From 41e815e18bda5c83f5ce8b524bc77603d84f9146 Mon Sep 17 00:00:00 2001 From: Sergei Maklagin Date: Fri, 29 May 2026 01:31:57 +0300 Subject: [PATCH] Update sing-box core, refactor MASQUE, update XHTTP --- .github/CRONET_GO_VERSION | 2 +- .github/workflows/lint.yml | 43 +- .golangci.yml | 28 +- Makefile | 27 +- cmd/internal/protogen/main.go | 4 +- cmd/internal/update_android_version/main.go | 2 +- cmd/internal/update_certificates/main.go | 20 +- cmd/sing-box/cmd_geoip_export.go | 7 +- cmd/sing-box/cmd_geosite_export.go | 7 +- cmd/sing-box/cmd_tools_fetch_http3.go | 2 + common/badversion/version.go | 4 +- common/certificate/chrome.go | 219 +++++----- common/certificate/mozilla.go | 351 ++++++++------- common/certificate/store.go | 46 +- common/convertor/adguard/convertor.go | 18 +- common/dialer/default_parallel_interface.go | 18 +- common/geosite/compat_test.go | 7 +- common/geosite/reader.go | 9 +- common/ja3/parser.go | 6 +- common/ktls/ktls_handshake_messages.go | 54 +-- common/ktls/ktls_write.go | 73 ---- common/process/searcher_darwin_shared.go | 2 +- common/process/searcher_linux_shared.go | 3 +- common/settings/proxy_darwin.go | 2 +- common/settings/wifi_linux_connman.go | 4 +- common/settings/wifi_linux_wpa.go | 13 +- common/settings/wifi_stub.go | 1 + common/sniff/internal/qtls/qtls.go | 5 +- common/sniff/quic_blacklist.go | 15 +- common/sniff/quic_capture_test.go | 4 +- common/srs/binary.go | 4 +- common/srs/compat_test.go | 2 +- common/tls/reality_client.go | 4 +- common/tls/std_server.go | 10 +- common/xray/utils/browser.go | 78 +++- daemon/started_service.go | 5 +- daemon/started_service.pb.go | 77 ++-- daemon/started_service_grpc.pb.go | 21 + dns/client.go | 27 +- dns/transport/conn_pool.go | 411 +++++++----------- dns/transport/dhcp/dhcp.go | 2 +- dns/transport/dhcp/dhcp_shared.go | 2 +- dns/transport/local/local_resolved_stub.go | 1 + dns/transport/local/local_shared.go | 2 +- dns/transport/local/resolv.go | 1 + dns/transport/local/resolv_default.go | 1 + dns/transport/quic/quic.go | 2 +- dns/transport/tcp.go | 18 + dns/transport/tls.go | 22 +- dns/transport/udp.go | 2 + docs/changelog.md | 5 + experimental/cachefile/cache.go | 2 +- experimental/clashapi/server.go | 2 +- experimental/libbox/command_client.go | 2 +- experimental/libbox/command_server.go | 2 +- experimental/libbox/command_types.go | 10 - experimental/libbox/log.go | 5 +- experimental/libbox/monitor.go | 1 - experimental/libbox/platform.go | 39 +- experimental/libbox/tun_darwin.go | 2 +- experimental/v2rayapi/stats.pb.go | 27 +- experimental/v2rayapi/stats_grpc.pb.go | 3 + go.mod | 68 +-- go.sum | 132 +++--- log/id.go | 6 - option/types.go | 1 - protocol/direct/loopback_detect.go | 186 -------- protocol/direct/outbound.go | 23 - protocol/dns/handle.go | 4 +- protocol/group/urltest.go | 28 +- protocol/naive/inbound.go | 2 +- protocol/naive/inbound_conn.go | 2 +- protocol/tailscale/endpoint.go | 15 + protocol/tailscale/tun_device_unix.go | 5 +- protocol/wireguard/endpoint.go | 26 +- route/conn.go | 58 +-- route/process_cache.go | 7 +- route/route.go | 4 +- route/rule/match_state.go | 16 +- route/rule/rule_abstract_test.go | 1 - route/rule/rule_item_cidr.go | 8 +- route/rule/rule_item_domain.go | 13 +- route/rule/rule_set_semantics_test.go | 3 - service/ccm/credential_other.go | 2 +- service/ccm/service.go | 10 +- service/ocm/service.go | 4 +- service/ocm/service_usage.go | 5 +- service/oomkiller/service.go | 3 +- service/oomkiller/service_stub.go | 2 +- service/oomkiller/service_timer.go | 27 +- service/resolved/resolve1.go | 7 +- service/resolved/transport.go | 2 +- transport/masque/buffer.go | 34 -- transport/masque/device_stack.go | 2 + transport/masque/device_stack_stub.go | 13 + transport/masque/masque.go | 30 +- transport/masque/tunnel.go | 201 +++++---- transport/sip003/args.go | 12 - transport/v2raygrpc/client.go | 3 +- .../v2raygrpc/credentials/credentials.go | 8 +- transport/v2raygrpc/credentials/util.go | 7 +- transport/v2raygrpc/server.go | 2 +- transport/v2raygrpc/stream.pb.go | 21 +- transport/v2raygrpc/stream_grpc.pb.go | 7 +- transport/v2rayxhttp/client.go | 16 +- transport/v2rayxhttp/dialer.go | 2 + transport/wireguard/client_bind.go | 2 +- transport/wireguard/device_stack.go | 26 +- transport/wireguard/device_system.go | 13 +- transport/wireguard/device_system_stack.go | 25 +- transport/wireguard/endpoint.go | 69 +-- 111 files changed, 1291 insertions(+), 1660 deletions(-) delete mode 100644 protocol/direct/loopback_detect.go delete mode 100644 transport/masque/buffer.go create mode 100644 transport/masque/device_stack_stub.go diff --git a/.github/CRONET_GO_VERSION b/.github/CRONET_GO_VERSION index f8f1198f..a2d9d6ca 100644 --- a/.github/CRONET_GO_VERSION +++ b/.github/CRONET_GO_VERSION @@ -1 +1 @@ -e4926ba205fae5351e3d3eeafff7e7029654424a +2faf34666c2cc8234f10f2ab6d4c4d6104d34ae2 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 2e86bb62..05b9e677 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -18,21 +18,60 @@ on: - testing - unstable +concurrency: + group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}-${{ inputs.build }} + cancel-in-progress: true + jobs: build: - name: Build + name: Lint ${{ matrix.goos }}/${{ matrix.goarch }} runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - goos: windows + goarch: amd64 + - goos: windows + goarch: '386' + - goos: windows + goarch: arm64 + - goos: linux + goarch: amd64 + - goos: linux + goarch: arm64 + - goos: linux + goarch: arm + - goos: linux + goarch: '386' + - goos: darwin + goarch: amd64 + - goos: darwin + goarch: arm64 + - goos: android + goarch: arm64 + # - goos: freebsd + # goarch: amd64 steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup Go uses: actions/setup-go@v5 with: go-version: ^1.25 + - name: Cache go module + uses: actions/cache@v4 + with: + path: | + ~/go/pkg/mod + key: go-${{ hashFiles('**/go.sum') }} - name: golangci-lint uses: golangci/golangci-lint-action@v8 + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.goarch }} with: version: latest args: --timeout=30m diff --git a/.golangci.yml b/.golangci.yml index d6905dc1..3f7fd94f 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,6 +1,6 @@ version: "2" run: - go: "1.25" + go: "1.24" build-tags: - with_gvisor - with_quic @@ -17,30 +17,29 @@ run: linters: default: none enable: - - govet - ineffassign - paralleltest - staticcheck + - unused + - modernize settings: + modernize: + disable: + - omitzero # nested struct omitempty -> omitzero changes JSON output semantics staticcheck: checks: - all - - -S1000 - - -S1008 - - -S1017 - - -ST1003 - - -QF1001 - - -QF1003 - - -QF1008 + - -QF1008 # could remove embedded field "" from selector + - -ST1003 # should not use ALL_CAPS in Go names; use CamelCase instead + - -QF1001 # could apply De Morgan's law exclusions: generated: lax presets: - comments - common-false-positives - - legacy - - std-error-handling paths: - transport/simple-obfs + - \.pb\.go$ - third_party$ - builtin$ - examples$ @@ -55,10 +54,3 @@ formatters: - prefix(github.com/sagernet/) - default custom-order: true - exclusions: - generated: lax - paths: - - transport/simple-obfs - - third_party$ - - builtin$ - - examples$ diff --git a/Makefile b/Makefile index e7bcfdfd..519739b9 100644 --- a/Makefile +++ b/Makefile @@ -59,23 +59,17 @@ install: go build -o $(PREFIX)/bin/$(NAME) $(MAIN_PARAMS) $(MAIN) fmt: - @gofumpt -l -w . - @gofmt -s -w . - @gci write --custom-order -s standard -s "prefix(github.com/sagernet/)" -s "default" . + @golangci-lint fmt fmt_docs: go run ./cmd/internal/format_docs -fmt_install: - go install -v mvdan.cc/gofumpt@latest - go install -v github.com/daixiang0/gci@latest - lint: GOOS=linux golangci-lint run ./... GOOS=android golangci-lint run ./... GOOS=windows golangci-lint run ./... GOOS=darwin golangci-lint run ./... - GOOS=freebsd golangci-lint run ./... +# GOOS=freebsd golangci-lint run ./... lint_install: go install -v github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest @@ -202,14 +196,31 @@ upload_macos_pkg: ghr --replace --draft --prerelease "v${VERSION}" "dist/SFM/SFM-${VERSION}-Intel.pkg" ghr --replace --draft --prerelease "v${VERSION}" "dist/SFM/SFM-${VERSION}-Universal.pkg" +replace_macos_pkg: + mkdir -p dist/SFM + cp ../sing-box-for-apple/build/SFM-Apple.pkg "dist/SFM/SFM-${VERSION}-Apple.pkg" + cp ../sing-box-for-apple/build/SFM-Intel.pkg "dist/SFM/SFM-${VERSION}-Intel.pkg" + cp ../sing-box-for-apple/build/SFM-Universal.pkg "dist/SFM/SFM-${VERSION}-Universal.pkg" + ghr --replace "v${VERSION}" "dist/SFM/SFM-${VERSION}-Apple.pkg" + ghr --replace "v${VERSION}" "dist/SFM/SFM-${VERSION}-Intel.pkg" + ghr --replace "v${VERSION}" "dist/SFM/SFM-${VERSION}-Universal.pkg" + upload_macos_dsyms: mkdir -p dist/SFM cd ../sing-box-for-apple/build/SFM.System-universal.xcarchive && zip -r SFM.dSYMs.zip dSYMs cp ../sing-box-for-apple/build/SFM.System-universal.xcarchive/SFM.dSYMs.zip "dist/SFM/SFM-${VERSION}.dSYMs.zip" ghr --replace --draft --prerelease "v${VERSION}" "dist/SFM/SFM-${VERSION}.dSYMs.zip" +replace_macos_dsyms: + mkdir -p dist/SFM + cd ../sing-box-for-apple/build/SFM.System-universal.xcarchive && zip -r SFM.dSYMs.zip dSYMs + cp ../sing-box-for-apple/build/SFM.System-universal.xcarchive/SFM.dSYMs.zip "dist/SFM/SFM-${VERSION}.dSYMs.zip" + ghr --replace "v${VERSION}" "dist/SFM/SFM-${VERSION}.dSYMs.zip" + release_macos_standalone: build_macos_pkg notarize_macos_pkg upload_macos_pkg upload_macos_dsyms +replace_macos_standalone: build_macos_pkg notarize_macos_pkg upload_macos_pkg upload_macos_dsyms + build_tvos: cd ../sing-box-for-apple && \ rm -rf build/SFT.xcarchive && \ diff --git a/cmd/internal/protogen/main.go b/cmd/internal/protogen/main.go index 4d5023f7..1a5d59b0 100644 --- a/cmd/internal/protogen/main.go +++ b/cmd/internal/protogen/main.go @@ -48,8 +48,8 @@ func GetRuntimeEnv(key string) (string, error) { if readErr != nil { return "", readErr } - envStrings := strings.Split(string(data), "\n") - for _, envItem := range envStrings { + envStrings := strings.SplitSeq(string(data), "\n") + for envItem := range envStrings { envItem = strings.TrimSuffix(envItem, "\r") envKeyValue := strings.Split(envItem, "=") if strings.EqualFold(strings.TrimSpace(envKeyValue[0]), key) { diff --git a/cmd/internal/update_android_version/main.go b/cmd/internal/update_android_version/main.go index 4850fce0..2278eeac 100644 --- a/cmd/internal/update_android_version/main.go +++ b/cmd/internal/update_android_version/main.go @@ -39,7 +39,7 @@ func main() { common.Must(os.Chdir(androidPath)) localProps := common.Must1(os.ReadFile("version.properties")) var propsList [][]string - for _, propLine := range strings.Split(string(localProps), "\n") { + for propLine := range strings.SplitSeq(string(localProps), "\n") { propsList = append(propsList, strings.Split(propLine, "=")) } var ( diff --git a/cmd/internal/update_certificates/main.go b/cmd/internal/update_certificates/main.go index 55b221e1..03323c06 100644 --- a/cmd/internal/update_certificates/main.go +++ b/cmd/internal/update_certificates/main.go @@ -45,10 +45,8 @@ package certificate import "crypto/x509" -var mozillaIncluded *x509.CertPool - -func init() { - mozillaIncluded = x509.NewCertPool() +func newMozillaIncluded() *x509.CertPool { + pool := x509.NewCertPool() `) for { record, err := reader.Read() @@ -63,14 +61,14 @@ func init() { generated.WriteString("\n // ") generated.WriteString(record[nameIndex]) generated.WriteString("\n") - generated.WriteString(" mozillaIncluded.AppendCertsFromPEM([]byte(`") + generated.WriteString(" pool.AppendCertsFromPEM([]byte(`") cert := record[certIndex] // Remove single quotes cert = cert[1 : len(cert)-1] generated.WriteString(cert) generated.WriteString("`))\n") } - generated.WriteString("}\n") + generated.WriteString("\treturn pool\n}\n") return os.WriteFile("common/certificate/mozilla.go", []byte(generated.String()), 0o644) } @@ -131,10 +129,8 @@ package certificate import "crypto/x509" -var chromeIncluded *x509.CertPool - -func init() { - chromeIncluded = x509.NewCertPool() +func newChromeIncluded() *x509.CertPool { + pool := x509.NewCertPool() `) for { record, err := reader.Read() @@ -152,7 +148,7 @@ func init() { generated.WriteString("\n // ") generated.WriteString(record[subjectIndex]) generated.WriteString("\n") - generated.WriteString(" chromeIncluded.AppendCertsFromPEM([]byte(`") + generated.WriteString(" pool.AppendCertsFromPEM([]byte(`") cert := record[certIndex] // Remove single quotes if present if len(cert) > 0 && cert[0] == '\'' { @@ -161,6 +157,6 @@ func init() { generated.WriteString(cert) generated.WriteString("`))\n") } - generated.WriteString("}\n") + generated.WriteString("\treturn pool\n}\n") return os.WriteFile("common/certificate/chrome.go", []byte(generated.String()), 0o644) } diff --git a/cmd/sing-box/cmd_geoip_export.go b/cmd/sing-box/cmd_geoip_export.go index b80e5cd3..6f59b4d5 100644 --- a/cmd/sing-box/cmd_geoip_export.go +++ b/cmd/sing-box/cmd_geoip_export.go @@ -61,16 +61,17 @@ func geoipExport(countryCode string) error { outputFile *os.File outputWriter io.Writer ) - if flagGeoipExportOutput == "stdout" { + switch flagGeoipExportOutput { + case "stdout": outputWriter = os.Stdout - } else if flagGeoipExportOutput == flagGeoipExportDefaultOutput { + case flagGeoipExportDefaultOutput: outputFile, err = os.Create("geoip-" + countryCode + ".json") if err != nil { return err } defer outputFile.Close() outputWriter = outputFile - } else { + default: outputFile, err = os.Create(flagGeoipExportOutput) if err != nil { return err diff --git a/cmd/sing-box/cmd_geosite_export.go b/cmd/sing-box/cmd_geosite_export.go index 90a7955b..573cc1df 100644 --- a/cmd/sing-box/cmd_geosite_export.go +++ b/cmd/sing-box/cmd_geosite_export.go @@ -43,16 +43,17 @@ func geositeExport(category string) error { outputFile *os.File outputWriter io.Writer ) - if commandGeositeExportOutput == "stdout" { + switch commandGeositeExportOutput { + case "stdout": outputWriter = os.Stdout - } else if commandGeositeExportOutput == commandGeositeExportDefaultOutput { + case commandGeositeExportDefaultOutput: outputFile, err = os.Create("geosite-" + category + ".json") if err != nil { return err } defer outputFile.Close() outputWriter = outputFile - } else { + default: outputFile, err = os.Create(commandGeositeExportOutput) if err != nil { return err diff --git a/cmd/sing-box/cmd_tools_fetch_http3.go b/cmd/sing-box/cmd_tools_fetch_http3.go index c11afc2d..3caa1e88 100644 --- a/cmd/sing-box/cmd_tools_fetch_http3.go +++ b/cmd/sing-box/cmd_tools_fetch_http3.go @@ -1,3 +1,5 @@ +//go:build with_quic + package main import ( diff --git a/common/badversion/version.go b/common/badversion/version.go index a8404297..3da6766c 100644 --- a/common/badversion/version.go +++ b/common/badversion/version.go @@ -112,9 +112,7 @@ func IsValid(versionName string) bool { } func Parse(versionName string) (version Version) { - if strings.HasPrefix(versionName, "v") { - versionName = versionName[1:] - } + versionName = strings.TrimPrefix(versionName, "v") if strings.Contains(versionName, "-") { parts := strings.Split(versionName, "-") versionName = parts[0] diff --git a/common/certificate/chrome.go b/common/certificate/chrome.go index 8a361c61..ea341b0c 100644 --- a/common/certificate/chrome.go +++ b/common/certificate/chrome.go @@ -4,13 +4,11 @@ package certificate import "crypto/x509" -var chromeIncluded *x509.CertPool - -func init() { - chromeIncluded = x509.NewCertPool() +func newChromeIncluded() *x509.CertPool { + pool := x509.NewCertPool() // CN=Actalis Authentication Root CA; O=Actalis S.p.A./03358520967; L=Milan; C=IT - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 @@ -45,7 +43,7 @@ LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== -----END CERTIFICATE-----`)) // CN=TunTrust Root CA; O=Agence Nationale de Certification Electronique; C=TN - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQEL BQAwYTELMAkGA1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUg Q2VydGlmaWNhdGlvbiBFbGVjdHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJv @@ -80,7 +78,7 @@ d9qDRIueVSjAi1jTkD5OGwDxFa2DK5o= -----END CERTIFICATE-----`)) // CN=Amazon Root CA 4; O=Amazon; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG @@ -95,7 +93,7 @@ CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW -----END CERTIFICATE-----`)) // CN=Amazon Root CA 1; O=Amazon; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL @@ -117,7 +115,7 @@ rqXRfboQnoZsG4q5WTP468SQvvG5 -----END CERTIFICATE-----`)) // CN=Amazon Root CA 2; O=Amazon; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL @@ -150,7 +148,7 @@ n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE -----END CERTIFICATE-----`)) // CN=Amazon Root CA 3; O=Amazon; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG @@ -164,7 +162,7 @@ YyRIHN8wfdVoOw== -----END CERTIFICATE-----`)) // CN=Certum Trusted Network CA; OU=Certum Certification Authority; O=Unizeto Technologies S.A.; C=PL - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU @@ -188,7 +186,7 @@ VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI -----END CERTIFICATE-----`)) // CN=Certum EC-384 CA; OU=Certum Certification Authority; O=Asseco Data Systems S.A.; C=PL - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw CQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw JQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT @@ -205,7 +203,7 @@ nvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= -----END CERTIFICATE-----`)) // CN=Certum Trusted Root CA; OU=Certum Certification Authority; O=Asseco Data Systems S.A.; C=PL - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6 MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEu MScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNV @@ -240,7 +238,7 @@ E2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb -----END CERTIFICATE-----`)) // CN=Certum Trusted Network CA 2; OU=Certum Certification Authority; O=Unizeto Technologies S.A.; C=PL - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG @@ -276,7 +274,7 @@ DrW5viSP -----END CERTIFICATE-----`)) // CN=Autoridad de Certificacion Firmaprofesional CIF A62634068; C=ES - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UE BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1 @@ -313,7 +311,7 @@ GbqEZycPvEJdvSRUDewdcAZfpLz6IHxV -----END CERTIFICATE-----`)) // CN=ANF Secure Server Root CA; OU=ANF CA Raiz; O=ANF Autoridad de Certificacion; C=ES; SerialNumber=G63287510 - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNV BAUTCUc2MzI4NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlk YWQgZGUgQ2VydGlmaWNhY2lvbjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNV @@ -349,7 +347,7 @@ tt7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= -----END CERTIFICATE-----`)) // CN=Buypass Class 2 Root CA; O=Buypass AS-983163327; C=NO - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow @@ -382,7 +380,7 @@ Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= -----END CERTIFICATE-----`)) // CN=Buypass Class 3 Root CA; O=Buypass AS-983163327; C=NO - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow @@ -415,7 +413,7 @@ u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq -----END CERTIFICATE-----`)) // CN=Certainly Root R1; O=Certainly; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAw PTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2Vy dGFpbmx5IFJvb3QgUjEwHhcNMjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9 @@ -448,7 +446,7 @@ OV+KmalBWQewLK8= -----END CERTIFICATE-----`)) // CN=Certainly Root E1; O=Certainly; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQsw CQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlu bHkgUm9vdCBFMTAeFw0yMTA0MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJ @@ -463,7 +461,7 @@ BtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR -----END CERTIFICATE-----`)) // CN=Certigna; O=Dhimyotis; C=FR - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ @@ -487,7 +485,7 @@ WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== -----END CERTIFICATE-----`)) // CN=Certigna Root CA; OU=0002 48146308100036; O=Dhimyotis; C=FR - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x @@ -525,7 +523,7 @@ jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw -----END CERTIFICATE-----`)) // OU=certSIGN ROOT CA; O=certSIGN; C=RO - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP @@ -547,7 +545,7 @@ i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN -----END CERTIFICATE-----`)) // OU=certSIGN ROOT CA G2; O=CERTSIGN SA; C=RO - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJ @@ -580,7 +578,7 @@ QRBdJ3NghVdJIgc= -----END CERTIFICATE-----`)) // CN=HiPKI Root CA - G1; O=Chunghwa Telecom Co., Ltd.; C=TW - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBP MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 ZC4xGzAZBgNVBAMMEkhpUEtJIFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRa @@ -613,7 +611,7 @@ YDksswBVLuT1sw5XxJFBAJw/6KXf6vb/yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ== -----END CERTIFICATE-----`)) // OU=ePKI Root Certification Authority; O=Chunghwa Telecom Co., Ltd.; C=TW - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe @@ -648,7 +646,7 @@ hNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE-----`)) // CN=D-TRUST BR Root CA 1 2020; O=D-Trust GmbH; C=DE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQsw CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS VVNUIEJSIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5 @@ -668,7 +666,7 @@ dWNbFJWcHwHP2NVypw87 -----END CERTIFICATE-----`)) // CN=D-TRUST EV Root CA 1 2020; O=D-Trust GmbH; C=DE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQsw CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS VVNUIEVWIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5 @@ -688,7 +686,7 @@ gfM0agPnIjhQW+0ZT0MW -----END CERTIFICATE-----`)) // CN=D-TRUST Root Class 3 CA 2 EV 2009; O=D-Trust GmbH; C=DE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw @@ -715,7 +713,7 @@ KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 -----END CERTIFICATE-----`)) // CN=D-TRUST Root Class 3 CA 2 2009; O=D-Trust GmbH; C=DE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha @@ -742,7 +740,7 @@ Johw1+qRzT65ysCQblrGXnRl11z+o+I= -----END CERTIFICATE-----`)) // CN=T-TeleSec GlobalRoot Class 3; OU=T-Systems Trust Center; O=T-Systems Enterprise Services GmbH; C=DE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl @@ -767,7 +765,7 @@ TpPDpFQUWw== -----END CERTIFICATE-----`)) // CN=T-TeleSec GlobalRoot Class 2; OU=T-Systems Trust Center; O=T-Systems Enterprise Services GmbH; C=DE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl @@ -792,7 +790,7 @@ BSeOE6Fuwg== -----END CERTIFICATE-----`)) // CN=DigiCert TLS RSA4096 Root G5; O=DigiCert, Inc.; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT HERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN @@ -825,7 +823,7 @@ ovfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+ -----END CERTIFICATE-----`)) // CN=DigiCert TLS ECC P384 Root G5; O=DigiCert, Inc.; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2 @@ -841,7 +839,7 @@ DXZDjC5Ty3zfDBeWUA== -----END CERTIFICATE-----`)) // CN=DigiCert Assured ID Root CA; OU=www.digicert.com; O=DigiCert Inc; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv @@ -865,7 +863,7 @@ H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe -----END CERTIFICATE-----`)) // CN=DigiCert Assured ID Root G2; OU=www.digicert.com; O=DigiCert Inc; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv @@ -889,7 +887,7 @@ IhNzbM8m9Yop5w== -----END CERTIFICATE-----`)) // CN=DigiCert Assured ID Root G3; OU=www.digicert.com; O=DigiCert Inc; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg @@ -906,7 +904,7 @@ JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv -----END CERTIFICATE-----`)) // CN=DigiCert Global Root CA; OU=www.digicert.com; O=DigiCert Inc; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD @@ -930,7 +928,7 @@ CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= -----END CERTIFICATE-----`)) // CN=DigiCert Global Root G2; OU=www.digicert.com; O=DigiCert Inc; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH @@ -954,7 +952,7 @@ MrY= -----END CERTIFICATE-----`)) // CN=DigiCert Global Root G3; OU=www.digicert.com; O=DigiCert Inc; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe @@ -971,7 +969,7 @@ sycX -----END CERTIFICATE-----`)) // CN=DigiCert High Assurance EV Root CA; OU=www.digicert.com; O=DigiCert Inc; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j @@ -996,7 +994,7 @@ vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep -----END CERTIFICATE-----`)) // CN=DigiCert Trusted Root G4; OU=www.digicert.com; O=DigiCert Inc; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg @@ -1030,7 +1028,7 @@ gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ -----END CERTIFICATE-----`)) // CN=QuoVadis Root CA 2; O=QuoVadis Limited; C=BM - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV @@ -1065,7 +1063,7 @@ ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y -----END CERTIFICATE-----`)) // CN=QuoVadis Root CA 2 G3; O=QuoVadis Limited; C=BM - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 @@ -1098,7 +1096,7 @@ WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M -----END CERTIFICATE-----`)) // CN=QuoVadis Root CA 3 G3; O=QuoVadis Limited; C=BM - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 @@ -1131,7 +1129,7 @@ ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 -----END CERTIFICATE-----`)) // CN=CA Disig Root R2; O=Disig a.s.; L=Bratislava; C=SK - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy @@ -1164,7 +1162,7 @@ L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL -----END CERTIFICATE-----`)) // CN=emSign ECC Root CA - G3; OU=emSign PKI; O=eMudhra Technologies Limited; C=IN - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQG EwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g @@ -1181,7 +1179,7 @@ CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD -----END CERTIFICATE-----`)) // CN=emSign Root CA - G1; OU=emSign PKI; O=eMudhra Technologies Limited; C=IN - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYD VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBU ZWNobm9sb2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBH @@ -1205,7 +1203,7 @@ iN66zB+Afko= -----END CERTIFICATE-----`)) // CN=AffirmTrust Commercial; O=AffirmTrust; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL @@ -1227,7 +1225,7 @@ nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= -----END CERTIFICATE-----`)) // CN=Atos TrustedRoot 2011; O=Atos; C=DE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM @@ -1250,7 +1248,7 @@ KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed -----END CERTIFICATE-----`)) // CN=Atos TrustedRoot Root CA ECC TLS 2021; O=Atos; C=DE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0 @@ -1266,7 +1264,7 @@ CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo -----END CERTIFICATE-----`)) // CN=Atos TrustedRoot Root CA RSA TLS 2021; O=Atos; C=DE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00 @@ -1299,7 +1297,7 @@ oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ== -----END CERTIFICATE-----`)) // CN=GlobalSign; OU=GlobalSign Root CA - R6; O=GlobalSign - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx @@ -1333,7 +1331,7 @@ JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R -----END CERTIFICATE-----`)) // CN=GlobalSign Root E46; O=GlobalSign nv-sa; C=BE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw @@ -1348,7 +1346,7 @@ DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ -----END CERTIFICATE-----`)) // CN=GlobalSign Root R46; O=GlobalSign nv-sa; C=BE - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy @@ -1381,7 +1379,7 @@ vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6 -----END CERTIFICATE-----`)) // CN=GlobalSign; OU=GlobalSign ECC Root CA - R5; O=GlobalSign - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX @@ -1397,7 +1395,7 @@ xwy8p2Fp8fc74SrL+SvzZpA3 -----END CERTIFICATE-----`)) // CN=GlobalSign; OU=GlobalSign Root CA - R3; O=GlobalSign - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 @@ -1420,7 +1418,7 @@ WD9f -----END CERTIFICATE-----`)) // CN=Starfield Root Certificate Authority - G2; O=Starfield Technologies, Inc.; L=Scottsdale; ST=Arizona; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs @@ -1445,7 +1443,7 @@ mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 -----END CERTIFICATE-----`)) // CN=Go Daddy Root Certificate Authority - G2; O=GoDaddy.com, Inc.; L=Scottsdale; ST=Arizona; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp @@ -1470,7 +1468,7 @@ LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI -----END CERTIFICATE-----`)) // CN=GlobalSign; OU=GlobalSign ECC Root CA - R4; O=GlobalSign - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYD VQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgw @@ -1484,7 +1482,7 @@ bmF0774BxL4YSFlhgjICICadVGNA3jdgUM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm -----END CERTIFICATE-----`)) // CN=GTS Root R4; O=Google Trust Services LLC; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw @@ -1499,7 +1497,7 @@ p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD -----END CERTIFICATE-----`)) // CN=GTS Root R2; O=Google Trust Services LLC; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQsw CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU MBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw @@ -1532,7 +1530,7 @@ JPFI/2R80L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV -----END CERTIFICATE-----`)) // CN=GTS Root R1; O=Google Trust Services LLC; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw @@ -1565,7 +1563,7 @@ bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c -----END CERTIFICATE-----`)) // CN=GTS Root R3; O=Google Trust Services LLC; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYD VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG A1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw @@ -1580,7 +1578,7 @@ ZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV11RZt+cRLInUue4X -----END CERTIFICATE-----`)) // CN=ACCVRAIZ1; OU=PKIACCV; O=ACCV; C=ES - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ @@ -1626,7 +1624,7 @@ pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 -----END CERTIFICATE-----`)) // OU=AC RAIZ FNMT-RCM; O=FNMT-RCM; C=ES - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ @@ -1660,7 +1658,7 @@ uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= -----END CERTIFICATE-----`)) // CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS; OU=Ceres; O=FNMT-RCM; C=ES; OrganizationIdentifier=VATES-Q2826004J - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQsw CQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgw FgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1S @@ -1678,7 +1676,7 @@ v+c= -----END CERTIFICATE-----`)) // CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1; OU=Kamu Sertifikasyon Merkezi - Kamu SM; O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK; L=Gebze - Kocaeli; C=TR - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w @@ -1706,7 +1704,7 @@ lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= -----END CERTIFICATE-----`)) // CN=HARICA TLS RSA Root CA 2021; O=Hellenic Academic and Research Institutions CA; C=GR - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBs MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0Eg @@ -1741,7 +1739,7 @@ xw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnnkf3/W9b3raYvAwtt41dU -----END CERTIFICATE-----`)) // CN=HARICA TLS ECC Root CA 2021; O=Hellenic Academic and Research Institutions CA; C=GR - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQsw CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh cmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9v @@ -1758,7 +1756,7 @@ nxS2PFOiTAZpffpskcYqSUXm7LcT4Tps -----END CERTIFICATE-----`)) // CN=IdenTrust Commercial Root CA 1; O=IdenTrust; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw @@ -1791,7 +1789,7 @@ mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A -----END CERTIFICATE-----`)) // CN=ISRG Root X1; O=Internet Security Research Group; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 @@ -1824,7 +1822,7 @@ emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= -----END CERTIFICATE-----`)) // CN=ISRG Root X2; O=Internet Security Research Group; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00 @@ -1840,7 +1838,7 @@ tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1 -----END CERTIFICATE-----`)) // CN=Izenpe.com; O=IZENPE S.A.; C=ES - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD @@ -1876,7 +1874,7 @@ QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== -----END CERTIFICATE-----`)) // CN=SZAFIR ROOT CA2; O=Krajowa Izba Rozliczeniowa S.A.; C=PL - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw @@ -1899,7 +1897,7 @@ LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== -----END CERTIFICATE-----`)) // CN=e-Szigno Root CA 2017; O=Microsec Ltd.; L=Budapest; C=HU; OrganizationIdentifier=VATHU-23584497 - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNV BAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRk LjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJv @@ -1916,7 +1914,7 @@ jbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxOsvxyqltZ -----END CERTIFICATE-----`)) // CN=Microsec e-Szigno Root CA 2009; O=Microsec Ltd.; L=Budapest; C=HU; EmailAddress=info@e-szigno.hu - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G @@ -1942,7 +1940,7 @@ HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW -----END CERTIFICATE-----`)) // CN=Microsoft ECC Root Certificate Authority 2017; O=Microsoft Corporation; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQsw CQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYD VQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw @@ -1959,7 +1957,7 @@ iudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= -----END CERTIFICATE-----`)) // CN=Microsoft RSA Root Certificate Authority 2017; O=Microsoft Corporation; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBl MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw NAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 @@ -1994,7 +1992,7 @@ RA+GsCyRxj3qrg+E -----END CERTIFICATE-----`)) // CN=NAVER Global Root Certification Authority; O=NAVER BUSINESS PLATFORM Corp.; C=KR - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0 @@ -2029,7 +2027,7 @@ dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul -----END CERTIFICATE-----`)) // CN=NetLock Arany (Class Gold) Főtanúsítvány; OU=Tanúsítványkiadók (Certification Services); O=NetLock Kft.; L=Budapest; C=HU - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl @@ -2055,7 +2053,7 @@ XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= -----END CERTIFICATE-----`)) // CN=OISTE WISeKey Global Root GC CA; OU=OISTE Foundation Endorsed; O=WISeKey; C=CH - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91 bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg @@ -2072,7 +2070,7 @@ Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 -----END CERTIFICATE-----`)) // CN=OISTE WISeKey Global Root GB CA; OU=OISTE Foundation Endorsed; O=WISeKey; C=CH - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i @@ -2096,7 +2094,7 @@ Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= -----END CERTIFICATE-----`)) // CN=Security Communication ECC RootCA1; O=SECOM Trust Systems CO.,LTD.; C=JP - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYT AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYD VQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYx @@ -2112,7 +2110,7 @@ be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k= -----END CERTIFICATE-----`)) // OU=Security Communication RootCA2; O=SECOM Trust Systems CO.,LTD.; C=JP - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX @@ -2135,7 +2133,7 @@ SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 -----END CERTIFICATE-----`)) // CN=Entrust Root Certification Authority; OU=www.entrust.net/CPS is incorporated by reference, (c) 2006 Entrust, Inc.; O=Entrust, Inc.; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW @@ -2164,7 +2162,7 @@ eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m -----END CERTIFICATE-----`)) // CN=Sectigo Public Server Authentication Root E46; O=Sectigo Limited; C=GB - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN @@ -2180,7 +2178,7 @@ qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q -----END CERTIFICATE-----`)) // CN=COMODO ECC Certification Authority; O=COMODO CA Limited; L=Salford; ST=Greater Manchester; C=GB - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT @@ -2198,7 +2196,7 @@ GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE-----`)) // CN=COMODO Certification Authority; O=COMODO CA Limited; L=Salford; ST=Greater Manchester; C=GB - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV @@ -2223,7 +2221,7 @@ R1uUq27UlTMdphVx8fiUylQ5PsE= -----END CERTIFICATE-----`)) // CN=COMODO RSA Certification Authority; O=COMODO CA Limited; L=Salford; ST=Greater Manchester; C=GB - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV @@ -2259,7 +2257,7 @@ NVOFBkpdn627G190 -----END CERTIFICATE-----`)) // CN=USERTrust RSA Certification Authority; O=The USERTRUST Network; L=Jersey City; ST=New Jersey; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV @@ -2295,7 +2293,7 @@ jjxDah2nGN59PRbxYvnKkKj9 -----END CERTIFICATE-----`)) // CN=USERTrust ECC Certification Authority; O=The USERTRUST Network; L=Jersey City; ST=New Jersey; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT @@ -2313,7 +2311,7 @@ RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= -----END CERTIFICATE-----`)) // CN=Sectigo Public Server Authentication Root R46; O=Sectigo Limited; C=GB - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw @@ -2347,7 +2345,7 @@ QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL -----END CERTIFICATE-----`)) // CN=Entrust Root Certification Authority - G2; OU=See www.entrust.net/legal-terms, (c) 2009 Entrust, Inc. - for authorized use only; O=Entrust, Inc.; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs @@ -2374,7 +2372,7 @@ VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== -----END CERTIFICATE-----`)) // CN=Entrust Root Certification Authority - EC1; OU=See www.entrust.net/legal-terms, (c) 2012 Entrust, Inc. - for authorized use only; O=Entrust, Inc.; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu @@ -2394,7 +2392,7 @@ hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G -----END CERTIFICATE-----`)) // CN=SSL.com Root Certification Authority RSA; O=SSL Corporation; L=Houston; ST=Texas; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp @@ -2430,7 +2428,7 @@ Ic2wBlX7Jz9TkHCpBB5XJ7k= -----END CERTIFICATE-----`)) // CN=SSL.com TLS ECC Root CA 2022; O=SSL Corporation; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 @@ -2446,7 +2444,7 @@ b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g== -----END CERTIFICATE-----`)) // CN=SSL.com TLS RSA Root CA 2022; O=SSL Corporation; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX @@ -2480,7 +2478,7 @@ Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU -----END CERTIFICATE-----`)) // CN=SSL.com Root Certification Authority ECC; O=SSL Corporation; L=Houston; ST=Texas; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 @@ -2498,7 +2496,7 @@ gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl -----END CERTIFICATE-----`)) // CN=SSL.com EV Root Certification Authority RSA R2; O=SSL Corporation; L=Houston; ST=Texas; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy @@ -2534,7 +2532,7 @@ mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== -----END CERTIFICATE-----`)) // CN=SSL.com EV Root Certification Authority ECC; O=SSL Corporation; L=Houston; ST=Texas; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp @@ -2552,7 +2550,7 @@ h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== -----END CERTIFICATE-----`)) // CN=SwissSign Gold CA - G2; O=SwissSign AG; C=CH - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF @@ -2587,7 +2585,7 @@ Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ -----END CERTIFICATE-----`)) // CN=TWCA CYBER Root CA; OU=Root CA; O=TAIWAN-CA; C=TW - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIQQAE0jMIAAAAAAAAAATzyxjANBgkqhkiG9w0BAQwFADBQ MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290 IENBMRswGQYDVQQDExJUV0NBIENZQkVSIFJvb3QgQ0EwHhcNMjIxMTIyMDY1NDI5 @@ -2621,7 +2619,7 @@ t5b5wR9iWqJDB0BeJsas7a5wFsWqynKKTbDPAYsDP27X -----END CERTIFICATE-----`)) // CN=TWCA Global Root CA; OU=Root CA; O=TAIWAN-CA; C=TW - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 @@ -2654,7 +2652,7 @@ KwbQBM0= -----END CERTIFICATE-----`)) // CN=TeliaSonera Root CA v1; O=TeliaSonera - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD @@ -2686,7 +2684,7 @@ SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= -----END CERTIFICATE-----`)) // CN=Telia Root CA v2; O=Telia Finland Oyj; C=FI - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQx CzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UE AwwQVGVsaWEgUm9vdCBDQSB2MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1 @@ -2720,7 +2718,7 @@ rBPuUBQemMc= -----END