4.3

Signed-off-by: arraykeys@gmail.com <arraykeys@gmail.com>
2018-02-28 13:27:13 +08:00
parent 7599e2c793
commit f5e472ea9f
7 changed files with 100 additions and 11 deletions
--- a/6
+++ b/6
@ -1,4 +1,10 @@
 proxy更新日志
+v4.3
+1.优化了参数keygen生成证书逻辑，避免证书出现特征.
+2.http(s)和socks代理增加了--dns-address和--dns-ttl参数,
+ 用于自己指定proxy访问域名的时候使用的dns（--dns-address）以及解析结果缓存时间（--dns-ttl）秒数，
+ 避免系统dns对proxy的干扰，另外缓存功能还能减少dns解析时间提高访问速度.
+
 v4.2
 1.优化了内网穿透,避免了client意外下线,导致链接信息残留的问题.
 2.http代理增加了SNI支持,现在http(s)代理模式支持反向代理,支持http(s)透明代理.
--- a/README.md
+++ b/README.md
@ -130,7 +130,7 @@ If the installation fails or your VPS is not a linux64 system, please follow the
 Download address: https://github.com/snail007/goproxy/releases  
 ```shell  
 cd /root/proxy/  
-wget https://github.com/snail007/goproxy/releases/download/v4.0/proxy-linux-amd64.tar.gz  
+wget https://github.com/snail007/goproxy/releases/download/v4.3/proxy-linux-amd64.tar.gz  
 ```  
 #### **2.Download the automatic installation script**  
 ```shell  
--- a/README_ZH.md
+++ b/README_ZH.md
@ -32,7 +32,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
 - ...  

 
-本页是v4.2手册,其他版本手册请点击下面链接查看.  
+本页是v4.3手册,其他版本手册请点击下面链接查看. 
+- [v4.2手册](https://github.com/snail007/goproxy/tree/v4.2) 
 - [v4.0-v4.1手册](https://github.com/snail007/goproxy/tree/v4.1)
 - [v3.9手册](https://github.com/snail007/goproxy/tree/v3.9)
 - [v3.8手册](https://github.com/snail007/goproxy/tree/v3.8)
@ -76,7 +77,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
    - [1.8 KCP协议传输](#18kcp协议传输)
    - [1.9 HTTP(S)反向代理](#19-https反向代理)
    - [1.10 HTTP(S)透明代理](#110-https透明代理)
-    - [1.11 查看帮助](#111查看帮助)
+    - [1.11 自定义DNS](#111-自定义DNS)
+    - [1.12 查看帮助](#112-查看帮助)
 - [2. TCP代理](#2tcp代理)
    - [2.1 普通一级TCP代理](#21普通一级tcp代理)
    - [2.2 普通二级TCP代理](#22普通二级tcp代理)
@ -129,7 +131,7 @@ curl -L https://raw.githubusercontent.com/snail007/goproxy/master/install_auto.s
 下载地址:https://github.com/snail007/goproxy/releases  
 ```shell  
 cd /root/proxy/  
-wget https://github.com/snail007/goproxy/releases/download/v4.2/proxy-linux-amd64.tar.gz  
+wget https://github.com/snail007/goproxy/releases/download/v4.3/proxy-linux-amd64.tar.gz  
 ```  
 #### **2.下载自动安装脚本**  
 ```shell  
@ -333,7 +335,13 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY
 - 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X PROXY
 - 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN

-#### **1.9.查看帮助**  
+#### **1.11 自定义DNS** 
+--dns-address和--dns-ttl参数,用于自己指定proxy访问域名的时候使用的dns（--dns-address）  
+以及解析结果缓存时间（--dns-ttl）秒数，避免系统dns对proxy的干扰，另外缓存功能还能减少dns解析时间提高访问速度.    
