Compare commits
No commits in common. "4634c68ea6822c5b703d53f614e99ca6c532f08b" and "7797c799dd6d93ed187f0339e81897ad7d4dfc08" have entirely different histories.
4634c68ea6
...
7797c799dd
@ -1,12 +1,5 @@
|
|||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
## 2025-03-17 - 4.1.12 - fix(classes.pp.connectionhandler)
|
|
||||||
Replace unrecognized_name alert data with certificate_expired alert in TLS handshake handling for session resumption without SNI
|
|
||||||
|
|
||||||
- Switched the alert payload from serverNameUnknownAlertData to a new certificateExpiredAlert buffer
|
|
||||||
- Now sends a fatal certificate_expired alert (code 47) instead of a warning unrecognized_name alert
|
|
||||||
- Improves TLS error reporting and encourages immediate disconnection when a ClientHello lacks SNI and session tickets are disallowed
|
|
||||||
|
|
||||||
## 2025-03-17 - 4.1.11 - fix(connectionhandler)
|
## 2025-03-17 - 4.1.11 - fix(connectionhandler)
|
||||||
Increase delay before cleaning up connections when session resumption is blocked due to missing SNI, allowing more natural socket termination.
|
Increase delay before cleaning up connections when session resumption is blocked due to missing SNI, allowing more natural socket termination.
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "@push.rocks/smartproxy",
|
"name": "@push.rocks/smartproxy",
|
||||||
"version": "4.1.12",
|
"version": "4.1.11",
|
||||||
"private": false,
|
"private": false,
|
||||||
"description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.",
|
"description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.",
|
||||||
"main": "dist_ts/index.js",
|
"main": "dist_ts/index.js",
|
||||||
|
|||||||
@ -3,6 +3,6 @@
|
|||||||
*/
|
*/
|
||||||
export const commitinfo = {
|
export const commitinfo = {
|
||||||
name: '@push.rocks/smartproxy',
|
name: '@push.rocks/smartproxy',
|
||||||
version: '4.1.12',
|
version: '4.1.11',
|
||||||
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
|
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
|
||||||
}
|
}
|
||||||
|
|||||||
@ -605,20 +605,10 @@ export class ConnectionHandler {
|
|||||||
0x00, // close_notify alert (0)
|
0x00, // close_notify alert (0)
|
||||||
]);
|
]);
|
||||||
|
|
||||||
const certificateExpiredAlert = Buffer.from([
|
|
||||||
0x15, // Alert record type
|
|
||||||
0x03,
|
|
||||||
0x03, // TLS 1.2 version
|
|
||||||
0x00,
|
|
||||||
0x02, // Length
|
|
||||||
0x02, // Fatal alert level (2)
|
|
||||||
0x2F, // certificate_expired alert (47)
|
|
||||||
]);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// Use cork/uncork to ensure the alert is sent as a single packet
|
// Use cork/uncork to ensure the alert is sent as a single packet
|
||||||
socket.cork();
|
socket.cork();
|
||||||
const writeSuccessful = socket.write(certificateExpiredAlert);
|
const writeSuccessful = socket.write(serverNameUnknownAlertData);
|
||||||
socket.uncork();
|
socket.uncork();
|
||||||
|
|
||||||
// Function to handle the clean socket termination - but more gradually
|
// Function to handle the clean socket termination - but more gradually
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user