Merge branch 'main' of https://github.com/Jigsaw-Code/outline-internal-sdk

Author: daniellacosse

x/configurl/tls.go

@@ -56,7 +56,7 @@ func parseOptions(configURL url.URL) ([]tls.ClientOption, error) {
 			if len(values) != 1 {
 				return nil, fmt.Errorf("certName option must has one value, found %v", len(values))
 			}
-			options = append(options, tls.WithCertificateName(values[0]))
+			options = append(options, tls.WithCertVerifier(&tls.StandardCertVerifier{CertificateName: values[0]}))
 		default:
 			return nil, fmt.Errorf("unsupported option %v", key)
 

x/configurl/tls_test.go

@@ -26,25 +26,27 @@ func TestTLS_SNI(t *testing.T) {
 	require.NoError(t, err)
 	options, err := parseOptions(config.URL)
 	require.NoError(t, err)
-	cfg := tls.ClientConfig{ServerName: "host", CertificateName: "host"}
+	certVerifier := &tls.StandardCertVerifier{CertificateName: "host"}
+	cfg := tls.ClientConfig{ServerName: "host", CertVerifier: certVerifier}
 	for _, option := range options {
 		option("host", &cfg)
 	}
 	require.Equal(t, "www.google.com", cfg.ServerName)
-	require.Equal(t, "host", cfg.CertificateName)
+	require.Equal(t, certVerifier, cfg.CertVerifier)
 }
 
 func TestTLS_NoSNI(t *testing.T) {
 	config, err := ParseConfig("tls:sni=")
 	require.NoError(t, err)
 	options, err := parseOptions(config.URL)
 	require.NoError(t, err)
-	cfg := tls.ClientConfig{ServerName: "host", CertificateName: "host"}
+	certVerifier := &tls.StandardCertVerifier{CertificateName: "host"}
+	cfg := tls.ClientConfig{ServerName: "host", CertVerifier: certVerifier}
 	for _, option := range options {
 		option("host", &cfg)
 	}
 	require.Equal(t, "", cfg.ServerName)
-	require.Equal(t, "host", cfg.CertificateName)
+	require.Equal(t, certVerifier, cfg.CertVerifier)
 }
 
 func TestTLS_MultipleSNI(t *testing.T) {
@@ -59,25 +61,25 @@ func TestTLS_CertName(t *testing.T) {
 	require.NoError(t, err)
 	options, err := parseOptions(config.URL)
 	require.NoError(t, err)
-	cfg := tls.ClientConfig{ServerName: "host", CertificateName: "host"}
+	cfg := tls.ClientConfig{ServerName: "host", CertVerifier: &tls.StandardCertVerifier{CertificateName: "host"}}
 	for _, option := range options {
 		option("host", &cfg)
 	}
 	require.Equal(t, "host", cfg.ServerName)
-	require.Equal(t, "www.google.com", cfg.CertificateName)
+	require.Equal(t, "www.google.com", cfg.CertVerifier.(*tls.StandardCertVerifier).CertificateName)
 }
 
 func TestTLS_Combined(t *testing.T) {
 	config, err := ParseConfig("tls:SNI=sni.example.com&CertName=certname.example.com")
 	require.NoError(t, err)
 	options, err := parseOptions(config.URL)
 	require.NoError(t, err)
-	cfg := tls.ClientConfig{ServerName: "host", CertificateName: "host"}
+	cfg := tls.ClientConfig{ServerName: "host", CertVerifier: &tls.StandardCertVerifier{CertificateName: "host"}}
 	for _, option := range options {
 		option("host", &cfg)
 	}
 	require.Equal(t, "sni.example.com", cfg.ServerName)
-	require.Equal(t, "certname.example.com", cfg.CertificateName)
+	require.Equal(t, "certname.example.com", cfg.CertVerifier.(*tls.StandardCertVerifier).CertificateName)
 }
 
