changed the verification from ip to domain

2026-03-31 15:37:56 +08:00 · 2026-03-31 15:37:56 +08:00 · 240b60636f
commit 240b60636f
parent 4aa6406428
7 changed files with 33 additions and 5 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2173,6 +2173,7 @@ dependencies = [
 "rpassword",
 "rsa",
 "rustls",
+ "rustls-native-certs",
 "rustls-pemfile",
 "sdlan-sn-rs",
 "serde",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -42,6 +42,7 @@ hex = "0.4.3"
 ahash = "0.8.12"
 ipnet = "2.12.0"
 arc-swap = "1.9.0"
+rustls-native-certs = "0.8.3"
 # rolling-file = { path = "../rolling-file" }

 [target.'cfg(unix)'.dependencies]
--- a/src/bin/punchnet/main.rs
+++ b/src/bin/punchnet/main.rs
@ -157,7 +157,8 @@ async fn daemonize_me(
        mac,
        CommandLine {
            sn: server.clone()+":1365",
-            quic: server.clone()+":443",
+            quic: server.clone() + ":443",
+            quic_domain: hostname,
            nat_server1: server.clone() +":1365",
            // nat_server2: "47.98.178.3:1265".to_owned(),
            nat_server2: server.clone() +":1366",
--- a/src/network/async_main.rs
+++ b/src/network/async_main.rs
@ -40,6 +40,7 @@ pub async fn async_main(
    init_quic_conn(
        cancel_tcp,
        &args.quic,
+        &args.quic_domain,
        // |msg|  handle_tcp_message(msg),
        edge.tcp_pong.clone(),
        // tcp_pong,
--- a/src/quic/mod.rs
+++ b/src/quic/mod.rs
@ -25,10 +25,23 @@ pub fn quic_init() -> Endpoint {
    }
    */

+    let mut root_store = rustls::RootCertStore::empty();
+    rustls_native_certs::load_native_certs().expect("could not load platform certs").into_iter().for_each(|cert| {
+        root_store.add(cert).unwrap();
+    });
+
+    let mut rustls_config = rustls::ClientConfig::builder()
+        // .with_root_certificates(rustls::RootCertStore::empty())
+        // .with_root_certificates(root_store)
+        .with_root_certificates(root_store)
+        .with_no_client_auth();
+
+    /* 
    let mut rustls_config = rustls::ClientConfig::builder()
        .dangerous()
        .with_custom_certificate_verifier(Arc::new(SkipServerVerification{}))
        .with_no_client_auth();
+    */

    rustls_config.alpn_protocols = vec![b"punchnet/1.0".to_vec()];

--- a/src/tcp/quic.rs
+++ b/src/tcp/quic.rs
@ -39,6 +39,7 @@ impl ReadWriterHandle {
    fn new(
        cancel: CancellationToken,
        addr: &str,
+        domain: &str,
        // on_connected: OnConnectedCallback<'a>,
        // on_disconnected: T3,
        // on_message: T2,
@ -56,6 +57,7 @@ impl ReadWriterHandle {
        let actor = ReadWriteActor::new(
            cancel,
            addr,
+            domain,
            from_tcp,
            connected.clone(),
            pong_time,
@ -399,6 +401,7 @@ async fn handle_tcp_event(edge: &'static Node, eventtype: EventType, eventprotob
 pub fn init_quic_conn(
    cancel: CancellationToken,
    addr: &str,
+    domain: &str,
    // on_connected: OnConnectedCallback<'a>,
    // on_disconnected: T3,
    // on_message: T2,
@ -414,6 +417,7 @@ pub fn init_quic_conn(
    let tcp_handle = ReadWriterHandle::new(
        cancel,
        addr,
+        domain,
        // on_connected,
        // on_disconnected,
        // on_message,
@ -431,7 +435,11 @@ pub fn init_quic_conn(
 pub struct ReadWriteActor {
    // actor接收的发送给tcp的接收端，由handle存放发送端
    // to_tcp: Receiver<Vec<u8>>,
+    // remote is the ip version of the remote server
    remote: String,
+    // hostname is the domain name of the remote server
+    domain: String,
+
    connected: Arc<AtomicBool>,
    pong_time: Arc<AtomicU64>,
    // actor收到数据之后，发送给上层的发送端口,接收端由handle保存
@ -445,6 +453,7 @@ impl ReadWriteActor {
    pub fn new(
        cancel: CancellationToken,
        remote: &str,
+        domain: &str,
        from_tcp: Sender<SdlanTcp>,
        connected: Arc<AtomicBool>,
        pong_time: Arc<AtomicU64>,
@ -456,6 +465,7 @@ impl ReadWriteActor {
            _cancel: cancel,
            pong_time,
            connected,
+            domain: domain.to_owned(),
            remote: remote.to_owned(),
            from_tcp,
            connecting_chan,
@ -517,11 +527,9 @@ impl ReadWriteActor {
                let _ = connecting_chan.send(state).await;
            }

-            let host = self.remote.split(":").next().unwrap();
+            debug!("try connecting to {}", self.domain);

-            debug!("try connecting to {}, host = {}", self.remote, host);
-
-            let conn = match edge.quic_endpoint.connect(self.remote.parse().unwrap(), host) {
+            let conn = match edge.quic_endpoint.connect(self.remote.parse().unwrap(), &self.domain) {
                Ok(conn) => conn,
                Err(e) => {
                    error!("failed to connect: {}", e);
--- a/src/utils/command.rs
+++ b/src/utils/command.rs
@ -118,6 +118,8 @@ pub struct CommandLine {
    #[structopt(short = "t", long = "tcp", default_value = "127.0.0.1:7656")]
    pub quic: String,

+    pub quic_domain: String,
+
    /// in the format of "localhost:1234"
    #[structopt(long = "nat1")]
    pub nat_server1: String,
@ -172,6 +174,7 @@ impl Clone for CommandLine {
        Self {
            sn: self.sn.clone(),
            quic: self.quic.clone(),
+            quic_domain: self.quic_domain.clone(),
            allow_routing: self.allow_routing,
            _drop_multicast: self._drop_multicast,
            register_ttl: self.register_ttl,