+比如：  
+`./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`  
+
+#### **1.12 查看帮助**  
 `./proxy help http`  
  
 ### **2.TCP代理**  
--- a/install_auto.sh
+++ b/install_auto.sh
@ -5,7 +5,7 @@ if [ -e /tmp/proxy ]; then
 fi
 mkdir /tmp/proxy
 cd /tmp/proxy
-wget https://github.com/snail007/goproxy/releases/download/v4.2/proxy-linux-amd64.tar.gz
+wget https://github.com/snail007/goproxy/releases/download/v4.3/proxy-linux-amd64.tar.gz

 # #install proxy
 tar zxvf proxy-linux-amd64.tar.gz
--- a/main.go
+++ b/main.go
@ -8,7 +8,7 @@ import (
 	"syscall"
 )

-const APP_VERSION = "4.2"
+const APP_VERSION = "4.3"

 func main() {
 	err := initConfig()
--- a/release.sh
+++ b/release.sh
@ -1,5 +1,5 @@
 #!/bin/bash
-VER="4.2"
+VER="4.3"
 RELEASE="release-${VER}"
 rm -rf .cert
 mkdir .cert
--- a/utils/functions.go
+++ b/utils/functions.go
@ -7,11 +7,13 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/binary"
+	"encoding/pem"
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
+	"math/rand"
 	"net"
 	"net/http"
 	"os"
@ -101,6 +103,14 @@ func TlsConnect(host string, port, timeout int, certBytes, keyBytes []byte) (con
 	return *tls.Client(_conn, conf), err
 }
 func getRequestTlsConfig(certBytes, keyBytes []byte) (conf *tls.Config, err error) {
+	block, _ := pem.Decode(certBytes)
+	if block == nil {
+		panic("failed to parse certificate PEM")
+	}
+	x509Cert, _ := x509.ParseCertificate(block.Bytes)
+	if x509Cert == nil {
+		panic("failed to parse block")
+	}
 	var cert tls.Certificate
 	cert, err = tls.X509KeyPair(certBytes, keyBytes)
 	if err != nil {
@ -114,8 +124,21 @@ func getRequestTlsConfig(certBytes, keyBytes []byte) (conf *tls.Config, err erro
 	conf = &tls.Config{
 		RootCAs:            serverCertPool,
 		Certificates:       []tls.Certificate{cert},
-		ServerName:         "proxy",
 		InsecureSkipVerify: false,
+		ServerName:         x509Cert.Subject.CommonName,
+		// VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+		// 	opts := x509.VerifyOptions{
+		// 		Roots: serverCertPool,
+		// 	}
+		// 	for _, rawCert := range rawCerts {
+		// 		cert, _ := x509.ParseCertificate(rawCert)
+		// 		_, err := cert.Verify(opts)
+		// 		if err != nil {
+		// 			return err
+		// 		}
+		// 	}
+		// 	return nil
+		// },
 	}
 	return
 }
@ -136,6 +159,14 @@ func ConnectKCPHost(hostAndPort, method, key string) (conn net.Conn, err error)
 	return kcpconn, err
 }
 func ListenTls(ip string, port int, certBytes, keyBytes []byte) (ln *net.Listener, err error) {
+	block, _ := pem.Decode(certBytes)
+	if block == nil {
+		panic("failed to parse certificate PEM")
+	}
+	x509Cert, _ := x509.ParseCertificate(block.Bytes)
+	if x509Cert == nil {
+		panic("failed to parse block")
+	}
 	var cert tls.Certificate
 	cert, err = tls.X509KeyPair(certBytes, keyBytes)
 	if err != nil {