 func TestTLS_UnsupportedOption(t *testing.T) {

x/examples/smart-proxy/config_broken.yaml

@@ -25,10 +25,15 @@ tls:
 fallback:
   # Nonexistent Outline Server
   - ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTprSzdEdHQ0MkJLOE9hRjBKYjdpWGFK@1.2.3.4:9999/?outline=1
-  # Nonexistant Psiphon Config JSON. Not yet supported
+  # Nonexistant Psiphon Config JSON
   - psiphon: {
-      "PropagationChannelId":"FFFFFFFFFFFFFFFF",
-      "SponsorId":"FFFFFFFFFFFFFFFF",
+      "PropagationChannelId":"ID1",
+      "SponsorId":"ID2",
+      "DisableLocalSocksProxy" : true,
+      "DisableLocalHTTPProxy" : true,
+      "EstablishTunnelTimeoutSeconds": 1,
+      # URL points to google.com
+      "RemoteServerListURLs" : [{"URL": "aHR0cHM6Ly9nb29nbGUuY29t", "OnlyAfterAttempts": 0, "SkipVerify": false}],
     }
   # Nonexistant local socks5 proxy
   - socks5://192.168.1.10:1080

x/examples/smart-proxy/main.go

@@ -119,7 +119,10 @@ func main() {
 
 	fmt.Println("Finding strategy")
 	startTime := time.Now()
-	dialer, err := finder.NewDialer(context.Background(), domainsFlag, finderConfig)
+	findCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
+	defer cancel()
+
+	dialer, err := finder.NewDialer(findCtx, domainsFlag, finderConfig)
 	if err != nil {
 		log.Fatalf("Failed to find dialer: %v", err)
 	}

x/go.mod

@@ -3,13 +3,13 @@ module github.com/Jigsaw-Code/outline-sdk/x
 go 1.23.0
 
 require (
-	github.com/Jigsaw-Code/outline-sdk v0.0.19
+	github.com/Jigsaw-Code/outline-sdk v0.0.20
 	// Use github.com/Psiphon-Labs/psiphon-tunnel-core@staging-client as per
 	// https://github.com/Psiphon-Labs/psiphon-tunnel-core/?tab=readme-ov-file#using-psiphon-with-go-modules
 	github.com/Psiphon-Labs/psiphon-tunnel-core v1.0.11-0.20250319154633-ceb78316d06e
-	github.com/goccy/go-yaml v1.16.0
+	github.com/goccy/go-yaml v1.17.1
 	github.com/gorilla/websocket v1.5.3
-	github.com/lmittmann/tint v1.0.5
+	github.com/lmittmann/tint v1.0.7
 	github.com/quic-go/quic-go v0.48.1
 	github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
 	github.com/stretchr/testify v1.9.0

