@@ -184,7 +184,7 @@ func (e *RealityClientConfig) ClientHandshake(ctx context.Context, conn net.Conn
184184 return nil , E .New ("reality verification failed" )
185185 }
186186
187- return & utlsConnWrapper {uConn }, nil
187+ return & realityClientConnWrapper {uConn }, nil
188188}
189189
190190func realityClientFallback (uConn net.Conn , serverName string , fingerprint utls.ClientHelloID ) {
@@ -249,3 +249,36 @@ func (c *realityVerifier) VerifyPeerCertificate(rawCerts [][]byte, verifiedChain
249249 }
250250 return nil
251251}
252+
253+ type realityClientConnWrapper struct {
254+ * utls.UConn
255+ }
256+
257+ func (c * realityClientConnWrapper ) ConnectionState () tls.ConnectionState {
258+ state := c .Conn .ConnectionState ()
259+ //nolint:staticcheck
260+ return tls.ConnectionState {
261+ Version : state .Version ,
262+ HandshakeComplete : state .HandshakeComplete ,
263+ DidResume : state .DidResume ,
264+ CipherSuite : state .CipherSuite ,
265+ NegotiatedProtocol : state .NegotiatedProtocol ,
266+ NegotiatedProtocolIsMutual : state .NegotiatedProtocolIsMutual ,
267+ ServerName : state .ServerName ,
268+ PeerCertificates : state .PeerCertificates ,
269+ VerifiedChains : state .VerifiedChains ,
270+ SignedCertificateTimestamps : state .SignedCertificateTimestamps ,
271+ OCSPResponse : state .OCSPResponse ,
272+ TLSUnique : state .TLSUnique ,
273+ }
274+ }
275+
276+ func (c * realityClientConnWrapper ) Upstream () any {
277+ return c .UConn
278+ }
279+
280+ // Due to low implementation quality, the reality server intercepted half close and caused memory leaks.
281+ // We fixed it by calling Close() directly.
282+ func (c * realityClientConnWrapper ) CloseWrite () error {
283+ return c .Close ()
284+ }
0 commit comments