CERTIFICATE-----`)) // CN=Trustwave Global ECC P384 Certification Authority; O=Trustwave Holdings, Inc.; L=Chicago; ST=Illinois; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYD VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 @@ -2739,7 +2737,7 @@ Sw== -----END CERTIFICATE-----`)) // CN=Trustwave Global ECC P256 Certification Authority; O=Trustwave Holdings, Inc.; L=Chicago; ST=Illinois; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 @@ -2756,7 +2754,7 @@ DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 -----END CERTIFICATE-----`)) // CN=SecureTrust CA; O=SecureTrust Corporation; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz @@ -2780,7 +2778,7 @@ CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR -----END CERTIFICATE-----`)) // CN=Trustwave Global Certification Authority; O=Trustwave Holdings, Inc.; L=Chicago; ST=Illinois; C=US - chromeIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQsw CQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28x ITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1 @@ -2814,4 +2812,5 @@ h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu3R3y4G5OBVixwJAWKqQ9 EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP29FpHOTK yeC2nOnOcXHebD8WpHk= -----END CERTIFICATE-----`)) + return pool } diff --git a/common/certificate/mozilla.go b/common/certificate/mozilla.go index a5db7267..178bcad4 100644 --- a/common/certificate/mozilla.go +++ b/common/certificate/mozilla.go @@ -4,13 +4,11 @@ package certificate import "crypto/x509" -var mozillaIncluded *x509.CertPool - -func init() { - mozillaIncluded = x509.NewCertPool() +func newMozillaIncluded() *x509.CertPool { + pool := x509.NewCertPool() // Actalis Authentication Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 @@ -45,7 +43,7 @@ LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== -----END CERTIFICATE-----`)) // TunTrust Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQEL BQAwYTELMAkGA1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUg Q2VydGlmaWNhdGlvbiBFbGVjdHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJv @@ -80,7 +78,7 @@ d9qDRIueVSjAi1jTkD5OGwDxFa2DK5o= -----END CERTIFICATE-----`)) // Amazon Root CA 1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL @@ -102,7 +100,7 @@ rqXRfboQnoZsG4q5WTP468SQvvG5 -----END CERTIFICATE-----`)) // Amazon Root CA 2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL @@ -135,7 +133,7 @@ n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE -----END CERTIFICATE-----`)) // Amazon Root CA 3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG @@ -149,7 +147,7 @@ YyRIHN8wfdVoOw== -----END CERTIFICATE-----`)) // Amazon Root CA 4 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG @@ -164,7 +162,7 @@ CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW -----END CERTIFICATE-----`)) // Starfield Services Root Certificate Authority - G2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs @@ -190,7 +188,7 @@ sSi6 -----END CERTIFICATE-----`)) // Certum CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM @@ -211,7 +209,7 @@ O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs -----END CERTIFICATE-----`)) // Certum EC-384 CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw CQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw JQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT @@ -228,7 +226,7 @@ nvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= -----END CERTIFICATE-----`)) // Certum Trusted Network CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU @@ -252,7 +250,7 @@ VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI -----END CERTIFICATE-----`)) // Certum Trusted Network CA 2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG @@ -288,7 +286,7 @@ DrW5viSP -----END CERTIFICATE-----`)) // Certum Trusted Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6 MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEu MScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNV @@ -323,7 +321,7 @@ E2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb -----END CERTIFICATE-----`)) // Autoridad de Certificacion Firmaprofesional CIF A62634068 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UE BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1 @@ -360,7 +358,7 @@ GbqEZycPvEJdvSRUDewdcAZfpLz6IHxV -----END CERTIFICATE-----`)) // FIRMAPROFESIONAL CA ROOT-A WEB - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQsw CQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UE YQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENB @@ -378,7 +376,7 @@ XSaQpYXFuXqUPoeovQA= -----END CERTIFICATE-----`)) // ANF Secure Server Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNV BAUTCUc2MzI4NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlk YWQgZGUgQ2VydGlmaWNhY2lvbjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNV @@ -414,7 +412,7 @@ tt7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= -----END CERTIFICATE-----`)) // Buypass Class 2 Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow @@ -447,7 +445,7 @@ Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= -----END CERTIFICATE-----`)) // Buypass Class 3 Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow @@ -480,7 +478,7 @@ u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq -----END CERTIFICATE-----`)) // Certainly Root E1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQsw CQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlu bHkgUm9vdCBFMTAeFw0yMTA0MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJ @@ -495,7 +493,7 @@ BtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR -----END CERTIFICATE-----`)) // Certainly Root R1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAw PTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2Vy dGFpbmx5IFJvb3QgUjEwHhcNMjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9 @@ -528,7 +526,7 @@ OV+KmalBWQewLK8= -----END CERTIFICATE-----`)) // Certigna - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ @@ -552,7 +550,7 @@ WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== -----END CERTIFICATE-----`)) // Certigna Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x @@ -590,7 +588,7 @@ jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw -----END CERTIFICATE-----`)) // certSIGN ROOT CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP @@ -612,7 +610,7 @@ i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN -----END CERTIFICATE-----`)) // certSIGN ROOT CA G2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJ @@ -645,7 +643,7 @@ QRBdJ3NghVdJIgc= -----END CERTIFICATE-----`)) // ePKI Root Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe @@ -680,7 +678,7 @@ hNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE-----`)) // HiPKI Root CA - G1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBP MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 ZC4xGzAZBgNVBAMMEkhpUEtJIFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRa @@ -713,7 +711,7 @@ YDksswBVLuT1sw5XxJFBAJw/6KXf6vb/yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ== -----END CERTIFICATE-----`)) // SecureSign Root CA12 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDcjCCAlqgAwIBAgIUZvnHwa/swlG07VOX5uaCwysckBYwDQYJKoZIhvcNAQEL BQAwUTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u LCBMdGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExMjAeFw0yMDA0MDgw @@ -736,7 +734,7 @@ yOPiZwud9AzqVN/Ssq+xIvEg37xEHA== -----END CERTIFICATE-----`)) // SecureSign Root CA14 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFcjCCA1qgAwIBAgIUZNtaDCBO6Ncpd8hQJ6JaJ90t8sswDQYJKoZIhvcNAQEM BQAwUTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u LCBMdGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExNDAeFw0yMDA0MDgw @@ -770,7 +768,7 @@ JRNItX+S -----END CERTIFICATE-----`)) // SecureSign Root CA15 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICIzCCAamgAwIBAgIUFhXHw9hJp75pDIqI7fBw+d23PocwCgYIKoZIzj0EAwMw UTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBM dGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExNTAeFw0yMDA0MDgwODMy @@ -786,7 +784,7 @@ bkU6iYAZezKYVWOr62Nuk22rGwlgMU4= -----END CERTIFICATE-----`)) // D-TRUST BR Root CA 1 2020 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQsw CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS VVNUIEJSIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5 @@ -806,7 +804,7 @@ dWNbFJWcHwHP2NVypw87 -----END CERTIFICATE-----`)) // D-TRUST BR Root CA 2 2023 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFqTCCA5GgAwIBAgIQczswBEhb2U14LnNLyaHcZjANBgkqhkiG9w0BAQ0FADBI MQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlE LVRSVVNUIEJSIFJvb3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA4NTYzMVoXDTM4MDUw @@ -841,7 +839,7 @@ hJ65bvspmZDogNOfJA== -----END CERTIFICATE-----`)) // D-TRUST EV Root CA 1 2020 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQsw CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS VVNUIEVWIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5 @@ -861,7 +859,7 @@ gfM0agPnIjhQW+0ZT0MW -----END CERTIFICATE-----`)) // D-TRUST EV Root CA 2 2023 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFqTCCA5GgAwIBAgIQaSYJfoBLTKCnjHhiU19abzANBgkqhkiG9w0BAQ0FADBI MQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlE LVRSVVNUIEVWIFJvb3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA5MTAzM1oXDTM4MDUw @@ -896,7 +894,7 @@ XBxvWHZks/wCuPWdCg== -----END CERTIFICATE-----`)) // D-TRUST Root CA 3 2013 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEDjCCAvagAwIBAgIDD92sMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxHzAdBgNVBAMMFkQtVFJVU1QgUm9vdCBD QSAzIDIwMTMwHhcNMTMwOTIwMDgyNTUxWhcNMjgwOTIwMDgyNTUxWjBFMQswCQYD @@ -922,7 +920,7 @@ tQ5tLdnkwBXxP/oYcuEVbSdbLTAoK59ImmQrme/ydUlfXA== -----END CERTIFICATE-----`)) // D-TRUST Root Class 3 CA 2 2009 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha @@ -949,7 +947,7 @@ Johw1+qRzT65ysCQblrGXnRl11z+o+I= -----END CERTIFICATE-----`)) // D-TRUST Root Class 3 CA 2 EV 2009 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw @@ -976,7 +974,7 @@ KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 -----END CERTIFICATE-----`)) // D-Trust SBR Root CA 1 2022 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICXjCCAeOgAwIBAgIQUs/kjG2gSvc/gpcMgAmMlTAKBggqhkjOPQQDAzBJMQsw CQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSMwIQYDVQQDExpELVRy dXN0IFNCUiBSb290IENBIDEgMjAyMjAeFw0yMjA3MDYxMTMwMDBaFw0zNzA3MDYx @@ -993,7 +991,7 @@ hqIu4Xpk2mc5Av7+Mz/Zc7ZYWzr8sqTZYHh3zHmnpq5VvQ== -----END CERTIFICATE-----`)) // D-Trust SBR Root CA 2 2022 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFrDCCA5SgAwIBAgIQVNWjlR49lbpyG5rQMSFKujANBgkqhkiG9w0BAQ0FADBJ MQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSMwIQYDVQQDExpE LVRydXN0IFNCUiBSb290IENBIDIgMjAyMjAeFw0yMjA3MDcwNzMwMDBaFw0zNzA3 @@ -1028,7 +1026,7 @@ azidFt4G/ihwOKVarvyD7Q== -----END CERTIFICATE-----`)) // T-TeleSec GlobalRoot Class 2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl @@ -1053,7 +1051,7 @@ BSeOE6Fuwg== -----END CERTIFICATE-----`)) // T-TeleSec GlobalRoot Class 3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl @@ -1078,7 +1076,7 @@ TpPDpFQUWw== -----END CERTIFICATE-----`)) // Telekom Security SMIME ECC Root 2021 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICRzCCAc2gAwIBAgIQFSrdFMkY0aRWQIamJa8HXzAKBggqhkjOPQQDAzBlMQsw CQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBH bWJIMS0wKwYDVQQDDCRUZWxla29tIFNlY3VyaXR5IFNNSU1FIEVDQyBSb290IDIw @@ -1095,7 +1093,7 @@ S0B/Sl+yZ1pzdcI= -----END CERTIFICATE-----`)) // Telekom Security SMIME RSA Root 2023 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFtzCCA5+gAwIBAgIQDH5i9XlzO51Djotj7ZGVuDANBgkqhkiG9w0BAQwFADBl MQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0 eSBHbWJIMS0wKwYDVQQDDCRUZWxla29tIFNlY3VyaXR5IFNNSU1FIFJTQSBSb290 @@ -1130,7 +1128,7 @@ nX7Mhz/E2i6I3eML3FpRWunZEk+eAtv3BSVR -----END CERTIFICATE-----`)) // Telekom Security TLS ECC Root 2020 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQsw CQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBH bWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIw @@ -1147,7 +1145,7 @@ z6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdUga/sf+Rn -----END CERTIFICATE-----`)) // Telekom Security TLS RSA Root 2023 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBj MQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0 eSBHbWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAy @@ -1182,7 +1180,7 @@ dTdmQRCsu/WU48IxK63nI1bMNSWSs1A= -----END CERTIFICATE-----`)) // DigiCert Assured ID Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv @@ -1206,7 +1204,7 @@ H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe -----END CERTIFICATE-----`)) // DigiCert Assured ID Root G2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv @@ -1230,7 +1228,7 @@ IhNzbM8m9Yop5w== -----END CERTIFICATE-----`)) // DigiCert Assured ID Root G3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg @@ -1247,7 +1245,7 @@ JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv -----END CERTIFICATE-----`)) // DigiCert Global Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD @@ -1271,7 +1269,7 @@ CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= -----END CERTIFICATE-----`)) // DigiCert Global Root G2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH @@ -1295,7 +1293,7 @@ MrY= -----END CERTIFICATE-----`)) // DigiCert Global Root G3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe @@ -1312,7 +1310,7 @@ sycX -----END CERTIFICATE-----`)) // DigiCert High Assurance EV Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j @@ -1337,7 +1335,7 @@ vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep -----END CERTIFICATE-----`)) // DigiCert SMIME ECC P384 Root G5 