Added SNI option for TLS connections

Disabled by default, add `"sni": true,` to pool config to enable it.
This commit is contained in:
SChernykh 2023-09-29 08:33:01 +02:00
parent e855723cd9
commit 0a3313cb76
5 changed files with 13 additions and 3 deletions

View file

@ -589,7 +589,7 @@ void xmrig::Client::handshake()
if (isTLS()) { if (isTLS()) {
m_expire = Chrono::steadyMSecs() + kResponseTimeout; m_expire = Chrono::steadyMSecs() + kResponseTimeout;
m_tls->handshake(); m_tls->handshake(m_pool.isSNI() ? m_pool.host().data() : nullptr);
} }
else else
# endif # endif

View file

@ -77,6 +77,7 @@ const char *Pool::kSelfSelect = "self-select";
const char *Pool::kSOCKS5 = "socks5"; const char *Pool::kSOCKS5 = "socks5";
const char *Pool::kSubmitToOrigin = "submit-to-origin"; const char *Pool::kSubmitToOrigin = "submit-to-origin";
const char *Pool::kTls = "tls"; const char *Pool::kTls = "tls";
const char *Pool::kSni = "sni";
const char *Pool::kUrl = "url"; const char *Pool::kUrl = "url";
const char *Pool::kUser = "user"; const char *Pool::kUser = "user";
const char *Pool::kSpendSecretKey = "spend-secret-key"; const char *Pool::kSpendSecretKey = "spend-secret-key";
@ -137,6 +138,7 @@ xmrig::Pool::Pool(const rapidjson::Value &object) :
m_flags.set(FLAG_ENABLED, Json::getBool(object, kEnabled, true)); m_flags.set(FLAG_ENABLED, Json::getBool(object, kEnabled, true));
m_flags.set(FLAG_NICEHASH, Json::getBool(object, kNicehash) || m_url.host().contains(kNicehashHost)); m_flags.set(FLAG_NICEHASH, Json::getBool(object, kNicehash) || m_url.host().contains(kNicehashHost));
m_flags.set(FLAG_TLS, Json::getBool(object, kTls) || m_url.isTLS()); m_flags.set(FLAG_TLS, Json::getBool(object, kTls) || m_url.isTLS());
m_flags.set(FLAG_SNI, Json::getBool(object, kSni));
setKeepAlive(Json::getValue(object, kKeepalive)); setKeepAlive(Json::getValue(object, kKeepalive));
@ -299,6 +301,7 @@ rapidjson::Value xmrig::Pool::toJSON(rapidjson::Document &doc) const
obj.AddMember(StringRef(kEnabled), m_flags.test(FLAG_ENABLED), allocator); obj.AddMember(StringRef(kEnabled), m_flags.test(FLAG_ENABLED), allocator);
obj.AddMember(StringRef(kTls), isTLS(), allocator); obj.AddMember(StringRef(kTls), isTLS(), allocator);
obj.AddMember(StringRef(kSni), isSNI(), allocator);
obj.AddMember(StringRef(kFingerprint), m_fingerprint.toJSON(), allocator); obj.AddMember(StringRef(kFingerprint), m_fingerprint.toJSON(), allocator);
obj.AddMember(StringRef(kDaemon), m_mode == MODE_DAEMON, allocator); obj.AddMember(StringRef(kDaemon), m_mode == MODE_DAEMON, allocator);
obj.AddMember(StringRef(kSOCKS5), m_proxy.toJSON(doc), allocator); obj.AddMember(StringRef(kSOCKS5), m_proxy.toJSON(doc), allocator);

View file

@ -70,6 +70,7 @@ public:
static const char *kSOCKS5; static const char *kSOCKS5;
static const char *kSubmitToOrigin; static const char *kSubmitToOrigin;
static const char *kTls; static const char *kTls;
static const char* kSni;
static const char *kUrl; static const char *kUrl;
static const char *kUser; static const char *kUser;
static const char* kSpendSecretKey; static const char* kSpendSecretKey;
@ -95,6 +96,7 @@ public:
inline bool isNicehash() const { return m_flags.test(FLAG_NICEHASH); } inline bool isNicehash() const { return m_flags.test(FLAG_NICEHASH); }
inline bool isTLS() const { return m_flags.test(FLAG_TLS) || m_url.isTLS(); } inline bool isTLS() const { return m_flags.test(FLAG_TLS) || m_url.isTLS(); }
inline bool isSNI() const { return m_flags.test(FLAG_SNI); }
inline bool isValid() const { return m_url.isValid(); } inline bool isValid() const { return m_url.isValid(); }
inline const Algorithm &algorithm() const { return m_algorithm; } inline const Algorithm &algorithm() const { return m_algorithm; }
inline const Coin &coin() const { return m_coin; } inline const Coin &coin() const { return m_coin; }
@ -138,6 +140,7 @@ private:
FLAG_ENABLED, FLAG_ENABLED,
FLAG_NICEHASH, FLAG_NICEHASH,
FLAG_TLS, FLAG_TLS,
FLAG_SNI,
FLAG_MAX FLAG_MAX
}; };

View file

@ -60,7 +60,7 @@ xmrig::Client::Tls::~Tls()
} }
bool xmrig::Client::Tls::handshake() bool xmrig::Client::Tls::handshake(const char* servername)
{ {
m_ssl = SSL_new(m_ctx); m_ssl = SSL_new(m_ctx);
assert(m_ssl != nullptr); assert(m_ssl != nullptr);
@ -69,6 +69,10 @@ bool xmrig::Client::Tls::handshake()
return false; return false;
} }
if (servername) {
SSL_set_tlsext_host_name(m_ssl, servername);
}
SSL_set_connect_state(m_ssl); SSL_set_connect_state(m_ssl);
SSL_set_bio(m_ssl, m_read, m_write); SSL_set_bio(m_ssl, m_read, m_write);
SSL_do_handshake(m_ssl); SSL_do_handshake(m_ssl);

View file

@ -42,7 +42,7 @@ public:
Tls(Client *client); Tls(Client *client);
~Tls(); ~Tls();
bool handshake(); bool handshake(const char* servername);
bool send(const char *data, size_t size); bool send(const char *data, size_t size);
const char *fingerprint() const; const char *fingerprint() const;
const char *version() const; const char *version() const;