1 год назад · be951749d6
--- a/go.mod
+++ b/go.mod
@@ -41,7 +41,7 @@ require (
 
				 	github.com/Psiphon-Labs/goptlib v0.0.0-20200406165125-c0e32a7a3464
			
 
				 	github.com/Psiphon-Labs/psiphon-tls v0.0.0-20250219165059-533f95b512e9
			
 
				 	github.com/Psiphon-Labs/quic-go v0.0.0-20250303214000-94770c5d46a0
			
 
				-	github.com/Psiphon-Labs/utls v0.0.0-20250228222508-0e6c20273fcc
			
 
				+	github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1
			
 
				 	github.com/armon/go-proxyproto v0.0.0-20180202201750-5b7edb60ff5f
			
 
				 	github.com/bifurcation/mint v0.0.0-20180306135233-198357931e61
			
 
				 	github.com/bits-and-blooms/bloom/v3 v3.6.0
			
--- a/go.sum
+++ b/go.sum
@@ -26,8 +26,8 @@ github.com/Psiphon-Labs/psiphon-tls v0.0.0-20250219165059-533f95b512e9 h1:Pjzuvk
 
				 github.com/Psiphon-Labs/psiphon-tls v0.0.0-20250219165059-533f95b512e9/go.mod h1:7ZUnPnWT5z8J8hxfsVjKHYK77Zme/Y0If1b/zeziiJs=
			
 
				 github.com/Psiphon-Labs/quic-go v0.0.0-20250303214000-94770c5d46a0 h1:E1L02sxaIDWp7c7KOmU2iQHodg7On6sB//i2BMWs//w=
			
 
				 github.com/Psiphon-Labs/quic-go v0.0.0-20250303214000-94770c5d46a0/go.mod h1:rONdWgPMbFjyyBai7gB1IBF4pT9r4l0GyiDst5XR1SY=
			
 
				-github.com/Psiphon-Labs/utls v0.0.0-20250228222508-0e6c20273fcc h1:ojzcP5Hia0pAidJvnNAd2DaA/siX9vPDTPC9kvhDRFY=
			
 
				-github.com/Psiphon-Labs/utls v0.0.0-20250228222508-0e6c20273fcc/go.mod h1:1vv0gVAzq9e2XYkW8HAKrmtuuZrBdDixQFx5H22KAjI=
			
 
				+github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1 h1:4AoKcLPErKMbqVdhA2MmnEP8kC4/CLlADnIR4rULHfM=
			
 
				+github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1/go.mod h1:1vv0gVAzq9e2XYkW8HAKrmtuuZrBdDixQFx5H22KAjI=
			
 
				 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
			
 
				 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
			
 
				 github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=
			
--- a/vendor/github.com/Psiphon-Labs/utls/handshake_client_tls13.go
+++ b/vendor/github.com/Psiphon-Labs/utls/handshake_client_tls13.go
@@ -766,10 +766,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 
				 		return nil
			
 
				 	}
			
 
				 
			
 
				-	// [UTLS SECTION BEGIN]
			
 
				-	// msg, err := c.readHandshake(hs.transcript)
			
 
				-	msg, err := c.readHandshake(nil) // hold writing to transcript until we know it is not compressed cert
			
 
				-	// [UTLS SECTION END]
			
 
				+	msg, err := c.readHandshake(hs.transcript)
			
 
				 	if err != nil {
			
 
				 		return err
			
 
				 	}
			
@@ -777,24 +774,20 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 
				 	certReq, ok := msg.(*certificateRequestMsgTLS13)
			
 
				 	if ok {
			
 
				 		hs.certReq = certReq
			
 
				-		transcriptMsg(certReq, hs.transcript) // [UTLS] if it is certReq (not compressedCert), write to transcript
			
 
				 
			
 
				-		// msg, err = c.readHandshake(hs.transcript) // [UTLS]
			
 
				-		msg, err = c.readHandshake(nil) // [UTLS] we don't write to transcript until make sure it is not compressed cert
			
 
				+		msg, err = c.readHandshake(hs.transcript)
			
 
				 		if err != nil {
			
 
				 			return err
			
 
				 		}
			
 
				 	}
			
 
				 
			
 
				 	// [UTLS SECTION BEGINS]
			
 
				-	var skipWritingCertToTranscript bool = false
			
 
				 	if hs.uconn != nil {
			
 
				 		processedMsg, err := hs.utlsReadServerCertificate(msg)
			
 
				 		if err != nil {
			
 
				 			return err
			
 
				 		}
			
 
				 		if processedMsg != nil {
			
 
				-			skipWritingCertToTranscript = true
			
 
				 			msg = processedMsg // msg is now a processed-by-extension certificateMsg
			
 
				 		}
			
 
				 	}
			
@@ -810,14 +803,6 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
 
				 		return errors.New("tls: received empty certificates message")
			