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICHDCCAaOgAwIBAgIQBT9uoAYBcn3tP8OjtqPW7zAKBggqhkjOPQQDAzBQMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xKDAmBgNVBAMTH0Rp Z2lDZXJ0IFNNSU1FIEVDQyBQMzg0IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN @@ -1353,7 +1351,7 @@ Dvu8YDB8ZD8SHkV/UT70pg== -----END CERTIFICATE-----`)) // DigiCert SMIME RSA4096 Root G5 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFajCCA1KgAwIBAgIQBfa6BCODRst9XOa5W7ocVTANBgkqhkiG9w0BAQwFADBP MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJzAlBgNVBAMT HkRpZ2lDZXJ0IFNNSU1FIFJTQTQwOTYgUm9vdCBHNTAeFw0yMTAxMTUwMDAwMDBa @@ -1386,7 +1384,7 @@ Y6+cUu5cv/DAWzceCSDSPiPGoRVKDjZ+MMV5arwiiNkMUkAf3U4PZyYW0q0XHA== -----END CERTIFICATE-----`)) // DigiCert TLS ECC P384 Root G5 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2 @@ -1402,7 +1400,7 @@ DXZDjC5Ty3zfDBeWUA== -----END CERTIFICATE-----`)) // DigiCert TLS RSA4096 Root G5 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT HERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN @@ -1435,7 +1433,7 @@ ovfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+ -----END CERTIFICATE-----`)) // DigiCert Trusted Root G4 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg @@ -1469,7 +1467,7 @@ gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ -----END CERTIFICATE-----`)) // QuoVadis Root CA 1 G3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 @@ -1502,7 +1500,7 @@ nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD -----END CERTIFICATE-----`)) // QuoVadis Root CA 2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV @@ -1537,7 +1535,7 @@ ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y -----END CERTIFICATE-----`)) // QuoVadis Root CA 2 G3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 @@ -1570,7 +1568,7 @@ WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M -----END CERTIFICATE-----`)) // QuoVadis Root CA 3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV @@ -1610,7 +1608,7 @@ mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK -----END CERTIFICATE-----`)) // QuoVadis Root CA 3 G3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 @@ -1643,7 +1641,7 @@ ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 -----END CERTIFICATE-----`)) // DIGITALSIGN GLOBAL ROOT ECDSA CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICajCCAfCgAwIBAgIUNi2PcoiiKCfkAP8kxi3k6/qdtuEwCgYIKoZIzj0EAwMw ZDELMAkGA1UEBhMCUFQxKjAoBgNVBAoMIURpZ2l0YWxTaWduIENlcnRpZmljYWRv cmEgRGlnaXRhbDEpMCcGA1UEAwwgRElHSVRBTFNJR04gR0xPQkFMIFJPT1QgRUNE @@ -1660,7 +1658,7 @@ RANNjbTHvKiu2TAnNWprFmPX/OdZ4aeJG0wxmiNVRObzQyHVRydvbVcBqgIxAPuy -----END CERTIFICATE-----`)) // DIGITALSIGN GLOBAL ROOT RSA CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFtTCCA52gAwIBAgIUXVnIyqsJV/XmtdoplARq/8XUlYcwDQYJKoZIhvcNAQEN BQAwYjELMAkGA1UEBhMCUFQxKjAoBgNVBAoMIURpZ2l0YWxTaWduIENlcnRpZmlj YWRvcmEgRGlnaXRhbDEnMCUGA1UEAwweRElHSVRBTFNJR04gR0xPQkFMIFJPT1Qg @@ -1695,7 +1693,7 @@ K0f+McvfueSsCNPYpuvUnn5LZKRVXSsXyQ== -----END CERTIFICATE-----`)) // CA Disig Root R2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy @@ -1728,7 +1726,7 @@ L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL -----END CERTIFICATE-----`)) // GLOBALTRUST 2020 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx @@ -1762,7 +1760,7 @@ qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== -----END CERTIFICATE-----`)) // emSign ECC Root CA - C3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQG EwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMx IDAeBgNVBAMTF2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAw @@ -1778,7 +1776,7 @@ Af8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQC02C8Cif22TGK6Q04ThHK1rt0c -----END CERTIFICATE-----`)) // emSign ECC Root CA - G3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQG EwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g @@ -1795,7 +1793,7 @@ CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD -----END CERTIFICATE-----`)) // emSign Root CA - C1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkG A1UEBhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEg SW5jMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAw @@ -1818,7 +1816,7 @@ WXzhriKi4gp6D/piq1JM4fHfyr6DDUI= -----END CERTIFICATE-----`)) // emSign Root CA - G1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYD VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBU ZWNobm9sb2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBH @@ -1842,7 +1840,7 @@ iN66zB+Afko= -----END CERTIFICATE-----`)) // AffirmTrust Commercial - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL @@ -1864,7 +1862,7 @@ nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= -----END CERTIFICATE-----`)) // AffirmTrust Networking - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL @@ -1886,7 +1884,7 @@ x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= -----END CERTIFICATE-----`)) // AffirmTrust Premium - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG @@ -1919,7 +1917,7 @@ KeC2uAloGRwYQw== -----END CERTIFICATE-----`)) // AffirmTrust Premium ECC - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ @@ -1934,7 +1932,7 @@ flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== -----END CERTIFICATE-----`)) // Atos TrustedRoot 2011 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM @@ -1957,7 +1955,7 @@ KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed -----END CERTIFICATE-----`)) // Atos TrustedRoot Root CA ECC G2 2020 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICMTCCAbagAwIBAgIMC3MoERh0MBzvbwiEMAoGCCqGSM49BAMDMEsxCzAJBgNV BAYTAkRFMQ0wCwYDVQQKDARBdG9zMS0wKwYDVQQDDCRBdG9zIFRydXN0ZWRSb290 IFJvb3QgQ0EgRUNDIEcyIDIwMjAwHhcNMjAxMjE1MDgzOTEwWhcNNDAxMjEwMDgz @@ -1973,7 +1971,7 @@ ohtRSzhUy6oee9flRJUWLzxEeC4luuqQ5OxS7lfsA4TzXtsWDQ== -----END CERTIFICATE-----`)) // Atos TrustedRoot Root CA ECC TLS 2021 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0 @@ -1989,7 +1987,7 @@ CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo -----END CERTIFICATE-----`)) // Atos TrustedRoot Root CA RSA G2 2020 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFfzCCA2egAwIBAgIMR7opRlU+FpKXsKtAMA0GCSqGSIb3DQEBDAUAMEsxCzAJ BgNVBAYTAkRFMQ0wCwYDVQQKDARBdG9zMS0wKwYDVQQDDCRBdG9zIFRydXN0ZWRS b290IFJvb3QgQ0EgUlNBIEcyIDIwMjAwHhcNMjAxMjE1MDg0MTIzWhcNNDAxMjEw @@ -2023,7 +2021,7 @@ ZfJ/8eOPTIBGNli2oWXLzhxEdQ== -----END CERTIFICATE-----`)) // Atos TrustedRoot Root CA RSA TLS 2021 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00 @@ -2056,7 +2054,7 @@ oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ== -----END CERTIFICATE-----`)) // GlobalSign - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx @@ -2090,7 +2088,7 @@ JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R -----END CERTIFICATE-----`)) // GlobalSign - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 @@ -2113,7 +2111,7 @@ WD9f -----END CERTIFICATE-----`)) // GlobalSign - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX @@ -2129,7 +2127,7 @@ xwy8p2Fp8fc74SrL+SvzZpA3 -----END CERTIFICATE-----`)) // GlobalSign Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw @@ -2152,7 +2150,7 @@ HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE-----`)) // GlobalSign Root E46 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw @@ -2167,7 +2165,7 @@ DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ -----END CERTIFICATE-----`)) // GlobalSign Root R46 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy @@ -2200,7 +2198,7 @@ vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6 -----END CERTIFICATE-----`)) // GlobalSign Secure Mail Root E45 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICITCCAaegAwIBAgIQdlP+qicdlUZd1vGe5biQCjAKBggqhkjOPQQDAzBSMQsw CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEoMCYGA1UEAxMf R2xvYmFsU2lnbiBTZWN1cmUgTWFpbCBSb290IEU0NTAeFw0yMDAzMTgwMDAwMDBa @@ -2216,7 +2214,7 @@ vPL/P/BS3QjnqmR5w+RpV5EvpMt8 -----END CERTIFICATE-----`)) // GlobalSign Secure Mail Root R45 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFcDCCA1igAwIBAgIQdlP+qExQq5+NMrUdA49X3DANBgkqhkiG9w0BAQwFADBS MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEoMCYGA1UE AxMfR2xvYmFsU2lnbiBTZWN1cmUgTWFpbCBSb290IFI0NTAeFw0yMDAzMTgwMDAw @@ -2250,7 +2248,7 @@ s8H2PA== -----END CERTIFICATE-----`)) // Go Daddy Class 2 Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 @@ -2276,7 +2274,7 @@ ReYNnyicsbkqWletNw+vHX/bvZ8= -----END CERTIFICATE-----`)) // Go Daddy Root Certificate Authority - G2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp @@ -2301,7 +2299,7 @@ LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI -----END CERTIFICATE-----`)) // Starfield Class 2 Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw @@ -2327,7 +2325,7 @@ WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= -----END CERTIFICATE-----`)) // Starfield Root Certificate Authority - G2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs @@ -2352,7 +2350,7 @@ mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 -----END CERTIFICATE-----`)) // GlobalSign - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYD VQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgw @@ -2366,7 +2364,7 @@ bmF0774BxL4YSFlhgjICICadVGNA3jdgUM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm -----END CERTIFICATE-----`)) // GTS Root R1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw @@ -2399,7 +2397,7 @@ bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c -----END CERTIFICATE-----`)) // GTS Root R2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQsw CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU MBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw @@ -2432,7 +2430,7 @@ JPFI/2R80L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV -----END CERTIFICATE-----`)) // GTS Root R3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYD VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG A1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw @@ -2447,7 +2445,7 @@ ZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV11RZt+cRLInUue4X -----END CERTIFICATE-----`)) // GTS Root R4 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG A1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw @@ -2462,7 +2460,7 @@ p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD -----END CERTIFICATE-----`)) // Hongkong Post Root CA 3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n @@ -2498,7 +2496,7 @@ mpv0 -----END CERTIFICATE-----`)) // ACCVRAIZ1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ @@ -2544,7 +2542,7 @@ pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 -----END CERTIFICATE-----`)) // AC RAIZ FNMT-RCM - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ @@ -2578,7 +2576,7 @@ uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= -----END CERTIFICATE-----`)) // AC RAIZ FNMT-RCM SERVIDORES SEGUROS - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQsw CQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgw FgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1S @@ -2596,7 +2594,7 @@ v+c= -----END CERTIFICATE-----`)) // Staat der Nederlanden Root CA - G3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX @@ -2630,7 +2628,7 @@ QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM -----END CERTIFICATE-----`)) // TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w @@ -2658,7 +2656,7 @@ lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= -----END CERTIFICATE-----`)) // HARICA Client ECC Root CA 2021 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICWjCCAeGgAwIBAgIQMWjZ2OFiVx7SGUSI5hB98DAKBggqhkjOPQQDAzBvMQsw CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh cmNoIEluc3RpdHV0aW9ucyBDQTEnMCUGA1UEAwweSEFSSUNBIENsaWVudCBFQ0Mg @@ -2675,7 +2673,7 @@ OMou8dQd8qJJopX4wVheT/5zCu8xsKsjWBOMi947 -----END CERTIFICATE-----`)) // HARICA Client RSA Root CA 2021 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFqjCCA5KgAwIBAgIQVVL4HtsbJCyeu5YYzQIoPjANBgkqhkiG9w0BAQsFADBv MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEnMCUGA1UEAwweSEFSSUNBIENsaWVudCBS @@ -2710,7 +2708,7 @@ ac8sqzuEYDMZUv1pFDM= -----END CERTIFICATE-----`)) // HARICA TLS ECC Root CA 2021 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQsw CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh cmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9v @@ -2727,7 +2725,7 @@ nxS2PFOiTAZpffpskcYqSUXm7LcT4Tps -----END CERTIFICATE-----`)) // HARICA TLS RSA Root CA 2021 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBs MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0Eg @@ -2762,7 +2760,7 @@ xw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnnkf3/W9b3raYvAwtt41dU -----END CERTIFICATE-----`)) // Hellenic Academic and Research Institutions ECC RootCA 2015 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl @@ -2781,7 +2779,7 @@ TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR -----END CERTIFICATE-----`)) // Hellenic Academic and Research Institutions RootCA 2015 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT @@ -2818,7 +2816,7 @@ vm9qp/UsQu0yrbYhnr68 -----END CERTIFICATE-----`)) // IdenTrust Commercial Root CA 1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw @@ -2851,7 +2849,7 @@ mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A -----END CERTIFICATE-----`)) // IdenTrust Public Sector Root CA 1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN @@ -2884,7 +2882,7 @@ GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv -----END CERTIFICATE-----`)) // ISRG Root X1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 @@ -2917,7 +2915,7 @@ emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= -----END CERTIFICATE-----`)) // ISRG Root X2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00 @@ -2933,7 +2931,7 @@ tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1 -----END