@ -148,9 +179,23 @@ func ListenTls(ip string, port int, certBytes, keyBytes []byte) (ln *net.Listene
 	}
 	config := &tls.Config{
 		ClientCAs:    clientCertPool,
-		ServerName:   "proxy",
 		Certificates: []tls.Certificate{cert},
 		ClientAuth:   tls.RequireAndVerifyClientCert,
+		ServerName:   x509Cert.Subject.CommonName,
+		// VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+		// 	opts := x509.VerifyOptions{
+		// 		Roots: clientCertPool,
+		// 	}
+		// 	for _, rawCert := range rawCerts {
+		// 		cert, _ := x509.ParseCertificate(rawCert)
+		// 		_, err := cert.Verify(opts)
+		// 		fmt.Println("SERVER ERR:", err)
+		// 		if err != nil {
+		// 			return err
+		// 		}
+		// 	}
+		// 	return nil
+		// },
 	}
 	_ln, err := tls.Listen("tcp", fmt.Sprintf("%s:%d", ip, port), config)
 	if err == nil {
@ -200,7 +245,14 @@ func Keygen() (err error) {
 		return
 	}
 	fmt.Println(string(out))
-	cmd = exec.Command("sh", "-c", `openssl req -new -key proxy.key -x509 -days 3650 -out proxy.crt -subj /C=CN/ST=BJ/O="Localhost Ltd"/CN=proxy`)
+	CList := []string{"AD", "AE", "AF", "AG", "AI", "AL", "AM", "AO", "AR", "AT", "AU", "AZ", "BB", "BD", "BE", "BF", "BG", "BH", "BI", "BJ", "BL", "BM", "BN", "BO", "BR", "BS", "BW", "BY", "BZ", "CA", "CF", "CG", "CH", "CK", "CL", "CM", "CN", "CO", "CR", "CS", "CU", "CY", "CZ", "DE", "DJ", "DK", "DO", "DZ", "EC", "EE", "EG", "ES", "ET", "FI", "FJ", "FR", "GA", "GB", "GD", "GE", "GF", "GH", "GI", "GM", "GN", "GR", "GT", "GU", "GY", "HK", "HN", "HT", "HU", "ID", "IE", "IL", "IN", "IQ", "IR", "IS", "IT", "JM", "JO", "JP", "KE", "KG", "KH", "KP", "KR", "KT", "KW", "KZ", "LA", "LB", "LC", "LI", "LK", "LR", "LS", "LT", "LU", "LV", "LY", "MA", "MC", "MD", "MG", "ML", "MM", "MN", "MO", "MS", "MT", "MU", "MV", "MW", "MX", "MY", "MZ", "NA", "NE", "NG", "NI", "NL", "NO", "NP", "NR", "NZ", "OM", "PA", "PE", "PF", "PG", "PH", "PK", "PL", "PR", "PT", "PY", "QA", "RO", "RU", "SA", "SB", "SC", "SD", "SE", "SG", "SI", "SK", "SL", "SM", "SN", "SO", "SR", "ST", "SV", "SY", "SZ", "TD", "TG", "TH", "TJ", "TM", "TN", "TO", "TR", "TT", "TW", "TZ", "UA", "UG", "US", "UY", "UZ", "VC", "VE", "VN", "YE", "YU", "ZA", "ZM", "ZR", "ZW"}
+	domainSubfixList := []string{".com", ".edu", ".gov", ".int", ".mil", ".net", ".org", ".biz", ".info", ".pro", ".name", ".museum", ".coop", ".aero", ".xxx", ".idv", ".ac", ".ad", ".ae", ".af", ".ag", ".ai", ".al", ".am", ".an", ".ao", ".aq", ".ar", ".as", ".at", ".au", ".aw", ".az", ".ba", ".bb", ".bd", ".be", ".bf", ".bg", ".bh", ".bi", ".bj", ".bm", ".bn", ".bo", ".br", ".bs", ".bt", ".bv", ".bw", ".by", ".bz", ".ca", ".cc", ".cd", ".cf", ".cg", ".ch", ".ci", ".ck", ".cl", ".cm", ".cn", ".co", ".cr", ".cu", ".cv", ".cx", ".cy", ".cz", ".de", ".dj", ".dk", ".dm", ".do", ".dz", ".ec", ".ee", ".eg", ".eh", ".er", ".es", ".et", ".eu", ".fi", ".fj", ".fk", ".fm", ".fo", ".fr", ".ga", ".gd", ".ge", ".gf", ".gg", ".gh", ".gi", ".gl", ".gm", ".gn", ".gp", ".gq", ".gr", ".gs", ".gt", ".gu", ".gw", ".gy", ".hk", ".hm", ".hn", ".hr", ".ht", ".hu", ".id", ".ie", ".il", ".im", ".in", ".io", ".iq", ".ir", ".is", ".it", ".je", ".jm", ".jo", ".jp", ".ke", ".kg", ".kh", ".ki", ".km", ".kn", ".kp", ".kr", ".kw", ".ky", ".kz", ".la", ".lb", ".lc", ".li", ".lk", ".lr", ".ls", ".lt", ".lu", ".lv", ".ly", ".ma", ".mc", ".md", ".mg", ".mh", ".mk", ".ml", ".mm", ".mn", ".mo", ".mp", ".mq", ".mr", ".ms", ".mt", ".mu", ".mv", ".mw", ".mx", ".my", ".mz", ".na", ".nc", ".ne", ".nf", ".ng", ".ni", ".nl", ".no", ".np", ".nr", ".nu", ".nz", ".om", ".pa", ".pe", ".pf", ".pg", ".ph", ".pk", ".pl", ".pm", ".pn", ".pr", ".ps", ".pt", ".pw", ".py", ".qa", ".re", ".ro", ".ru", ".rw", ".sa", ".sb", ".sc", ".sd", ".se", ".sg", ".sh", ".si", ".sj", ".sk", ".sl", ".sm", ".sn", ".so", ".sr", ".st", ".sv", ".sy", ".sz", ".tc", ".td", ".tf", ".tg", ".th", ".tj", ".tk", ".tl", ".tm", ".tn", ".to", ".tp", ".tr", ".tt", ".tv", ".tw", ".tz", ".ua", ".ug", ".uk", ".um", ".us", ".uy", ".uz", ".va", ".vc", ".ve", ".vg", ".vi", ".vn", ".vu", ".wf", ".ws", ".ye", ".yt", ".yu", ".yr", ".za", ".zm", ".zw"}
+	C := CList[int(RandInt(4))%len(CList)]
+	ST := RandString(int(RandInt(4) % 10))
+	O := RandString(int(RandInt(4) % 10))
+	CN := strings.ToLower(RandString(int(RandInt(4)%10)) + domainSubfixList[int(RandInt(4))%len(domainSubfixList)])
+	cmdStr := fmt.Sprintf("openssl req -new -key proxy.key -x509 -days 36500 -out proxy.crt -subj /C=%s/ST=%s/O=%s/CN=%s", C, ST, O, CN)
+	cmd = exec.Command("sh", "-c", cmdStr)
 	out, err = cmd.CombinedOutput()
 	if err != nil {
 		log.Printf("err:%s", err)
@ -306,6 +358,29 @@ func Uniqueid() string {
 	// s := fmt.Sprintf("%d", src.Int63())
 	// return s[len(s)-5:len(s)-1] + fmt.Sprintf("%d", uint64(time.Now().UnixNano()))[8:]
 }
+func RandString(strlen int) string {
+	codes := "QWERTYUIOPLKJHGFDSAZXCVBNMabcdefghijklmnopqrstuvwxyz0123456789"
+	codeLen := len(codes)
+	data := make([]byte, strlen)
+	rand.Seed(time.Now().UnixNano() + rand.Int63() + rand.Int63() + rand.Int63() + rand.Int63())
+	for i := 0; i < strlen; i++ {
+		idx := rand.Intn(codeLen)
+		data[i] = byte(codes[idx])
+	}
+	return string(data)
+}
+func RandInt(strLen int) int64 {
+	codes := "123456789"
+	codeLen := len(codes)
+	data := make([]byte, strLen)
+	rand.Seed(time.Now().UnixNano() + rand.Int63() + rand.Int63() + rand.Int63() + rand.Int63())
+	for i := 0; i < strLen; i++ {
+		idx := rand.Intn(codeLen)
+		data[i] = byte(codes[idx])
+	}
+	i, _ := strconv.ParseInt(string(data), 10, 64)
+	return i
+}
 func ReadData(r io.Reader) (data string, err error) {
 	var len uint16
 	err = binary.Read(r, binary.LittleEndian, &len)