x/go.sum

@@ -8,8 +8,8 @@ github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIo
 github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8=
 github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/Jigsaw-Code/outline-sdk v0.0.19 h1:/OpMz+3B/9ypjq/UyEvwZSflzJ4jXFginUOZeN0UssM=
-github.com/Jigsaw-Code/outline-sdk v0.0.19/go.mod h1:CFDKyGZA4zatKE4vMLe8TyQpZCyINOeRFbMAmYHxodw=
+github.com/Jigsaw-Code/outline-sdk v0.0.20 h1:4ep7MK9lFmcyPIRIbn4xrP1VKdJNsqR6+iJEOHDKnNg=
+github.com/Jigsaw-Code/outline-sdk v0.0.20/go.mod h1:CFDKyGZA4zatKE4vMLe8TyQpZCyINOeRFbMAmYHxodw=
 github.com/Jigsaw-Code/outline-ss-server v1.8.0 h1:6h7CZsyl1vQLz3nvxmL9FbhDug4QxJ1YTxm534eye1E=
 github.com/Jigsaw-Code/outline-ss-server v1.8.0/go.mod h1:slnHH3OZsQmZx/DRKhxvvaGE/8+n3Lkd6363h1ev71E=
 github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE=
@@ -100,8 +100,8 @@ github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEe
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/gobwas/glob v0.2.4-0.20180402141543-f00a7392b439 h1:T6zlOdzrYuHf6HUKujm9bzkzbZ5Iv/xf6rs8BHZDpoI=
 github.com/gobwas/glob v0.2.4-0.20180402141543-f00a7392b439/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/goccy/go-yaml v1.16.0 h1:d7m1G7A0t+logajVtklHfDYJs2Et9g3gHwdBNNFou0w=
-github.com/goccy/go-yaml v1.16.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/goccy/go-yaml v1.17.1 h1:LI34wktB2xEE3ONG/2Ar54+/HJVBriAGJ55PHls4YuY=
+github.com/goccy/go-yaml v1.17.1/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
@@ -141,8 +141,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/libp2p/go-reuseport v0.4.0 h1:nR5KU7hD0WxXCJbmw7r2rhRYruNRl2koHw8fQscQm2s=
 github.com/libp2p/go-reuseport v0.4.0/go.mod h1:ZtI03j/wO5hZVDFo2jKywN6bYKWLOy8Se6DrI2E1cLU=
-github.com/lmittmann/tint v1.0.5 h1:NQclAutOfYsqs2F1Lenue6OoWCajs5wJcP3DfWVpePw=
-github.com/lmittmann/tint v1.0.5/go.mod h1:HIS3gSy7qNwGCj+5oRjAutErFBl4BzdQP6cJZ0NfMwE=
+github.com/lmittmann/tint v1.0.7 h1:D/0OqWZ0YOGZ6AyC+5Y2kD8PBEzBk6rFHVSfOqCkF9Y=
+github.com/lmittmann/tint v1.0.7/go.mod h1:HIS3gSy7qNwGCj+5oRjAutErFBl4BzdQP6cJZ0NfMwE=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/marusama/semaphore v0.0.0-20171214154724-565ffd8e868a h1:6SRny9FLB1eWasPyDUqBQnMi9NhXU01XIlB0ao89YoI=

x/mobileproxy/README.md

@@ -34,6 +34,14 @@ From the `x/` directory:
 go build -o "$(pwd)/out/" golang.org/x/mobile/cmd/gomobile golang.org/x/mobile/cmd/gobind
 ```
 
+> [!WARNING]
+> The Psiphon library is not included in the build by default because the Psiphon codebase uses GPL. To support Psiphon configuration in the Mobile Proxy please build using the [`psiphon` build tag](https://pkg.go.dev/github.com/Jigsaw-Code/outline-sdk/x/psiphon).
+> When integrating Psiphon into your application please work with the Psiphon team at [email protected]
+
+```bash
+go build -tags psiphon -o "$(pwd)/out/" golang.org/x/mobile/cmd/gomobile golang.org/x/mobile/cmd/gobind
+```
+
 Then build the iOS and Android libraries with [`gomobile bind`](https://pkg.go.dev/golang.org/x/mobile/cmd/gomobile#hdr-Build_a_library_for_Android_and_iOS)
 
 ```bash

x/psiphon/doc.go

@@ -26,8 +26,7 @@ For testing, you can [generate a Psiphon config yourself].
 Psiphon code is licensed as GPLv3, which you will have to take into account if you incorporate Psiphon logic into your app.
 If you don't want your app to be GPL, consider acquiring an appropriate license when acquiring their services.
 
-Note that a few of Psiphon's dependencies may impose additional restrictions. For example, github.com/hashicorp/golang-lru is MPL-2.0
-and github.com/juju/ratelimit is LGPL-3.0. You can use [go-licenses] to analyze the licenses of your Go code dependencies.
+Note that a few of Psiphon's dependencies may impose additional restrictions. You can use [go-licenses] to analyze the licenses of your Go code dependencies.
 
