Fix #130 with Cloudflare's SNI

Fix #130 with Cloudflare's SNI Pull Request resolved: #158
yandex · Jan 13, 2023 · 0fefad9 · 0fefad9
1 parent 75f5b33
commit 0fefad9
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 7 deletions.
diff --git a/Makefile b/Makefile
@@ -36,7 +36,7 @@ fmt:
 
 tools:
 	@echo "$(OK_COLOR)Install tools$(NO_COLOR)"
-	go install golang.org/x/tools/cmd/goimports
+	go install golang.org/x/tools/cmd/goimports@latest
 	go get golang.org/x/tools/cmd/cover
 	go get github.com/modocache/gover
 	go get github.com/mattn/goveralls

diff --git a/components/phttp/client.go b/components/phttp/client.go
@@ -98,7 +98,7 @@ func DefaultTransportConfig() TransportConfig {
 	}
 }
 
-func NewTransport(conf TransportConfig, dial netutil.DialerFunc) *http.Transport {
+func NewTransport(conf TransportConfig, dial netutil.DialerFunc, target string) *http.Transport {
 	tr := &http.Transport{
 		TLSHandshakeTimeout:   conf.TLSHandshakeTimeout,
 		DisableKeepAlives:     conf.DisableKeepAlives,
@@ -109,16 +109,21 @@ func NewTransport(conf TransportConfig, dial netutil.DialerFunc) *http.Transport
 		ResponseHeaderTimeout: conf.ResponseHeaderTimeout,
 		ExpectContinueTimeout: conf.ExpectContinueTimeout,
 	}
+	host, _, err := net.SplitHostPort(target)
+	if err != nil {
+		zap.L().Panic("HTTP transport configure fail", zap.Error(err))
+	}
 	tr.TLSClientConfig = &tls.Config{
 		InsecureSkipVerify: true,                 // We should not spend time for this stuff.
 		NextProtos:         []string{"http/1.1"}, // Disable HTTP/2. Use HTTP/2 transport explicitly, if needed.
+		ServerName:         host,
 	}
 	tr.DialContext = dial
 	return tr
 }
 
-func NewHTTP2Transport(conf TransportConfig, dial netutil.DialerFunc) *http.Transport {
-	tr := NewTransport(conf, dial)
+func NewHTTP2Transport(conf TransportConfig, dial netutil.DialerFunc, target string) *http.Transport {
+	tr := NewTransport(conf, dial, target)
 	err := http2.ConfigureTransport(tr)
 	if err != nil {
 		zap.L().Panic("HTTP/2 transport configure fail", zap.Error(err))

diff --git a/components/phttp/connect.go b/components/phttp/connect.go
@@ -77,7 +77,7 @@ func newConnectClient(conf ConnectGunConfig) Client {
 			conf.Target,
 			conf.ConnectSSL,
 			NewDialer(conf.Client.Dialer),
-		))
+		), conf.Target)
 	return newClient(transport, conf.Client.Redirect)
 }
 

diff --git a/components/phttp/http.go b/components/phttp/http.go
@@ -29,7 +29,7 @@ type HTTP2GunConfig struct {
 }
 
 func NewHTTPGun(conf HTTPGunConfig, answLog *zap.Logger, targetResolved string) *HTTPGun {
-	transport := NewTransport(conf.Client.Transport, NewDialer(conf.Client.Dialer).DialContext)
+	transport := NewTransport(conf.Client.Transport, NewDialer(conf.Client.Dialer).DialContext, conf.Gun.Target)
 	client := newClient(transport, conf.Client.Redirect)
 	return NewClientGun(client, conf.Gun, answLog, targetResolved)
 }
@@ -40,7 +40,7 @@ func NewHTTP2Gun(conf HTTP2GunConfig, answLog *zap.Logger, targetResolved string
 		// Open issue on github if you really need this feature.
 		return nil, errors.New("HTTP/2.0 over TCP is not supported. Please leave SSL option true by default.")
 	}
-	transport := NewHTTP2Transport(conf.Client.Transport, NewDialer(conf.Client.Dialer).DialContext)
+	transport := NewHTTP2Transport(conf.Client.Transport, NewDialer(conf.Client.Dialer).DialContext, conf.Gun.Target)
 	client := newClient(transport, conf.Client.Redirect)
 	// Will panic and cancel shooting whet target doesn't support HTTP/2.
 	client = &panicOnHTTP1Client{client}