate
func (*TlsConfig) GetMasterKeyLog ¶
func (*TlsConfig) GetNextProtocol ¶
func (*TlsConfig) GetPinnedPeerCertificateChainSha256 ¶
func (*TlsConfig) GetRootCas ¶
func (*TlsConfig) GetServerName ¶
func (*TlsConfig) GetTLSConfig ¶
GetTLSConfig converts this Config into tls.Config.
func (*TlsConfig) GetUClient ¶
func (*TlsConfig) GetVerifyClientCertificate ¶
func (*TlsConfig) IsExperiment8357 ¶
func (*TlsConfig) ProtoMessage ¶
func (*TlsConfig) ProtoMessage()
func (*TlsConfig) ProtoReflect ¶
func (x *TlsConfig) ProtoReflect() protoreflect.Message
func (*TlsConfig) VerifyPeerCert ¶
func (c *TlsConfig) VerifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
Source Files
Click to show internal directories.
Click to hide internal directories.