 To prevent accidental inclusion of unvetted licenses, you must use the "psiphon" build tag in order to use this package. Typically you do that with
 "-tags psiphon".

x/psiphon/psiphon.go

@@ -101,7 +101,7 @@ func getClientPlatform() string {
 // Allows for overriding in tests.
 var startTunnel func(ctx context.Context, config *DialerConfig) (psiphonTunnel, error) = psiphonStartTunnel
 
-func psiphonStartTunnel(ctx context.Context, config *DialerConfig) (psiphonTunnel, error) {
+func psiphonStartTunnel(tunnelCtx context.Context, config *DialerConfig) (psiphonTunnel, error) {
 	if config == nil {
 		return nil, errors.New("config must not be nil")
 	}
@@ -117,11 +117,11 @@ func psiphonStartTunnel(ctx context.Context, config *DialerConfig) (psiphonTunne
 		DisableLocalHTTPProxy:  &trueValue,
 	}
 
-	return clientlib.StartTunnel(ctx, config.ProviderConfig, "", params, nil, nil)
+	return clientlib.StartTunnel(tunnelCtx, config.ProviderConfig, "", params, nil, nil)
 }
 
 // Start configures and runs the Dialer. It must be called before you can use the Dialer. It returns when the tunnel is ready.
-func (d *Dialer) Start(ctx context.Context, config *DialerConfig) error {
+func (d *Dialer) Start(startCtx context.Context, config *DialerConfig) error {
 	resultCh := make(chan error)
 	go func() {
 		d.mu.Lock()
@@ -132,13 +132,23 @@ func (d *Dialer) Start(ctx context.Context, config *DialerConfig) error {
 			return
 		}
 
-		ctx, cancel := context.WithCancel(ctx)
-		defer cancel()
+		// startCtx is intended for the lifetime of the startup.
+		// dialerCtx is intended for the lifetime of the tunnel.
+		dialerCtx, dialerCancel := context.WithCancel(context.Background())
+		defer dialerCancel()
+
+		// This ties startCtx and dialerCtx together
+		// so dialerCtx will be cancelled if startCtx is cancelled.
+		// We run detatchContexts after startTunnel to disconnect them.
+		detatchContexts := context.AfterFunc(startCtx, func() {
+			dialerCancel()
+		})
+
 		tunnelDone := make(chan struct{})
 		defer close(tunnelDone)
 		d.stop = func() {
 			// Tell start to stop.
-			cancel()
+			dialerCancel()
 			// Wait for tunnel to be done.
 			<-tunnelDone
 		}
@@ -148,13 +158,13 @@ func (d *Dialer) Start(ctx context.Context, config *DialerConfig) error {
 		}()
 
 		d.mu.Unlock()
-
-		tunnel, err := startTunnel(ctx, config)
+		tunnel, err := startTunnel(dialerCtx, config)
 
 		d.mu.Lock()
+		detatchContexts()
 
-		if ctx.Err() != nil {
-			err = context.Cause(ctx)
+		if dialerCtx.Err() != nil {
+			err = context.Cause(dialerCtx)
 		}
 		if err != nil {
 			resultCh <- err
@@ -169,7 +179,7 @@ func (d *Dialer) Start(ctx context.Context, config *DialerConfig) error {
 
 		d.mu.Unlock()
 		// wait for Stop
-		<-ctx.Done()
+		<-dialerCtx.Done()
 		d.mu.Lock()
 	}()
 	return <-resultCh

x/psiphon/psiphon_test.go

@@ -139,7 +139,7 @@ func TestDialer_Start_Timeout(t *testing.T) {
 		errCh <- GetSingletonDialer().Start(ctx, cfg)
 	}()
 	err := <-errCh
-	require.ErrorIs(t, err, context.DeadlineExceeded)
+	require.ErrorIs(t, err, context.Canceled)
 }
 
 type errorTunnel struct {