push.rocks/smartproxy
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix some tests and prepare next step of evolution

Browse Source
This commit is contained in:
Jürgen Kunz
2025-12-09 09:19:13 +00:00
parent ad44274075
commit be3ac75422
27 changed files with 3363 additions and 3246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
ts/proxies/smart-proxy/route-connection-handler.ts
View File

@@ -184,14 +184,28 @@ export class RouteConnectionHandler {
const needsTlsHandling = allRoutes.some(route => {
// Check if route matches this port
const matchesPort = this.smartProxy.routeManager.getRoutesForPort(localPort).includes(route);
return matchesPort &&
route.action.type === 'forward' &&
route.action.tls &&
(route.action.tls.mode === 'terminate' ||
return matchesPort &&
route.action.type === 'forward' &&
route.action.tls &&
(route.action.tls.mode === 'terminate' ||
route.action.tls.mode === 'passthrough');
});
// Auto-calculate session ticket handling based on route configuration
// If any route on this port terminates TLS, allow session tickets (HttpProxy handles resumption)
// Otherwise, block session tickets (need SNI for passthrough routing)
const hasTlsTermination = allRoutes.some(route => {
const matchesPort = this.smartProxy.routeManager.getRoutesForPort(localPort).includes(route);
return matchesPort &&
route.action.type === 'forward' &&
route.action.tls &&
(route.action.tls.mode === 'terminate' ||
route.action.tls.mode === 'terminate-and-reencrypt');
});
const allowSessionTicket = hasTlsTermination;
// If no routes require TLS handling and it's not port 443, route immediately
if (!needsTlsHandling && localPort !== 443) {
// Extract underlying socket for socket-utils functions
@@ -345,7 +359,7 @@ export class RouteConnectionHandler {
record.lockedDomain = serverName;
// Check if we should reject connections without SNI
if (!serverName && this.smartProxy.settings.allowSessionTicket === false) {
if (!serverName && allowSessionTicket === false) {
logger.log('warn', `No SNI detected in TLS ClientHello for connection ${record.id}; sending TLS alert`, {
connectionId: record.id,
component: 'route-handler'