fix(PortProxy): Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging.
This commit is contained in:
parent
f304cc67b4
commit
415b82a84a
@ -1,5 +1,12 @@
|
||||
# Changelog
|
||||
|
||||
## 2025-03-11 - 3.38.1 - fix(PortProxy)
|
||||
Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging.
|
||||
|
||||
- In the renegotiation handler, create and pass a connection info object (sourceIp, sourcePort, destIp, destPort) instead of a boolean flag.
|
||||
- Update the TLS handshake processing to construct a connection info object for detailed SNI extraction and logging.
|
||||
- Enhance consistency by using processTlsPacket with cached SNI hints during fallback.
|
||||
|
||||
## 2025-03-11 - 3.38.0 - feat(SniHandler)
|
||||
Enhance SNI extraction to support fragmented ClientHello messages, TLS 1.3 early data, and improved PSK parsing
|
||||
|
||||
|
@ -3,6 +3,6 @@
|
||||
*/
|
||||
export const commitinfo = {
|
||||
name: '@push.rocks/smartproxy',
|
||||
version: '3.38.0',
|
||||
version: '3.38.1',
|
||||
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
|
||||
}
|
||||
|
@ -920,7 +920,15 @@ export class PortProxy {
|
||||
if (SniHandler.isClientHello(renegChunk)) {
|
||||
try {
|
||||
// Extract SNI from ClientHello
|
||||
const newSNI = SniHandler.extractSNIWithResumptionSupport(renegChunk, this.settings.enableTlsDebugLogging);
|
||||
// Create a connection info object for the existing connection
|
||||
const connInfo = {
|
||||
sourceIp: record.remoteIP,
|
||||
sourcePort: record.incoming.remotePort || 0,
|
||||
destIp: record.incoming.localAddress || '',
|
||||
destPort: record.incoming.localPort || 0
|
||||
};
|
||||
|
||||
const newSNI = SniHandler.extractSNIWithResumptionSupport(renegChunk, connInfo, this.settings.enableTlsDebugLogging);
|
||||
|
||||
// Skip if no SNI was found
|
||||
if (!newSNI) return;
|
||||
@ -1590,7 +1598,15 @@ export class PortProxy {
|
||||
`[${connectionId}] TLS handshake detected from ${remoteIP}, ${chunk.length} bytes`
|
||||
);
|
||||
// Try to extract SNI and log detailed debug info
|
||||
SniHandler.extractSNIWithResumptionSupport(chunk, true);
|
||||
// Create connection info for debug logging
|
||||
const debugConnInfo = {
|
||||
sourceIp: remoteIP,
|
||||
sourcePort: socket.remotePort || 0,
|
||||
destIp: socket.localAddress || '',
|
||||
destPort: socket.localPort || 0
|
||||
};
|
||||
|
||||
SniHandler.extractSNIWithResumptionSupport(chunk, debugConnInfo, true);
|
||||
}
|
||||
}
|
||||
});
|
||||
@ -1797,7 +1813,21 @@ export class PortProxy {
|
||||
);
|
||||
}
|
||||
|
||||
serverName = SniHandler.extractSNIWithResumptionSupport(chunk, this.settings.enableTlsDebugLogging) || '';
|
||||
// Create connection info object for SNI extraction
|
||||
const connInfo = {
|
||||
sourceIp: remoteIP,
|
||||
sourcePort: socket.remotePort || 0,
|
||||
destIp: socket.localAddress || '',
|
||||
destPort: socket.localPort || 0
|
||||
};
|
||||
|
||||
// Use the new processTlsPacket method for comprehensive handling
|
||||
serverName = SniHandler.processTlsPacket(
|
||||
chunk,
|
||||
connInfo,
|
||||
this.settings.enableTlsDebugLogging,
|
||||
connectionRecord.lockedDomain // Pass any previously negotiated domain as a hint
|
||||
) || '';
|
||||
}
|
||||
|
||||
// Lock the connection to the negotiated SNI.
|
||||
|
Loading…
x
Reference in New Issue
Block a user