支持非tls加密连接

2025-11-02 00:02:33 +08:00 · 2022-01-05 10:35:20 +08:00
parent 61ed86ddaf
commit 415d92a75e
6 changed files with 34 additions and 12 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -83,4 +83,8 @@
 1. vnc支持\键
 2. 全面迁移到[https://github.com/lwch/rdesktop](https://github.com/lwch/rdesktop)，并去除robotgo库的依赖
 3. linux下统一到同一个可执行文件，并支持systemd方式启动
-4. 简化部署流程
+4. 简化部署流程
 # v0.8.0
 1. 支持非tls加密连接
--- a/code/client/global/conf.go
+++ b/code/client/global/conf.go
@@ -30,6 +30,7 @@ type Rule struct {
 type Configure struct {
 	ID               string
 	Server           string
 	UseSSL           bool
 	Enc              [md5.Size]byte
 	Links            int
 	LogDir           string
@@ -49,6 +50,7 @@ func LoadConf(dir string) *Configure {
 		ID     string `yaml:"id"`
 		Server string `yaml:"server"`
 		Secret string `yaml:"secret"`
 		SSL    bool   `yaml:"ssl"`
 		Link   struct {
 			Connections  int           `yaml:"connections"`
 			ReadTimeout  time.Duration `yaml:"read_timeout"`
@@ -92,6 +94,7 @@ func LoadConf(dir string) *Configure {
 	return &Configure{
 		ID:               cfg.ID,
 		Server:           cfg.Server,
 		UseSSL:           cfg.SSL,
 		Enc:              md5.Sum([]byte(cfg.Secret)),
 		Links:            cfg.Link.Connections,
 		ReadTimeout:      cfg.Link.ReadTimeout,
--- a/code/client/pool/pool.go
+++ b/code/client/pool/pool.go
@@ -4,6 +4,7 @@ import (
 	"crypto/tls"
 	"natpass/code/client/global"
 	"natpass/code/network"
 	"net"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -78,7 +79,13 @@ func (p *Pool) connect(idx uint32) *network.Conn {
 			logging.Error("connect error: %v", err)
 		}
 	}()
-	conn, err := tls.Dial("tcp", p.cfg.Server, nil)
+	var conn net.Conn
 	var err error
 	if p.cfg.UseSSL {
 		conn, err = tls.Dial("tcp", p.cfg.Server, nil)
 	} else {
 		conn, err = net.Dial("tcp", p.cfg.Server)
 	}
 	runtime.Assert(err)
 	c := network.NewConn(conn)
 	err = p.writeHandshake(c, p.cfg, idx)
--- a/code/server/main.go
+++ b/code/server/main.go
@@ -45,13 +45,20 @@ func (a *app) run() {
 	logging.SetSizeRotate(a.cfg.LogDir, "np-svr", int(a.cfg.LogSize.Bytes()), a.cfg.LogRotate, true)
 	defer logging.Flush()
-	cert, err := tls.LoadX509KeyPair(a.cfg.TLSCrt, a.cfg.TLSKey)
+	var l net.Listener
-	runtime.Assert(err)
+	if len(a.cfg.TLSCrt) > 0 && len(a.cfg.TLSKey) > 0 {
-	l, err := tls.Listen("tcp", fmt.Sprintf(":%d", a.cfg.Listen), &tls.Config{
+		cert, err := tls.LoadX509KeyPair(a.cfg.TLSCrt, a.cfg.TLSKey)
-		Certificates: []tls.Certificate{cert},
+		runtime.Assert(err)
-	})
+		l, err = tls.Listen("tcp", fmt.Sprintf(":%d", a.cfg.Listen), &tls.Config{
-	runtime.Assert(err)
+			Certificates: []tls.Certificate{cert},
-	logging.Info("listen on %d", a.cfg.Listen)
+		})
 		runtime.Assert(err)
 		logging.Info("listen on %d", a.cfg.Listen)
 	} else {
 		var err error
 		l, err = net.Listen("tcp", fmt.Sprintf(":%d", a.cfg.Listen))
 		runtime.Assert(err)
 	}
 	run(a.cfg, l)
 }
--- a/conf/client.yaml
+++ b/conf/client.yaml
@@ -1,5 +1,6 @@
 id: this               # 客户端ID
 server: 127.0.0.1:6154 # 服务器地址
 ssl: false             # 是否使用tls加密连接
 dashboard: # web面板
  enabled: true   # 是否开放dashboard
  listen: 0.0.0.0 # 监听地址
--- a/conf/server.yaml
+++ b/conf/server.yaml
@@ -1,5 +1,5 @@
 listen: 6154 # 监听端口号
 #include common.yaml
-tls:
+#tls:
-  key: /dir/to/tls/key/file # tls密钥
+#  key: /dir/to/tls/key/file # tls密钥
-  crt: /dir/to/tls/crt/file # tls证书
+#  crt: /dir/to/tls/crt/file # tls证书