Apq
/
Xray-core
огледало од https://github.com/XTLS/Xray-core.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
							syntax = "proto3";

package xray.transport.internet.tls;
option csharp_namespace = "Xray.Transport.Internet.Tls";
option go_package = "github.com/xtls/xray-core/transport/internet/tls";
option java_package = "com.xray.transport.internet.tls";
option java_multiple_files = true;

import "transport/internet/config.proto";

message Certificate {
  // TLS certificate in x509 format.
  bytes certificate = 1;

  // TLS key in x509 format.
  bytes key = 2;

  enum Usage {
    ENCIPHERMENT = 0;
    AUTHORITY_VERIFY = 1;
    AUTHORITY_ISSUE = 2;
  }

  Usage usage = 3;

  uint64 ocsp_stapling = 4;

  // TLS certificate path
  string certificate_path = 5;

  // TLS Key path
  string key_path = 6;

  // If true, one-Time Loading
  bool One_time_loading = 7;

  bool build_chain = 8;
}

message Config {
  // Whether or not to allow self-signed certificates.
  bool allow_insecure = 1;

  // List of certificates to be served on server.
  repeated Certificate certificate = 2;

  // Override server name.
  string server_name = 3;

  // Lists of string as ALPN values.
  repeated string next_protocol = 4;

  // Whether or not to enable session (ticket) resumption.
  bool enable_session_resumption = 5;

  // If true, root certificates on the system will not be loaded for
  // verification.
  bool disable_system_root = 6;

  // The minimum TLS version.
  string min_version = 7;

  // The maximum TLS version.
  string max_version = 8;

  // Specify cipher suites, except for TLS 1.3.
  string cipher_suites = 9;

  // TLS Client Hello fingerprint (uTLS).
  string fingerprint = 11;

  bool reject_unknown_sni = 12;
  
  /* @Document Some certificate chain sha256 hashes.
     @Document After normal validation or allow_insecure, if the server's cert chain hash does not match any of these values, the connection will be aborted.
     @Critical
  */
  repeated bytes pinned_peer_certificate_chain_sha256 = 13;

  /* @Document Some certificate public key sha256 hashes.
     @Document After normal validation (required), if one of certs in verified chain matches one of these values, the connection will be eventually accepted.
     @Critical
  */
  repeated bytes pinned_peer_certificate_public_key_sha256 = 14;

  string master_key_log = 15;

  // Lists of string as CurvePreferences values.
  repeated string curve_preferences = 16;

  /* @Document Replaces server_name to verify the peer cert.
     @Document After allow_insecure (automatically), if the server's cert can't be verified by any of these names, pinned_peer_certificate_chain_sha256 will be tried.
     @Critical
  */
  repeated string verify_peer_cert_in_names = 17;

  bytes ech_server_keys = 18;

  string ech_config_list = 19;

  string ech_force_query = 20;

  SocketConfig ech_socket_settings = 21;
}