fix: fallback use addr hostname as SNI for TLS socks proxied connection#6218
Conversation
WalkthroughThe change modifies the Changes
Sequence Diagram(s)sequenceDiagram
participant Caller
participant ClientPool
participant TLSConfig
Caller->>ClientPool: DialTLSContext(addr, tlsConfig)
alt Using SOCKS proxy and tlsConfig.ServerName is empty
ClientPool->>ClientPool: Extract host from addr
alt Extraction fails
ClientPool-->>Caller: Return error
else Extraction succeeds
ClientPool->>TLSConfig: Set ServerName to host
end
end
ClientPool->>Caller: Establish TLS connection with updated tlsConfig
Assessment against linked issues
Poem
Tip ⚡️ Faster reviews with caching
Enjoy the performance boost—your workflow just got faster. 📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (1)
🔇 Additional comments (1)
✨ Finishing Touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
|
Hi @dogancanbakir, will it be possible to get this as hotfix or will need to wait for next month release? 🙇 |
|
Let's wait for review to be done, releasing is the easy part - no worries! |
tarunKoyalwar
left a comment
There was a problem hiding this comment.
lgtm !
the core issue seems to be originiating from fastdialer which is not using proxyDialer when dialing tls connections projectdiscovery/fastdialer#457
once we resolve that we can remove this DialTLSContext override block completely
|
thank you @circleous for identifying and fixing this issue. |
|
@circleous Preparing for the release at #6224 once reviewed I will make the release, fyi. |
Proposed changes
Should fixes #6211. Nuclei scan with -proxy set to a socks5 proxy server produce
tls: unrecognized name/tls: handshake failure. Not all hosts encounter this issue, but I found that most websites behind cloudflare have this tls issue.The fixes is simply fallback to use hostname from
addrstring asServerName(sni) for TLS Config.Before
After
Checklist
Summary by CodeRabbit