CERTIFICATE-----`)) // Izenpe.com - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD @@ -2969,7 +2967,7 @@ QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== -----END CERTIFICATE-----`)) // SZAFIR ROOT CA2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw @@ -2992,7 +2990,7 @@ LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== -----END CERTIFICATE-----`)) // LAWtrust Root CA2 (4096) - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFmDCCA4CgAwIBAgIEVRpusTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJa QTERMA8GA1UEChMITEFXdHJ1c3QxITAfBgNVBAMTGExBV3RydXN0IFJvb3QgQ0Ey ICg0MDk2KTAgFw0yMzAyMTQwOTE5MzhaGA8yMDUzMDIxNDA5NDkzOFowQzELMAkG @@ -3026,7 +3024,7 @@ rF0y4Fj0gUf/0hLifhzcSXaWwx2fS8pcKjdbPYrROJsh2uO/RUPT4Fh3Hyg= -----END CERTIFICATE-----`)) // e-Szigno Root CA 2017 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNV BAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRk LjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJv @@ -3043,7 +3041,7 @@ jbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxOsvxyqltZ -----END CERTIFICATE-----`)) // Microsec e-Szigno Root CA 2009 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G @@ -3069,7 +3067,7 @@ HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW -----END CERTIFICATE-----`)) // Microsoft ECC Root Certificate Authority 2017 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQsw CQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYD VQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw @@ -3086,7 +3084,7 @@ iudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= -----END CERTIFICATE-----`)) // Microsoft RSA Root Certificate Authority 2017 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBl MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw NAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 @@ -3121,7 +3119,7 @@ RA+GsCyRxj3qrg+E -----END CERTIFICATE-----`)) // NAVER Global Root Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0 @@ -3156,7 +3154,7 @@ dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul -----END CERTIFICATE-----`)) // NetLock Arany (Class Gold) Főtanúsítvány - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl @@ -3182,7 +3180,7 @@ XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= -----END CERTIFICATE-----`)) // OISTE Client Root ECC G1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICNDCCAbqgAwIBAgIQVOyX1ou0xAshbg6y0FPIejAKBggqhkjOPQQDAzBLMQsw CQYDVQQGEwJDSDEZMBcGA1UECgwQT0lTVEUgRm91bmRhdGlvbjEhMB8GA1UEAwwY T0lTVEUgQ2xpZW50IFJvb3QgRUNDIEcxMB4XDTIzMDUzMTE0MzE0MFoXDTQ4MDUy @@ -3198,7 +3196,7 @@ GDw9Oo8gBggl5/WRNhmte7TfW2YSN3Nw7c0FKAdeCM4NQl8ZkQICMGdJh64GQR0g -----END CERTIFICATE-----`)) // OISTE Client Root RSA G1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIQNBdvWQGIG6ql3chIu7Q7czANBgkqhkiG9w0BAQwFADBL MQswCQYDVQQGEwJDSDEZMBcGA1UECgwQT0lTVEUgRm91bmRhdGlvbjEhMB8GA1UE AwwYT0lTVEUgQ2xpZW50IFJvb3QgUlNBIEcxMB4XDTIzMDUzMTE0MjMyOVoXDTQ4 @@ -3232,7 +3230,7 @@ eKnIoB1au3VQ+VILDx0CLBQa84dqd/M= -----END CERTIFICATE-----`)) // OISTE Server Root ECC G1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICNTCCAbqgAwIBAgIQI/nD1jWvjyhLH/BU6n6XnTAKBggqhkjOPQQDAzBLMQsw CQYDVQQGEwJDSDEZMBcGA1UECgwQT0lTVEUgRm91bmRhdGlvbjEhMB8GA1UEAwwY T0lTVEUgU2VydmVyIFJvb3QgRUNDIEcxMB4XDTIzMDUzMTE0NDIyOFoXDTQ4MDUy @@ -3248,7 +3246,7 @@ YmH5LVerVrkR3SW+ak5KGoJr3M/TvEqzPNcum9v4KGm8ay3sMaE641c= -----END CERTIFICATE-----`)) // OISTE Server Root RSA G1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIQVaXZZ5Qoxu0M+ifdWwFNGDANBgkqhkiG9w0BAQwFADBL MQswCQYDVQQGEwJDSDEZMBcGA1UECgwQT0lTVEUgRm91bmRhdGlvbjEhMB8GA1UE AwwYT0lTVEUgU2VydmVyIFJvb3QgUlNBIEcxMB4XDTIzMDUzMTE0MzcxNloXDTQ4 @@ -3282,7 +3280,7 @@ BiElxky8j3C7DOReIoMt0r7+hVu05L0= -----END CERTIFICATE-----`)) // OISTE WISeKey Global Root GA CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl @@ -3308,7 +3306,7 @@ Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ -----END CERTIFICATE-----`)) // OISTE WISeKey Global Root GB CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i @@ -3332,7 +3330,7 @@ Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= -----END CERTIFICATE-----`)) // OISTE WISeKey Global Root GC CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91 bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg @@ -3349,7 +3347,7 @@ Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 -----END CERTIFICATE-----`)) // Security Communication ECC RootCA1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYT AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYD VQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYx @@ -3365,7 +3363,7 @@ be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k= -----END CERTIFICATE-----`)) // Security Communication RootCA2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX @@ -3388,7 +3386,7 @@ SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 -----END CERTIFICATE-----`)) // AAA Certificate Services - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj @@ -3415,7 +3413,7 @@ smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== -----END CERTIFICATE-----`)) // COMODO Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV @@ -3442,7 +3440,7 @@ ZQ== -----END CERTIFICATE-----`)) // COMODO ECC Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT @@ -3460,7 +3458,7 @@ GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE-----`)) // COMODO RSA Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV @@ -3496,7 +3494,7 @@ NVOFBkpdn627G190 -----END CERTIFICATE-----`)) // Entrust Root Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW @@ -3525,7 +3523,7 @@ eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m -----END CERTIFICATE-----`)) // Entrust Root Certification Authority - EC1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu @@ -3545,7 +3543,7 @@ hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G -----END CERTIFICATE-----`)) // Entrust Root Certification Authority - G2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs @@ -3572,7 +3570,7 @@ VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== -----END CERTIFICATE-----`)) // Entrust Root Certification Authority - G4 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg @@ -3610,7 +3608,7 @@ n/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHw== -----END CERTIFICATE-----`)) // Entrust.net Certification Authority (2048) - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 @@ -3637,7 +3635,7 @@ fF6adulZkMV8gzURZVE= -----END CERTIFICATE-----`)) // Sectigo Public Email Protection Root E46 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICMTCCAbegAwIBAgIQbvXTp0GOoFlApzBr0kBlVjAKBggqhkjOPQQDAzBaMQsw CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTEwLwYDVQQDEyhT ZWN0aWdvIFB1YmxpYyBFbWFpbCBQcm90ZWN0aW9uIFJvb3QgRTQ2MB4XDTIxMDMy @@ -3653,7 +3651,7 @@ cFUoNVaiB8QhhCMaTEyZUJmSFMtK3Fb79dOPaiz1cTr4izsDng== -----END CERTIFICATE-----`)) // Sectigo Public Email Protection Root R46 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFgDCCA2igAwIBAgIQHUSeuQ2DkXSu3fLriLemozANBgkqhkiG9w0BAQwFADBa MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTEwLwYDVQQD EyhTZWN0aWdvIFB1YmxpYyBFbWFpbCBQcm90ZWN0aW9uIFJvb3QgUjQ2MB4XDTIx @@ -3687,7 +3685,7 @@ IBKJg/DS7Vg7NJ27MfUy/THzVho= -----END CERTIFICATE-----`)) // Sectigo Public Server Authentication Root E46 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN @@ -3703,7 +3701,7 @@ qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q -----END CERTIFICATE-----`)) // Sectigo Public Server Authentication Root R46 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw @@ -3737,7 +3735,7 @@ QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL -----END CERTIFICATE-----`)) // USERTrust ECC Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT @@ -3755,7 +3753,7 @@ RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= -----END CERTIFICATE-----`)) // USERTrust RSA Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV @@ -3791,7 +3789,7 @@ jjxDah2nGN59PRbxYvnKkKj9 -----END CERTIFICATE-----`)) // SSL.com Client ECC Root CA 2022 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICQDCCAcagAwIBAgIQdvhIHq7wPHAf4D8lVAGD1TAKBggqhkjOPQQDAzBRMQsw CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSgwJgYDVQQDDB9T U0wuY29tIENsaWVudCBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzAzMloX @@ -3808,7 +3806,7 @@ alqaTQ== -----END CERTIFICATE-----`)) // SSL.com Client RSA Root CA 2022 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFjzCCA3egAwIBAgIQdq/uiJMVRbZQU5uAnKTfmjANBgkqhkiG9w0BAQsFADBR MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSgwJgYDVQQD DB9TU0wuY29tIENsaWVudCBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzEw @@ -3842,7 +3840,7 @@ EYOpuZA0tm+qBZ6FKFeZvn8nBkliTaH8CeErRglMFJtWj0U= -----END CERTIFICATE-----`)) // SSL.com EV Root Certification Authority ECC - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp @@ -3860,7 +3858,7 @@ h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== -----END CERTIFICATE-----`)) // SSL.com EV Root Certification Authority RSA R2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy @@ -3896,7 +3894,7 @@ mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== -----END CERTIFICATE-----`)) // SSL.com Root Certification Authority ECC - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 @@ -3914,7 +3912,7 @@ gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl -----END CERTIFICATE-----`)) // SSL.com Root Certification Authority RSA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp @@ -3950,7 +3948,7 @@ Ic2wBlX7Jz9TkHCpBB5XJ7k= -----END CERTIFICATE-----`)) // SSL.com TLS ECC Root CA 2022 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 @@ -3966,7 +3964,7 @@ b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g== -----END CERTIFICATE-----`)) // SSL.com TLS RSA Root CA 2022 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX @@ -4000,7 +3998,7 @@ Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU -----END CERTIFICATE-----`)) // SwissSign Gold CA - G2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF @@ -4035,7 +4033,7 @@ Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ -----END CERTIFICATE-----`)) // SwissSign RSA SMIME Root CA 2022 - 1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFlzCCA3+gAwIBAgIURg7UAXGQoBqDLEpCECgV0mEbrTIwDQYJKoZIhvcNAQEL BQAwUzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEtMCsGA1UE AxMkU3dpc3NTaWduIFJTQSBTTUlNRSBSb290IENBIDIwMjIgLSAxMB4XDTIyMDYw @@ -4069,7 +4067,7 @@ g9cqTdQAV1zlyvDd4ZIoKxh1vUekQhPpVlqNSl7ODnU1gHMZDywpi7uVuA== -----END CERTIFICATE-----`)) // SwissSign RSA TLS Root CA 2022 - 1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFkzCCA3ugAwIBAgIUQ/oMX04bgBhE79G0TzUfRPSA7cswDQYJKoZIhvcNAQEL BQAwUTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UE AxMiU3dpc3NTaWduIFJTQSBUTFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2MDgx @@ -4103,7 +4101,7 @@ gLrAhV5Cud+xYJHT6xh+cHiudoO+cVrQkOPKwRYlZ0rwtnu64ZzZ -----END CERTIFICATE-----`)) // TWCA CYBER Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIQQAE0jMIAAAAAAAAAATzyxjANBgkqhkiG9w0BAQwFADBQ MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290 IENBMRswGQYDVQQDExJUV0NBIENZQkVSIFJvb3QgQ0EwHhcNMjIxMTIyMDY1NDI5 @@ -4137,7 +4135,7 @@ t5b5wR9iWqJDB0BeJsas7a5wFsWqynKKTbDPAYsDP27X -----END CERTIFICATE-----`)) // TWCA Global Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 @@ -4170,7 +4168,7 @@ KwbQBM0= -----END CERTIFICATE-----`)) // TWCA Global Root CA G2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFlTCCA32gAwIBAgIQQAE0jMIAAAAAAAAAAZdY9DANBgkqhkiG9w0BAQwFADBU MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290 IENBMR8wHQYDVQQDExZUV0NBIEdsb2JhbCBSb290IENBIEcyMB4XDTIyMTEyMjA2 @@ -4204,7 +4202,7 @@ m+nQwfVJlN2nznxaB+uuIJwXMJJpk3Lzmltxm/5q33owaY6zLtsPLN0= -----END CERTIFICATE-----`)) // TWCA Root Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz @@ -4227,7 +4225,7 @@ YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== -----END CERTIFICATE-----`)) // Telia Root CA v2 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQx CzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UE AwwQVGVsaWEgUm9vdCBDQSB2MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1 @@ -4261,7 +4259,7 @@ rBPuUBQemMc= -----END CERTIFICATE-----`)) // TeliaSonera Root CA v1 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD @@ -4293,7 +4291,7 @@ SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= -----END CERTIFICATE-----`)) // TrustAsia Global Root CA G3 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEM BQAwWjELMAkGA1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dp ZXMsIEluYy4xJDAiBgNVBAMMG1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAe @@ -4328,7 +4326,7 @@ FGWsJwt0ivKH -----END CERTIFICATE-----`)) // TrustAsia Global Root CA G4 - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMw WjELMAkGA1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMs IEluYy4xJDAiBgNVBAMMG1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0y @@ -4345,7 +4343,7 @@ UKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xkdUfFVZDj -----END CERTIFICATE-----`)) // TrustAsia SMIME ECC Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICNjCCAbugAwIBAgIUWsL4KU/jfcVeHRhvO5MgH/97ui0wCgYIKoZIzj0EAwMw WjELMAkGA1UEBhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dpZXMs IEluYy4xJDAiBgNVBAMTG1RydXN0QXNpYSBTTUlNRSBFQ0MgUm9vdCBDQTAeFw0y @@ -4361,7 +4359,7 @@ K9by9XGEnqjHiozWWBFStbgEy8xxdWPixhk42W1sGXGkFhkhk7oGRChs -----END CERTIFICATE-----`)) // TrustAsia SMIME RSA Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFhDCCA2ygAwIBAgIUWu5x394MV4W1uzYi17h2RgJzyv8wDQYJKoZIhvcNAQEM BQAwWjELMAkGA1UEBhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dp ZXMsIEluYy4xJDAiBgNVBAMTG1RydXN0QXNpYSBTTUlNRSBSU0EgUm9vdCBDQTAe @@ -4395,7 +4393,7 @@ oMK6g/vNpJd1IJq/p1Di3a0sH/Q/o8gx -----END CERTIFICATE-----`)) // TrustAsia TLS ECC Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICMTCCAbegAwIBAgIUNnThTXxlE8msg1UloD5Sfi9QaMcwCgYIKoZIzj0EAwMw WDELMAkGA1UEBhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dpZXMs IEluYy4xIjAgBgNVBAMTGVRydXN0QXNpYSBUTFMgRUNDIFJvb3QgQ0EwHhcNMjQw @@ -4411,7 +4409,7 @@ OkwrULG9IpRdNYlzg8WbGf60oenUoWa2AaU2+dhoYSi3dOGiMQ== -----END CERTIFICATE-----`)) // TrustAsia TLS RSA Root CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIFgDCCA2igAwIBAgIUHBjYz+VTPyI1RlNUJDxsR9FcSpwwDQYJKoZIhvcNAQEM BQAwWDELMAkGA1UEBhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dp ZXMsIEluYy4xIjAgBgNVBAMTGVRydXN0QXNpYSBUTFMgUlNBIFJvb3QgQ0EwHhcN @@ -4445,7 +4443,7 @@ ly4wBOeY99sLAZDBHwo/+ML+TvrbmnNzFrwFuHnYWa8G5z9nODmxfKuU4CkUpijy -----END CERTIFICATE-----`)) // Secure Global CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx @@ -4469,7 +4467,7 @@ f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW -----END CERTIFICATE-----`)) // SecureTrust CA - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz @@ -4493,7 +4491,7 @@ CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR -----END CERTIFICATE-----`)) // Trustwave Global Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQsw CQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28x ITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1 @@ -4529,7 +4527,7 @@ yeC2nOnOcXHebD8WpHk= -----END CERTIFICATE-----`)) // Trustwave Global ECC P256 Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 @@ -4546,7 +4544,7 @@ DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 -----END CERTIFICATE-----`)) // Trustwave Global ECC P384 Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYD VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 @@ -4565,7 +4563,7 @@ Sw== -----END CERTIFICATE-----`)) // XRamp Global Certification Authority - mozillaIncluded.