 
				 	}
			
 
				 
			
 
				-	// [UTLS SECTION BEGINS]
			
 
				-	if !skipWritingCertToTranscript { // write to transcript only if it is not compressedCert (i.e. if not processed by extension)
			
 
				-		if err = transcriptMsg(certMsg, hs.transcript); err != nil {
			
 
				-			return err
			
 
				-		}
			
 
				-	}
			
 
				-	// [UTLS SECTION ENDS]
			
 
				-
			
 
				 	c.scts = certMsg.certificate.SignedCertificateTimestamps
			
 
				 	c.ocspResponse = certMsg.certificate.OCSPStaple
			
 
				 
			
--- a/vendor/github.com/Psiphon-Labs/utls/u_conn.go
+++ b/vendor/github.com/Psiphon-Labs/utls/u_conn.go
@@ -211,11 +211,10 @@ func (uconn *UConn) DidTls12Resume() bool {
 
				 //
			
 
				 // Deprecated: This method is deprecated in favor of SetSessionTicketExtension,
			
 
				 // as it only handles session override of TLS 1.2
			
 
				-func (uconn *UConn) SetSessionState(session *ClientSessionState) error {
			
 
				+func (uconn *UConn) SetSessionState(cs *ClientSessionState) error {
			
 
				 	sessionTicketExt := &SessionTicketExtension{Initialized: true}
			
 
				-	if session != nil {
			
 
				-		sessionTicketExt.Session.ticket = session.session.ticket
			
 
				-		sessionTicketExt.Session = session.session
			
 
				+	if cs != nil {
			
 
				+		sessionTicketExt.Session = cs.session
			
 
				 	}
			
 
				 	return uconn.SetSessionTicketExtension(sessionTicketExt)
			
 
				 }
			
--- a/vendor/github.com/Psiphon-Labs/utls/u_handshake_client.go
+++ b/vendor/github.com/Psiphon-Labs/utls/u_handshake_client.go
@@ -26,9 +26,6 @@ func (hs *clientHandshakeStateTLS13) utlsReadServerCertificate(msg any) (process
 
				 			if len(hs.uconn.certCompressionAlgs) > 0 {
			
 
				 				compressedCertMsg, ok := msg.(*utlsCompressedCertificateMsg)
			
 
				 				if ok {
			
 
				-					if err = transcriptMsg(compressedCertMsg, hs.transcript); err != nil {
			
 
				-						return nil, err
			
 
				-					}
			
 
				 					msg, err = hs.decompressCert(*compressedCertMsg)
			
 
				 					if err != nil {
			
 
				 						return nil, fmt.Errorf("tls: failed to decompress certificate message: %w", err)
			
--- a/vendor/github.com/Psiphon-Labs/utls/u_pre_shared_key.go
+++ b/vendor/github.com/Psiphon-Labs/utls/u_pre_shared_key.go
@@ -329,6 +329,21 @@ func (e *UtlsPreSharedKeyExtension) PatchBuiltHello(hello *PubClientHelloMsg) er
 
				 		return err
			
 
				 	}
			
 
				 	// derived end //
			
 
				+
			
 
				+	// copied from handshake_messages.go in 1.22
			
 
				+	lenWithoutBinders := len(helloBytes)
			
 
				+	b := cryptobyte.NewFixedBuilder(private.original[:lenWithoutBinders])
			
 
				+	b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
			
 
				+		for _, binder := range private.pskBinders {
			
 
				+			b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
			
 
				+				b.AddBytes(binder)
			
 
				+			})
			
 
				+		}
			
 
				+	})
			
 
				+	if out, err := b.Bytes(); err != nil || len(out) != len(private.original) {
			
 
				+		return errors.New("tls: internal error: failed to update binders")
			
 
				+	}
			
 
				+
			
 
				 	e.Binders = pskBinders
			
 
				 
			
 
				 	// no need to care about other PSK related fields, they will be handled separately
			
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -57,7 +57,7 @@ github.com/Psiphon-Labs/quic-go/internal/utils/ringbuffer
 
				 github.com/Psiphon-Labs/quic-go/internal/wire
			
 
				 github.com/Psiphon-Labs/quic-go/logging
			
 
				 github.com/Psiphon-Labs/quic-go/quicvarint
			
 
				-# github.com/Psiphon-Labs/utls v0.0.0-20250228222508-0e6c20273fcc
			
 
				+# github.com/Psiphon-Labs/utls v0.0.0-20250311210446-c1daf1ce55c1
			
 
				 ## explicit; go 1.23
			
 
				 github.com/Psiphon-Labs/utls
			
 
				 github.com/Psiphon-Labs/utls/byteorder