Home Explore Help
Register Sign In
Apq
/
sing-box
mirror of https://github.com/SagerNet/sing-box.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 692ea1897c
Branches Tags
sing-box
/
common
/
ktls
/
ktls_alert.go

ktls_alert.go 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. // Copyright 2009 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. //go:build linux && go1.25 && !without_badtls
    6. 

  6. 

  7. package ktls
    8. 

  8. 

  9. import (
    10. 

  10. 	"crypto/tls"
    11. 

  11. 	"net"
    12. 

  12. )
    13. 

  13. 

  14. const (
    15. 

  15. 	// alert level
    16. 

  16. 	alertLevelWarning = 1
    17. 

  17. 	alertLevelError   = 2
    18. 

  18. )
    19. 

  19. 

  20. const (
    21. 

  21. 	alertCloseNotify                  = 0
    22. 

  22. 	alertUnexpectedMessage            = 10
    23. 

  23. 	alertBadRecordMAC                 = 20
    24. 

  24. 	alertDecryptionFailed             = 21
    25. 

  25. 	alertRecordOverflow               = 22
    26. 

  26. 	alertDecompressionFailure         = 30
    27. 

  27. 	alertHandshakeFailure             = 40
    28. 

  28. 	alertBadCertificate               = 42
    29. 

  29. 	alertUnsupportedCertificate       = 43
    30. 

  30. 	alertCertificateRevoked           = 44
    31. 

  31. 	alertCertificateExpired           = 45
    32. 

  32. 	alertCertificateUnknown           = 46
    33. 

  33. 	alertIllegalParameter             = 47
    34. 

  34. 	alertUnknownCA                    = 48
    35. 

  35. 	alertAccessDenied                 = 49
    36. 

  36. 	alertDecodeError                  = 50
    37. 

  37. 	alertDecryptError                 = 51
    38. 

  38. 	alertExportRestriction            = 60
    39. 

  39. 	alertProtocolVersion              = 70
    40. 

  40. 	alertInsufficientSecurity         = 71
    41. 

  41. 	alertInternalError                = 80
    42. 

  42. 	alertInappropriateFallback        = 86
    43. 

  43. 	alertUserCanceled                 = 90
    44. 

  44. 	alertNoRenegotiation              = 100
    45. 

  45. 	alertMissingExtension             = 109
    46. 

  46. 	alertUnsupportedExtension         = 110
    47. 

  47. 	alertCertificateUnobtainable      = 111
    48. 

  48. 	alertUnrecognizedName             = 112
    49. 

  49. 	alertBadCertificateStatusResponse = 113
    50. 

  50. 	alertBadCertificateHashValue      = 114
    51. 

  51. 	alertUnknownPSKIdentity           = 115
    52. 

  52. 	alertCertificateRequired          = 116
    53. 

  53. 	alertNoApplicationProtocol        = 120
    54. 

  54. 	alertECHRequired                  = 121
    55. 

  55. )
    56. 

  56. 

  57. func (c *Conn) sendAlertLocked(err uint8) error {
    58. 

  58. 	switch err {
    59. 

  59. 	case alertNoRenegotiation, alertCloseNotify:
    60. 

  60. 		c.rawConn.Tmp[0] = alertLevelWarning
    61. 

  61. 	default:
    62. 

  62. 		c.rawConn.Tmp[0] = alertLevelError
    63. 

  63. 	}
    64. 

  64. 	c.rawConn.Tmp[1] = byte(err)
    65. 

  65. 

  66. 	_, writeErr := c.writeRecordLocked(recordTypeAlert, c.rawConn.Tmp[0:2])
    67. 

  67. 	if err == alertCloseNotify {
    68. 

  68. 		// closeNotify is a special case in that it isn't an error.
    69. 

  69. 		return writeErr
    70. 

  70. 	}
    71. 

  71. 

  72. 	return c.rawConn.Out.SetErrorLocked(&net.OpError{Op: "local error", Err: tls.AlertError(err)})
    73. 

  73. }
    74. 

  74. 

  75. // sendAlert sends a TLS alert message.
    76. 

  76. func (c *Conn) sendAlert(err uint8) error {
    77. 

  77. 	c.rawConn.Out.Lock()
    78. 

  78. 	defer c.rawConn.Out.Unlock()
    79. 

  79. 	return c.sendAlertLocked(err)
    80. 

  80. }
    81.