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- + pool.AppendCertsFromPEM([]byte(`-----BEGIN CERTIFICATE----- MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY @@ -4590,4 +4588,5 @@ IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ O+7ETPTsJ3xCwnR8gooJybQDJbw= -----END CERTIFICATE-----`)) + return pool } diff --git a/common/certificate/store.go b/common/certificate/store.go index cfced463..353bc818 100644 --- a/common/certificate/store.go +++ b/common/certificate/store.go @@ -22,6 +22,7 @@ var _ adapter.CertificateStore = (*Store)(nil) type Store struct { access sync.RWMutex + storeType string systemPool *x509.CertPool currentPool *x509.CertPool certificate string @@ -31,9 +32,13 @@ type Store struct { } func NewStore(ctx context.Context, logger logger.Logger, options option.CertificateOptions) (*Store, error) { + storeType := options.Store + if storeType == "" { + storeType = C.CertificateStoreSystem + } var systemPool *x509.CertPool - switch options.Store { - case C.CertificateStoreSystem, "": + switch storeType { + case C.CertificateStoreSystem: systemPool = x509.NewCertPool() platformInterface := service.FromContext[adapter.PlatformInterface](ctx) var systemValid bool @@ -51,16 +56,13 @@ func NewStore(ctx context.Context, logger logger.Logger, options option.Certific } systemPool = certPool } - case C.CertificateStoreMozilla: - systemPool = mozillaIncluded - case C.CertificateStoreChrome: - systemPool = chromeIncluded + case C.CertificateStoreMozilla, C.CertificateStoreChrome: case C.CertificateStoreNone: - systemPool = nil default: return nil, E.New("unknown certificate store: ", options.Store) } store := &Store{ + storeType: storeType, systemPool: systemPool, certificate: strings.Join(options.Certificate, "\n"), certificatePaths: options.CertificatePath, @@ -124,13 +126,9 @@ func (s *Store) Pool() *x509.CertPool { } func (s *Store) update() error { - s.access.Lock() - defer s.access.Unlock() - var currentPool *x509.CertPool - if s.systemPool == nil { - currentPool = x509.NewCertPool() - } else { - currentPool = s.systemPool.Clone() + currentPool, err := s.newBasePool() + if err != nil { + return err } if s.certificate != "" { if !currentPool.AppendCertsFromPEM([]byte(s.certificate)) { @@ -165,10 +163,30 @@ func (s *Store) update() error { if firstErr != nil { return firstErr } + s.access.Lock() + defer s.access.Unlock() s.currentPool = currentPool return nil } +func (s *Store) newBasePool() (*x509.CertPool, error) { + switch s.storeType { + case C.CertificateStoreSystem: + if s.systemPool == nil { + return x509.NewCertPool(), nil + } + return s.systemPool.Clone(), nil + case C.CertificateStoreMozilla: + return newMozillaIncluded(), nil + case C.CertificateStoreChrome: + return newChromeIncluded(), nil + case C.CertificateStoreNone: + return x509.NewCertPool(), nil + default: + return nil, E.New("unknown certificate store: ", s.storeType) + } +} + func readUniqueDirectoryEntries(dir string) ([]fs.DirEntry, error) { files, err := os.ReadDir(dir) if err != nil { diff --git a/common/convertor/adguard/convertor.go b/common/convertor/adguard/convertor.go index 3e6d0254..187c4f4d 100644 --- a/common/convertor/adguard/convertor.go +++ b/common/convertor/adguard/convertor.go @@ -63,9 +63,7 @@ parseLine: } continue } - if strings.HasSuffix(ruleLine, "|") { - ruleLine = ruleLine[:len(ruleLine)-1] - } + ruleLine = strings.TrimSuffix(ruleLine, "|") var ( isExclude bool isSuffix bool @@ -76,7 +74,7 @@ parseLine: ) if !strings.HasPrefix(ruleLine, "/") && strings.Contains(ruleLine, "$") { params := common.SubstringAfter(ruleLine, "$") - for _, param := range strings.Split(params, ",") { + for param := range strings.SplitSeq(params, ",") { paramParts := strings.Split(param, "=") var ignored bool if len(paramParts) > 0 && len(paramParts) <= 2 { @@ -106,9 +104,7 @@ parseLine: ruleLine = ruleLine[2:] isExclude = true } - if strings.HasSuffix(ruleLine, "|") { - ruleLine = ruleLine[:len(ruleLine)-1] - } + ruleLine = strings.TrimSuffix(ruleLine, "|") if strings.HasPrefix(ruleLine, "||") { ruleLine = ruleLine[2:] isSuffix = true @@ -414,18 +410,18 @@ func ignoreIPCIDRRegexp(ruleLine string) bool { } func parseAdGuardHostLine(ruleLine string) (string, error) { - idx := strings.Index(ruleLine, " ") - if idx == -1 { + before, after, ok := strings.Cut(ruleLine, " ") + if !ok { return "", os.ErrInvalid } - address, err := netip.ParseAddr(ruleLine[:idx]) + address, err := netip.ParseAddr(before) if err != nil { return "", err } if !address.IsUnspecified() { return "", nil } - domain := ruleLine[idx+1:] + domain := after if !M.IsDomainName(domain) { return "", E.New("invalid domain name: ", domain) } diff --git a/common/dialer/default_parallel_interface.go b/common/dialer/default_parallel_interface.go index eafab75a..e91abc28 100644 --- a/common/dialer/default_parallel_interface.go +++ b/common/dialer/default_parallel_interface.go @@ -136,18 +136,16 @@ func (d *DefaultDialer) dialParallelInterfaceFastFallback(ctx context.Context, d go startRacer(fallbackCtx, false, iif) } var errors []error - for { - select { - case res := <-results: - if res.error == nil { - return res.Conn, res.primary, nil - } - errors = append(errors, res.error) - if len(errors) == len(primaryInterfaces)+len(fallbackInterfaces) { - return nil, false, E.Errors(errors...) - } + for res := range results { + if res.error == nil { + return res.Conn, res.primary, nil + } + errors = append(errors, res.error) + if len(errors) == len(primaryInterfaces)+len(fallbackInterfaces) { + return nil, false, E.Errors(errors...) } } + return nil, false, E.Errors(errors...) } func (d *DefaultDialer) listenSerialInterfacePacket(ctx context.Context, listener net.ListenConfig, network string, addr string, strategy C.NetworkStrategy, interfaceType []C.InterfaceType, fallbackInterfaceType []C.InterfaceType, fallbackDelay time.Duration) (net.PacketConn, error) { diff --git a/common/geosite/compat_test.go b/common/geosite/compat_test.go index 1a55c644..9c66aea3 100644 --- a/common/geosite/compat_test.go +++ b/common/geosite/compat_test.go @@ -19,11 +19,6 @@ func oldWriteString(writer varbin.Writer, value string) error { return varbin.Write(writer, binary.BigEndian, value) } -func oldWriteItem(writer varbin.Writer, item Item) error { - //nolint:staticcheck - return varbin.Write(writer, binary.BigEndian, item) -} - func oldReadString(reader varbin.Reader) (string, error) { //nolint:staticcheck return varbin.ReadValue[string](reader, binary.BigEndian) @@ -224,7 +219,7 @@ func TestGeositeWriteReadCompat(t *testing.T) { func generateLargeItems(count int) map[string][]Item { items := make([]Item, count) - for i := 0; i < count; i++ { + for i := range count { items[i] = Item{ Type: ItemType(i % 4), Value: strings.Repeat("x", i%200) + ".com", diff --git a/common/geosite/reader.go b/common/geosite/reader.go index ef99837d..ecd63a7e 100644 --- a/common/geosite/reader.go +++ b/common/geosite/reader.go @@ -48,12 +48,6 @@ func NewReader(readSeeker io.ReadSeeker) (*Reader, []string, error) { return reader, codes, nil } -type geositeMetadata struct { - Code string - Index uint64 - Length uint64 -} - func (r *Reader) readMetadata() error { counter := &readCounter{Reader: r.reader} reader := bufio.NewReader(counter) @@ -101,6 +95,9 @@ func (r *Reader) readMetadata() error { } func (r *Reader) Read(code string) ([]Item, error) { + r.access.Lock() + defer r.access.Unlock() + index, exists := r.domainIndex[code] if !exists { return nil, E.New("code ", code, " not exists!") diff --git a/common/ja3/parser.go b/common/ja3/parser.go index f9cca603..a4bd7123 100644 --- a/common/ja3/parser.go +++ b/common/ja3/parser.go @@ -131,7 +131,7 @@ func (j *ClientHello) parseHandshake(hs []byte) error { return &ParseError{LengthErr, 7} } - for i := 0; i < numCiphers; i++ { + for i := range numCiphers { cipherSuite := uint16(cs[2+i<<1])<<8 | uint16(cs[3+i<<1]) cipherSuites = append(cipherSuites, cipherSuite) } @@ -234,7 +234,7 @@ func (j *ClientHello) parseExtensions(exs []byte) error { return &ParseError{LengthErr, 16} } - for i := 0; i < numCurves; i++ { + for i := range numCurves { ecType := uint16(sex[i*2])<<8 | uint16(sex[1+i*2]) ellipticCurves = append(ellipticCurves, ecType) } @@ -256,7 +256,7 @@ func (j *ClientHello) parseExtensions(exs []byte) error { return &ParseError{LengthErr, 18} } - for i := 0; i < numPF; i++ { + for i := range numPF { ellipticCurvePF[i] = uint8(sex[i]) } case versionExtensionType: diff --git a/common/ktls/ktls_handshake_messages.go b/common/ktls/ktls_handshake_messages.go index f44958c0..adf023bb 100644 --- a/common/ktls/ktls_handshake_messages.go +++ b/common/ktls/ktls_handshake_messages.go @@ -6,48 +6,7 @@ package ktls -import ( - "fmt" - - "golang.org/x/crypto/cryptobyte" -) - -// The marshalingFunction type is an adapter to allow the use of ordinary -// functions as cryptobyte.MarshalingValue. -type marshalingFunction func(b *cryptobyte.Builder) error - -func (f marshalingFunction) Marshal(b *cryptobyte.Builder) error { - return f(b) -} - -// addBytesWithLength appends a sequence of bytes to the cryptobyte.Builder. If -// the length of the sequence is not the value specified, it produces an error. -func addBytesWithLength(b *cryptobyte.Builder, v []byte, n int) { - b.AddValue(marshalingFunction(func(b *cryptobyte.Builder) error { - if len(v) != n { - return fmt.Errorf("invalid value length: expected %d, got %d", n, len(v)) - } - b.AddBytes(v) - return nil - })) -} - -// addUint64 appends a big-endian, 64-bit value to the cryptobyte.Builder. -func addUint64(b *cryptobyte.Builder, v uint64) { - b.AddUint32(uint32(v >> 32)) - b.AddUint32(uint32(v)) -} - -// readUint64 decodes a big-endian, 64-bit value into out and advances over it. -// It reports whether the read was successful. -func readUint64(s *cryptobyte.String, out *uint64) bool { - var hi, lo uint32 - if !s.ReadUint32(&hi) || !s.ReadUint32(&lo) { - return false - } - *out = uint64(hi)<<32 | uint64(lo) - return true -} +import "golang.org/x/crypto/cryptobyte" // readUint8LengthPrefixed acts like s.ReadUint8LengthPrefixed, but targets a // []byte instead of a cryptobyte.String. @@ -61,12 +20,6 @@ func readUint16LengthPrefixed(s *cryptobyte.String, out *[]byte) bool { return s.ReadUint16LengthPrefixed((*cryptobyte.String)(out)) } -// readUint24LengthPrefixed acts like s.ReadUint24LengthPrefixed, but targets a -// []byte instead of a cryptobyte.String. -func readUint24LengthPrefixed(s *cryptobyte.String, out *[]byte) bool { - return s.ReadUint24LengthPrefixed((*cryptobyte.String)(out)) -} - type keyUpdateMsg struct { updateRequested bool } @@ -125,11 +78,6 @@ const ( typeMessageHash uint8 = 254 // synthetic message ) -// TLS compression types. -const ( - compressionNone uint8 = 0 -) - // TLS extension numbers const ( extensionServerName uint16 = 0 diff --git a/common/ktls/ktls_write.go b/common/ktls/ktls_write.go index 76533b4a..f4e0f65d 100644 --- a/common/ktls/ktls_write.go +++ b/common/ktls/ktls_write.go @@ -77,78 +77,5 @@ func (c *Conn) writeRecordLocked(typ uint16, data []byte) (n int, err error) { if !c.kernelTx { return c.rawConn.WriteRecordLocked(typ, data) } - /*for len(data) > 0 { - m := len(data) - if maxPayload := c.maxPayloadSizeForWrite(typ); m > maxPayload { - m = maxPayload - } - _, err = c.writeKernelRecord(typ, data[:m]) - if err != nil { - return - } - n += m - data = data[m:] - }*/ return c.writeKernelRecord(typ, data) } - -const ( - // tcpMSSEstimate is a conservative estimate of the TCP maximum segment - // size (MSS). A constant is used, rather than querying the kernel for - // the actual MSS, to avoid complexity. The value here is the IPv6 - // minimum MTU (1280 bytes) minus the overhead of an IPv6 header (40 - // bytes) and a TCP header with timestamps (32 bytes). - tcpMSSEstimate = 1208 - - // recordSizeBoostThreshold is the number of bytes of application data - // sent after which the TLS record size will be increased to the - // maximum. - recordSizeBoostThreshold = 128 * 1024 -) - -func (c *Conn) maxPayloadSizeForWrite(typ uint16) int { - if /*c.config.DynamicRecordSizingDisabled ||*/ typ != recordTypeApplicationData { - return maxPlaintext - } - - if *c.rawConn.PacketsSent >= recordSizeBoostThreshold { - return maxPlaintext - } - - // Subtract TLS overheads to get the maximum payload size. - payloadBytes := tcpMSSEstimate - recordHeaderLen - c.rawConn.Out.ExplicitNonceLen() - if rawCipher := *c.rawConn.Out.Cipher; rawCipher != nil { - switch ciph := rawCipher.