cert.go

Author: Anton-Dodonov

common/protocol/tls/cert/cert.go

@@ -185,7 +185,6 @@ func GenerateGOST2012_256(parent *Certificate, opts ...SM2Option) (*Certificate,
 	var (
 		commonName string
 		organization string
-		dnsNames []string
 		expireDays int = 365
 	)
 
@@ -200,9 +199,6 @@ func GenerateGOST2012_256(parent *Certificate, opts ...SM2Option) (*Certificate,
 		if len(tmp.Subject.Organization) > 0 {
 			organization = tmp.Subject.Organization[0]
 		}
-		if len(tmp.DNSNames) > 0 {
-			dnsNames = tmp.DNSNames
-		}
 		if !tmp.NotAfter.IsZero() {
 			days := int(tmp.NotAfter.Sub(time.Now()).Hours() / 24)
 			if days > 0 {
@@ -236,7 +232,6 @@ func GenerateGOST2012_512(parent *Certificate, opts ...SM2Option) (*Certificate,
 	var (
 		commonName string
 		organization string
-		dnsNames []string
 		expireDays int = 365
 	)
 
@@ -251,9 +246,6 @@ func GenerateGOST2012_512(parent *Certificate, opts ...SM2Option) (*Certificate,
 		if len(tmp.Subject.Organization) > 0 {
 			organization = tmp.Subject.Organization[0]
 		}
-		if len(tmp.DNSNames) > 0 {
-			dnsNames = tmp.DNSNames
-		}
 		if !tmp.NotAfter.IsZero() {
 			days := int(tmp.NotAfter.Sub(time.Now()).Hours() / 24)
 			if days > 0 {

samples/README.md

@@ -0,0 +1,28 @@
+# Примеры (samples)
+
+## Структура
+- `make_cert/` — скрипты генерации тестовых сертификатов (SM2, GOST, ECDSA)
+- `certs/` — сгенерированные сертификаты
+- `configs/server/` — серверные конфиги VMess/VLESS
+- `configs/client/` — клиентские конфиги
+- `run/server/` — запуск сервера с нужным конфигом
+- `run/client/` — запуск клиента
+- `scripts/` — проверка сертификатов
+
+## Использование
+```bash
+# Генерация всех сертификатов
+cd make_cert && ./make_all_certs.sh
+
+# Проверка всех сертификатов
+cd scripts && ./verify_all_certs.sh
+
+# Запуск сервера
+cd run/server && ./run_vmess_sm2.sh
+
+# Запуск клиента
+cd run/client && ./run_vless_client_sm2.sh
+```
+
+Конфиги пересоздавать не нужно, используйте как есть.
+Скрипты генерации сертификатов — только для теста. 

samples/configs/client/vless_client_sm2.json

@@ -0,0 +1,42 @@
+{
+  "log": {
+    "loglevel": "info"
+  },
+  "inbounds": [
+    {
+      "port": 1080,
+      "protocol": "socks",
+      "settings": {
+        "auth": "noauth",
+        "udp": true
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "protocol": "vless",
+      "settings": {
+        "vnext": [
+          {
+            "address": "127.0.0.1",
+            "port": 443,
+            "users": [
+              {
+                "id": "b831381d-6324-4d53-ad4f-8cda48b30811",
+                "encryption": "none"
+              }
+            ]
+          }
+        ]
+      },
+      "streamSettings": {
+        "network": "tcp",
+        "security": "tls",
+        "tlsSettings": {
+          "allowInsecure": true,
+          "serverName": "example.com"
+        }
+      }
+    }
+  ]
+} 

samples/configs/server/vless_sm2.json

@@ -0,0 +1,37 @@
+{
+  "log": {
+    "loglevel": "debug"
+  },
+  "inbounds": [
+    {
+      "port": 443,
+      "protocol": "vless",
+      "settings": {
+        "clients": [
+          {
+            "id": "b831381d-6324-4d53-ad4f-8cda48b30811"
+          }
+        ],
+        "decryption": "none"
+      },
+      "streamSettings": {
+        "network": "tcp",
+        "security": "tls",
+        "tlsSettings": {
+          "certificates": [
+            {
+              "certificateFile": "../certs/test_cert_sm2.crt",
+              "keyFile": "../certs/test_cert_sm2.key",
+              "certificateType": "sm2"
+            }
+          ]
+        }
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "protocol": "freedom"
+    }
+  ]
+}

samples/configs/server/vmess_gost2012_512.json

@@ -0,0 +1,37 @@
+{
+  "log": {
+    "loglevel": "debug"
+  },
+  "inbounds": [
+    {
+      "port": 443,
+      "protocol": "vmess",
+      "settings": {
+        "clients": [
+          {
+            "id": "b831381d-6324-4d53-ad4f-8cda48b30811",
+            "alterId": 0
+          }
+        ]
+      },
+      "streamSettings": {
+        "network": "tcp",
+        "security": "tls",
+        "tlsSettings": {
+          "certificates": [
+            {
+              "certificateFile": "../certs/test_cert_gost2012_512.crt",
+              "keyFile": "../certs/test_cert_gost2012_512.key",
+              "certificateType": "gost2012_512"
+            }
+          ]
+        }
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "protocol": "freedom"
+    }
+  ]
+}

samples/configs/server/vmess_sm2.json

@@ -0,0 +1,37 @@
+{
+  "log": {
+    "loglevel": "info"
+  },
+  "inbounds": [
+    {
+      "port": 443,
+      "protocol": "vmess",
+      "settings": {
+        "clients": [
+          {
+            "id": "b831381d-6324-4d53-ad4f-8cda48b30811",
+            "alterId": 0
+          }
+        ]
+      },
+      "streamSettings": {
+        "network": "tcp",
+        "security": "tls",
+        "tlsSettings": {
+          "certificates": [
+            {
+              "certificateFile": "../certs/test_cert_sm2.crt",
+              "keyFile": "../certs/test_cert_sm2.key",
+              "certificateType": "sm2"
+            }
+          ]
+        }
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "protocol": "freedom"
+    }
+  ]
+}

samples/make_cert/make_all_certs.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+set -e
+
+cd "$(dirname "$0")"
+
+./make_cert_sm2.sh
+./make_cert_gost2012_256.sh
+./make_cert_gost2012_512.sh
+./make_cert_ecdsa.sh
+
+echo "\nВсе сертификаты сгенерированы в папку ../certs/" 

samples/make_cert/make_cert_ecdsa.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Generate ECDSA certificate
+../../xray tls cert --algorithm=ecdsa --domain=example.com --name="Test Server ECDSA" --org="Test Organization" --file=../certs/test_cert_ecdsa 

samples/make_cert/make_cert_gost2012_256.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Generate GOST2012_256 certificate
+../../xray tls cert --algorithm=gost2012_256 --domain=example.com --name="Test Server GOST2012_256" --org="Test Organization" --file=../certs/test_cert_gost2012_256 

samples/make_cert/make_cert_gost2012_512.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Generate GOST2012_512 certificate
+../../xray tls cert --algorithm=gost2012_512 --domain=example.com --name="Test Server GOST2012_512" --org="Test Organization" --file=../certs/test_cert_gost2012_512
+
+
+