TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-03 23:20:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

网站全局设置中增加“自动匹配证书”选项

Browse Source
This commit is contained in:
GoEdgeLab
2023-05-24 17:20:52 +08:00
parent 27b3b240d5
commit 7f563bb182
1 changed files with 34 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
internal/nodes/listener_base.go
View File

@@ -91,10 +91,15 @@ func (this *BaseListener) matchSSL(domain string) (*sslconfigs.SSLPolicy, *tls.C
return nil, nil, errors.New("no configure found") return nil, nil, errors.New("no configure found")
} }
var globalServerConfig *serverconfigs.GlobalServerConfig
if sharedNodeConfig != nil {
globalServerConfig = sharedNodeConfig.GlobalServerConfig
}
// 如果域名为空,则取第一个 // 如果域名为空,则取第一个
// 通常域名为空是因为是直接通过IP访问的 // 通常域名为空是因为是直接通过IP访问的
if len(domain) == 0 { if len(domain) == 0 {
if group.IsHTTPS() && sharedNodeConfig.GlobalServerConfig != nil && sharedNodeConfig.GlobalServerConfig.HTTPAll.MatchDomainStrictly { if group.IsHTTPS() && globalServerConfig != nil && globalServerConfig.HTTPAll.MatchDomainStrictly {
return nil, nil, errors.New("no tls server name matched") return nil, nil, errors.New("no tls server name matched")
} }
@@ -114,9 +119,37 @@ func (this *BaseListener) matchSSL(domain string) (*sslconfigs.SSLPolicy, *tls.C
// 通过代理服务域名配置匹配 // 通过代理服务域名配置匹配
server, _ := this.findNamedServer(domain) server, _ := this.findNamedServer(domain)
if server == nil { if server == nil {
// 找不到或者此时的服务没有配置证书需要搜索所有的Server通过SSL证书内容中的DNSName匹配
// 此功能仅为了兼容以往版本v1.0.4),不应该作为常态启用
if globalServerConfig != nil && globalServerConfig.HTTPAll.MatchCertFromAllServers {
for _, searchingServer := range group.Servers() {
if searchingServer.SSLPolicy() == nil || !searchingServer.SSLPolicy().IsOn {
continue
}
cert, ok := searchingServer.SSLPolicy().MatchDomain(domain)
if ok {
return searchingServer.SSLPolicy(), cert, nil
}
}
}
return nil, nil, errors.New("no server found for '" + domain + "'") return nil, nil, errors.New("no server found for '" + domain + "'")
} }
if server.SSLPolicy() == nil || !server.SSLPolicy().IsOn { if server.SSLPolicy() == nil || !server.SSLPolicy().IsOn {
// 找不到或者此时的服务没有配置证书需要搜索所有的Server通过SSL证书内容中的DNSName匹配
// 此功能仅为了兼容以往版本v1.0.4),不应该作为常态启用
if globalServerConfig != nil && globalServerConfig.HTTPAll.MatchCertFromAllServers {
for _, searchingServer := range group.Servers() {
if searchingServer.SSLPolicy() == nil || !searchingServer.SSLPolicy().IsOn {
continue
}
cert, ok := searchingServer.SSLPolicy().MatchDomain(domain)
if ok {
return searchingServer.SSLPolicy(), cert, nil
}
}
}
return nil, nil, errors.New("no cert found for '" + domain + "'") return nil, nil, errors.New("no cert found for '" + domain + "'")
} }