Raise link error when SNI supplied on unsupported link type

neilalexander · neilalexander · commit eef613993fda · 2024-10-27T21:06:56.000Z
Closes yggdrasil-network#1196
diff --git a/src/core/link.go b/src/core/link.go
@@ -126,6 +126,7 @@ const ErrLinkPinnedKeyInvalid = linkError("pinned public key is invalid")
 const ErrLinkPasswordInvalid = linkError("invalid password supplied")
 const ErrLinkUnrecognisedSchema = linkError("link schema unknown")
 const ErrLinkMaxBackoffInvalid = linkError("max backoff duration invalid")
+const ErrLinkSNINotSupported = linkError("SNI not supported on this link type")
 
 func (l *links) add(u *url.URL, sintf string, linkType linkType) error {
 	var retErr error
diff --git a/src/core/link_socks.go b/src/core/link_socks.go
@@ -23,6 +23,9 @@ func (l *links) newLinkSOCKS() *linkSOCKS {
 }
 
 func (l *linkSOCKS) dial(_ context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) {
+	if url.Scheme != "sockstls" && options.tlsSNI != "" {
+		return nil, ErrLinkSNINotSupported
+	}
 	var proxyAuth *proxy.Auth
 	if url.User != nil && url.User.Username() != "" {
 		proxyAuth = &proxy.Auth{
diff --git a/src/core/link_tcp.go b/src/core/link_tcp.go
@@ -67,6 +67,9 @@ func (l *linkTCP) dialersFor(url *url.URL, info linkInfo) ([]*tcpDialer, error)
 }
 
 func (l *linkTCP) dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) {
+	if options.tlsSNI != "" {
+		return nil, ErrLinkSNINotSupported
+	}
 	dialers, err := l.dialersFor(url, info)
 	if err != nil {
 		return nil, err
diff --git a/src/core/link_unix.go b/src/core/link_unix.go
@@ -31,6 +31,9 @@ func (l *links) newLinkUNIX() *linkUNIX {
 }
 
 func (l *linkUNIX) dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) {
+	if options.tlsSNI != "" {
+		return nil, ErrLinkSNINotSupported
+	}
 	addr, err := net.ResolveUnixAddr("unix", url.Path)
 	if err != nil {
 		return nil, err
diff --git a/src/core/link_ws.go b/src/core/link_ws.go
@@ -87,6 +87,9 @@ func (l *links) newLinkWS() *linkWS {
 }
 
 func (l *linkWS) dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) {
+	if options.tlsSNI != "" {
+		return nil, ErrLinkSNINotSupported
+	}
 	wsconn, _, err := websocket.Dial(ctx, url.String(), &websocket.DialOptions{
 		Subprotocols: []string{"ygg-ws"},
 	})
diff --git a/src/core/link_wss.go b/src/core/link_wss.go
@@ -27,6 +27,9 @@ func (l *links) newLinkWSS() *linkWSS {
 }
 
 func (l *linkWSS) dial(ctx context.Context, url *url.URL, info linkInfo, options linkOptions) (net.Conn, error) {
+	if options.tlsSNI != "" {
+		return nil, ErrLinkSNINotSupported
+	}
 	wsconn, _, err := websocket.Dial(ctx, url.String(), &websocket.DialOptions{
 		Subprotocols: []string{"ygg-ws"},
 	})

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,9 @@ func (l links) newLinkSOCKS() linkSOCKS {`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`func (l linkSOCKS) dial(_ context.Context, url url.URL, info linkInfo, options linkOptions) (net.Conn, error) {`
	`26`	`+ if url.Scheme != "sockstls" && options.tlsSNI != "" {`
	`27`	`+ return nil, ErrLinkSNINotSupported`
	`28`	`+ }`
`26`	`29`	`var proxyAuth *proxy.Auth`
`27`	`30`	`if url.User != nil && url.User.Username() != "" {`
`28`	`31`	`proxyAuth = &proxy.Auth{`
Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,9 @@ func (l linkTCP) dialersFor(url url.URL, info linkInfo) ([]*tcpDialer, error)`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`func (l linkTCP) dial(ctx context.Context, url url.URL, info linkInfo, options linkOptions) (net.Conn, error) {`
	`70`	`+ if options.tlsSNI != "" {`
	`71`	`+ return nil, ErrLinkSNINotSupported`
	`72`	`+ }`
`70`	`73`	`dialers, err := l.dialersFor(url, info)`
`71`	`74`	`if err != nil {`
`72`	`75`	`return nil, err`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,9 @@ func (l links) newLinkUNIX() linkUNIX {`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`func (l linkUNIX) dial(ctx context.Context, url url.URL, info linkInfo, options linkOptions) (net.Conn, error) {`
	`34`	`+ if options.tlsSNI != "" {`
	`35`	`+ return nil, ErrLinkSNINotSupported`
	`36`	`+ }`
`34`	`37`	`addr, err := net.ResolveUnixAddr("unix", url.Path)`
`35`	`38`	`if err != nil {`
`36`	`39`	`return nil, err`
Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,9 @@ func (l links) newLinkWS() linkWS {`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`func (l linkWS) dial(ctx context.Context, url url.URL, info linkInfo, options linkOptions) (net.Conn, error) {`
	`90`	`+ if options.tlsSNI != "" {`
	`91`	`+ return nil, ErrLinkSNINotSupported`
	`92`	`+ }`
`90`	`93`	`wsconn, _, err := websocket.Dial(ctx, url.String(), &websocket.DialOptions{`
`91`	`94`	`Subprotocols: []string{"ygg-ws"},`
`92`	`95`	`})`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,9 @@ func (l links) newLinkWSS() linkWSS {`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`func (l linkWSS) dial(ctx context.Context, url url.URL, info linkInfo, options linkOptions) (net.Conn, error) {`
	`30`	`+ if options.tlsSNI != "" {`
	`31`	`+ return nil, ErrLinkSNINotSupported`
	`32`	`+ }`
`30`	`33`	`wsconn, _, err := websocket.Dial(ctx, url.String(), &websocket.DialOptions{`
`31`	`34`	`Subprotocols: []string{"ygg-ws"},`
`32`	`35`	`})`