enable sni for tls client (#691)

* enable sni for tls client * update test case * fix public_ip parse bug
2025-12-13 21:27:25 +08:00 · 2025-03-19 01:15:34 +08:00
parent 3d1e841cc5
commit 81490d0662
4 changed files with 14 additions and 3 deletions
--- a/easytier/src/connector/dns_connector.rs
+++ b/easytier/src/connector/dns_connector.rs
@@ -242,6 +242,7 @@ mod tests {
        let url = "txt://txt.easytier.cn";
        let global_ctx = get_mock_global_ctx();
        let mut connector = DNSTunnelConnector::new(url.parse().unwrap(), global_ctx);
+        connector.set_ip_version(IpVersion::V4);
        let ret = connector.connect().await.unwrap();
        println!("{:?}", ret.info());
    }
@@ -251,6 +252,7 @@ mod tests {
        let url = "srv://easytier.cn";
        let global_ctx = get_mock_global_ctx();
        let mut connector = DNSTunnelConnector::new(url.parse().unwrap(), global_ctx);
+        connector.set_ip_version(IpVersion::V4);
        let ret = connector.connect().await.unwrap();
        println!("{:?}", ret.info());
    }
--- a/easytier/src/connector/udp_hole_punch/sym_to_cone.rs
+++ b/easytier/src/connector/udp_hole_punch/sym_to_cone.rs
@@ -434,7 +434,7 @@ impl PunchSymToConeHoleClient {
        let public_ips: Vec<Ipv4Addr> = stun_info
            .public_ip
            .iter()
-            .map(|x| x.parse().unwrap())
+            .filter_map(|x| x.parse().ok())
            .collect();
        if public_ips.is_empty() {
            return Err(anyhow::anyhow!("failed to get public ips"));
--- a/easytier/src/tunnel/insecure_tls.rs
+++ b/easytier/src/tunnel/insecure_tls.rs
@@ -70,7 +70,7 @@ pub fn get_insecure_tls_client_config() -> rustls::ClientConfig {
        .dangerous()
        .with_custom_certificate_verifier(SkipServerVerification::new(provider.clone()))
        .with_no_client_auth();
-    config.enable_sni = false;
+    config.enable_sni = true;
    config.enable_early_data = false;
    config
 }
--- a/easytier/src/tunnel/websocket.rs
+++ b/easytier/src/tunnel/websocket.rs
@@ -183,6 +183,7 @@ impl WSTunnelConnector {
    ) -> Result<Box<dyn Tunnel>, TunnelError> {
        let is_wss = is_wss(&addr)?;
        let socket_addr = SocketAddr::from_url(addr.clone(), ip_version)?;
+        let domain = addr.domain();
        let host = socket_addr.ip();
        let stream = tcp_socket.connect(socket_addr).await?;

@@ -203,8 +204,16 @@ impl WSTunnelConnector {
            init_crypto_provider();
            let tls_conn =
                tokio_rustls::TlsConnector::from(Arc::new(get_insecure_tls_client_config()));
+            let domain_or_ip = match domain {
+                None => {
+                    host.to_string()
+                }
+                Some(domain) => {
+                    domain.to_string()
+                }
+            };
            let stream = tls_conn
-                .connect(host.to_string().try_into().unwrap(), stream)
+                .connect(domain_or_ip.try_into().unwrap(), stream)
                .await?;
            MaybeTlsStream::Rustls(stream)
        } else {