(type) { - case cipher.Stream: - payloadBytes -= (*c.rawConn.Out.Mac).Size() - case cipher.AEAD: - payloadBytes -= ciph.Overhead() - /*case cbcMode: - blockSize := ciph.BlockSize() - // The payload must fit in a multiple of blockSize, with - // room for at least one padding byte. - payloadBytes = (payloadBytes & ^(blockSize - 1)) - 1 - // The RawMac is appended before padding so affects the - // payload size directly. - payloadBytes -= c.out.mac.Size()*/ - default: - panic("unknown cipher type") - } - } - if *c.rawConn.Vers == tls.VersionTLS13 { - payloadBytes-- // encrypted ContentType - } - - // Allow packet growth in arithmetic progression up to max. - pkt := *c.rawConn.PacketsSent - *c.rawConn.PacketsSent++ - if pkt > 1000 { - return maxPlaintext // avoid overflow in multiply below - } - - n := payloadBytes * int(pkt+1) - if n > maxPlaintext { - n = maxPlaintext - } - return n -} diff --git a/common/process/searcher_darwin_shared.go b/common/process/searcher_darwin_shared.go index 20129c1a..66b334b2 100644 --- a/common/process/searcher_darwin_shared.go +++ b/common/process/searcher_darwin_shared.go @@ -81,7 +81,7 @@ func (f *darwinConnectionFinder) find(network string, source netip.AddrPort, des source = normalizeDarwinAddrPort(source) destination = normalizeDarwinAddrPort(destination) var lastOwner *adapter.ConnectionOwner - for attempt := 0; attempt < 2; attempt++ { + for attempt := range 2 { snapshot, fromCache, err := f.loadSnapshot(networkName, attempt > 0) if err != nil { return nil, err diff --git a/common/process/searcher_linux_shared.go b/common/process/searcher_linux_shared.go index cd0601bc..9e868f36 100644 --- a/common/process/searcher_linux_shared.go +++ b/common/process/searcher_linux_shared.go @@ -1,5 +1,6 @@ //go:build linux +//nolint:unused package process import ( @@ -117,7 +118,7 @@ func (c *socketDiagConn) query(source netip.AddrPort, destination netip.AddrPort c.access.Lock() defer c.access.Unlock() request := packSocketDiagRequest(c.family, c.protocol, source, destination, false) - for attempt := 0; attempt < 2; attempt++ { + for range 2 { err = c.ensureOpenLocked() if err != nil { return 0, 0, E.Cause(err, "dial netlink") diff --git a/common/settings/proxy_darwin.go b/common/settings/proxy_darwin.go index 53ed0fe0..baaf6ced 100644 --- a/common/settings/proxy_darwin.go +++ b/common/settings/proxy_darwin.go @@ -109,7 +109,7 @@ func getInterfaceDisplayName(name string) (string, error) { if err != nil { return "", err } - for _, deviceSpan := range strings.Split(string(content), "Ethernet Address") { + for deviceSpan := range strings.SplitSeq(string(content), "Ethernet Address") { if strings.Contains(deviceSpan, "Device: "+name) { substr := "Hardware Port: " deviceSpan = deviceSpan[strings.Index(deviceSpan, substr)+len(substr):] diff --git a/common/settings/wifi_linux_connman.go b/common/settings/wifi_linux_connman.go index 74706a7b..46f6ea17 100644 --- a/common/settings/wifi_linux_connman.go +++ b/common/settings/wifi_linux_connman.go @@ -40,14 +40,14 @@ func (m *connmanMonitor) ReadWIFIState() adapter.WIFIState { defer cancel() cmObj := m.conn.Object("net.connman", "/") - var services []interface{} + var services []any err := cmObj.CallWithContext(ctx, "net.connman.Manager.GetServices", 0).Store(&services) if err != nil { return adapter.WIFIState{} } for _, service := range services { - servicePair, ok := service.([]interface{}) + servicePair, ok := service.([]any) if !ok || len(servicePair) != 2 { continue } diff --git a/common/settings/wifi_linux_wpa.go b/common/settings/wifi_linux_wpa.go index 51e76c1c..192c2f01 100644 --- a/common/settings/wifi_linux_wpa.go +++ b/common/settings/wifi_linux_wpa.go @@ -1,3 +1,4 @@ +//nolint:unused package settings import ( @@ -73,13 +74,13 @@ func (m *wpaSupplicantMonitor) ReadWIFIState() adapter.WIFIState { scanner := bufio.NewScanner(strings.NewReader(status)) for scanner.Scan() { line := scanner.Text() - if strings.HasPrefix(line, "wpa_state=") { - state := strings.TrimPrefix(line, "wpa_state=") + if after, ok := strings.CutPrefix(line, "wpa_state="); ok { + state := after connected = state == "COMPLETED" - } else if strings.HasPrefix(line, "ssid=") { - ssid = strings.TrimPrefix(line, "ssid=") - } else if strings.HasPrefix(line, "bssid=") { - bssid = strings.TrimPrefix(line, "bssid=") + } else if after, ok := strings.CutPrefix(line, "ssid="); ok { + ssid = after + } else if after, ok := strings.CutPrefix(line, "bssid="); ok { + bssid = after } } diff --git a/common/settings/wifi_stub.go b/common/settings/wifi_stub.go index fd39af9e..499212e4 100644 --- a/common/settings/wifi_stub.go +++ b/common/settings/wifi_stub.go @@ -1,5 +1,6 @@ //go:build !linux && !windows +//nolint:unused package settings import ( diff --git a/common/sniff/internal/qtls/qtls.go b/common/sniff/internal/qtls/qtls.go index 9742de1e..72414c61 100644 --- a/common/sniff/internal/qtls/qtls.go +++ b/common/sniff/internal/qtls/qtls.go @@ -54,9 +54,8 @@ type xorNonceAEAD struct { aead cipher.AEAD } -func (f *xorNonceAEAD) NonceSize() int { return 8 } // 64-bit sequence number -func (f *xorNonceAEAD) Overhead() int { return f.aead.Overhead() } -func (f *xorNonceAEAD) explicitNonceLen() int { return 0 } +func (f *xorNonceAEAD) NonceSize() int { return 8 } // 64-bit sequence number +func (f *xorNonceAEAD) Overhead() int { return f.aead.Overhead() } func (f *xorNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte { for i, b := range nonce { diff --git a/common/sniff/quic_blacklist.go b/common/sniff/quic_blacklist.go index 56a15152..bdf9cdb1 100644 --- a/common/sniff/quic_blacklist.go +++ b/common/sniff/quic_blacklist.go @@ -1,6 +1,8 @@ package sniff import ( + "slices" + "github.com/sagernet/sing-box/common/ja3" ) @@ -15,15 +17,8 @@ const ( // Note: uQUIC with Chromium mimicry cannot be reliably distinguished from real Chromium // since it uses the same TLS fingerprint, so it will be identified as Chromium. func isQUICGo(fingerprint *ja3.ClientHello) bool { - for _, curve := range fingerprint.EllipticCurves { - if curve == x25519Kyber768Draft00 { - return true - } + if slices.Contains(fingerprint.EllipticCurves, x25519Kyber768Draft00) { + return true } - for _, ext := range fingerprint.Extensions { - if ext == extensionRenegotiationInfo { - return true - } - } - return false + return slices.Contains(fingerprint.Extensions, extensionRenegotiationInfo) } diff --git a/common/sniff/quic_capture_test.go b/common/sniff/quic_capture_test.go index 4c9eb838..7af3b6a2 100644 --- a/common/sniff/quic_capture_test.go +++ b/common/sniff/quic_capture_test.go @@ -30,7 +30,7 @@ func TestSniffQUICQuicGoFingerprint(t *testing.T) { go func() { var packets [][]byte udpConn.SetReadDeadline(time.Now().Add(3 * time.Second)) - for i := 0; i < 10; i++ { + for range 10 { buf := make([]byte, 2048) n, _, err := udpConn.ReadFromUDP(buf) if err != nil { @@ -104,7 +104,7 @@ func TestSniffQUICInitialFromQuicGo(t *testing.T) { go func() { var packets [][]byte udpConn.SetReadDeadline(time.Now().Add(3 * time.Second)) - for i := 0; i < 5; i++ { // Capture up to 5 packets + for range 5 { // Capture up to 5 packets buf := make([]byte, 2048) n, _, err := udpConn.ReadFromUDP(buf) if err != nil { diff --git a/common/srs/binary.go b/common/srs/binary.go index ca12fff0..d2c865e1 100644 --- a/common/srs/binary.go +++ b/common/srs/binary.go @@ -78,7 +78,7 @@ func Read(reader io.Reader, recover bool) (ruleSetCompat option.PlainRuleSetComp } ruleSetCompat.Version = version ruleSetCompat.Options.Rules = make([]option.HeadlessRule, length) - for i := uint64(0); i < length; i++ { + for i := range length { ruleSetCompat.Options.Rules[i], err = readRule(bReader, recover) if err != nil { err = E.Cause(err, "read rule[", i, "]") @@ -644,7 +644,7 @@ func readLogicalRule(reader varbin.Reader, recovery bool) (logicalRule option.Lo return } logicalRule.Rules = make([]option.HeadlessRule, length) - for i := uint64(0); i < length; i++ { + for i := range length { logicalRule.Rules[i], err = readRule(reader, recovery) if err != nil { err = E.Cause(err, "read logical rule [", i, "]") diff --git a/common/srs/compat_test.go b/common/srs/compat_test.go index 98552b32..46f3c114 100644 --- a/common/srs/compat_test.go +++ b/common/srs/compat_test.go @@ -450,7 +450,7 @@ func buildIPSet(cidrs ...string) *netipx.IPSet { func buildLargeIPSet(count int) *netipx.IPSet { var builder netipx.IPSetBuilder - for i := 0; i < count; i++ { + for i := range count { prefix := netip.PrefixFrom(netip.AddrFrom4([4]byte{10, byte(i / 256), byte(i % 256), 0}), 24) builder.AddPrefix(prefix) } diff --git a/common/tls/reality_client.go b/common/tls/reality_client.go index 9362d2f8..d8328770 100644 --- a/common/tls/reality_client.go +++ b/common/tls/reality_client.go @@ -267,8 +267,8 @@ type realityVerifier struct { } func (c *realityVerifier) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { - p, _ := reflect.TypeOf(c.Conn).Elem().FieldByName("peerCertificates") - certs := *(*([]*x509.Certificate))(unsafe.Pointer(uintptr(unsafe.Pointer(c.Conn)) + p.Offset)) + p, _ := reflect.TypeFor[utls.Conn]().FieldByName("peerCertificates") + certs := *(*([]*x509.Certificate))(unsafe.Add(unsafe.Pointer(c.Conn), p.Offset)) if pub, ok := certs[0].PublicKey.(ed25519.PublicKey); ok { h := hmac.New(sha512.New, c.authKey) h.Write(pub) diff --git a/common/tls/std_server.go b/common/tls/std_server.go index 760c4b3a..a1a2a611 100644 --- a/common/tls/std_server.go +++ b/common/tls/std_server.go @@ -141,13 +141,14 @@ func (c *STDServerConfig) startWatcher() error { func (c *STDServerConfig) certificateUpdated(path string) error { if path == c.certificatePath || path == c.keyPath { - if path == c.certificatePath { + switch path { + case c.certificatePath: certificate, err := os.ReadFile(c.certificatePath) if err != nil { return E.Cause(err, "reload certificate from ", c.certificatePath) } c.certificate = certificate - } else if path == c.keyPath { + case c.keyPath: key, err := os.ReadFile(c.keyPath) if err != nil { return E.Cause(err, "reload key from ", c.keyPath) @@ -338,9 +339,10 @@ func NewSTDServer(ctx context.Context, logger log.ContextLogger, options option. } tlsConfig.ClientCAs = clientCertificateCA } else if len(options.ClientCertificatePublicKeySHA256) > 0 { - if tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert { + switch tlsConfig.ClientAuth { + case tls.RequireAndVerifyClientCert: tlsConfig.ClientAuth = tls.RequireAnyClientCert - } else if tlsConfig.ClientAuth == tls.VerifyClientCertIfGiven { + case tls.VerifyClientCertIfGiven: tlsConfig.ClientAuth = tls.RequestClientCert } tlsConfig.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { diff --git a/common/xray/utils/browser.go b/common/xray/utils/browser.go index 12acde4c..944c5cdd 100644 --- a/common/xray/utils/browser.go +++ b/common/xray/utils/browser.go @@ -31,9 +31,11 @@ func ChromeVersion() int { return startVersion + (timeDiff / 35) // It's 31.15 currently. } -var safariMinorMap [25]int = [25]int{0, 0, 0, 1, 1, +var safariMinorMap [25]int = [25]int{ + 0, 0, 0, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 4, 4, - 4, 5, 5, 5, 5, 5, 6, 6, 6, 6} + 4, 5, 5, 5, 5, 5, 6, 6, 6, 6, +} // The following version generators use deterministic generators, but with the distribution scaled by a curve. func CurlVersion() string { @@ -44,41 +46,67 @@ func CurlVersion() string { var minorValue int = int(timeDiff / 57) // The release cadence is actually 56.67 days. return "8." + strconv.Itoa(minorValue) + ".0" } + func FirefoxVersion() int { // Firefox 128 ESR was released on 09/07/2023. var timeCurrent int64 = time.Now().Unix() / 86400 var timeStart int64 = time.Date(2024, 7, 29, 0, 0, 0, 0, time.UTC).Unix() / 86400 - var timeDiff = timeCurrent - timeStart - 25 - int64(math.Floor(math.Pow(globalRng.Float64(), 2)*50)) + timeDiff := timeCurrent - timeStart - 25 - int64(math.Floor(math.Pow(globalRng.Float64(), 2)*50)) return int(timeDiff/30) + 128 } + func SafariVersion() string { var anchoredTime time.Time = time.Now() var releaseYear int = anchoredTime.Year() var splitPoint time.Time = time.Date(releaseYear, 9, 23, 0, 0, 0, 0, time.UTC) - var delayedDays = int(math.Floor(math.Pow(globalRng.Float64(), 3) * 75)) + delayedDays := int(math.Floor(math.Pow(globalRng.Float64(), 3) * 75)) splitPoint = splitPoint.AddDate(0, 0, delayedDays) if anchoredTime.Compare(splitPoint) < 0 { releaseYear-- splitPoint = time.Date(releaseYear, 9, 23, 0, 0, 0, 0, time.UTC) splitPoint = splitPoint.AddDate(0, 0, delayedDays) } - var minorVersion = safariMinorMap[(anchoredTime.Unix()-splitPoint.Unix())/1296000] + minorVersion := safariMinorMap[(anchoredTime.Unix()-splitPoint.Unix())/1296000] return strconv.Itoa(releaseYear-1999) + "." + strconv.Itoa(minorVersion) } // The full Chromium brand GREASE implementation -var clientHintGreaseNA = []string{" ", "(", ":", "-", ".", "/", ")", ";", "=", "?", "_"} -var clientHintVersionNA = []string{"8", "99", "24"} -var clientHintShuffle3 = [][3]int{{0, 1, 2}, {0, 2, 1}, {1, 0, 2}, {1, 2, 0}, {2, 0, 1}, {2, 1, 0}} -var clientHintShuffle4 = [][4]int{ - {0, 1, 2, 3}, {0, 1, 3, 2}, {0, 2, 1, 3}, {0, 2, 3, 1}, {0, 3, 1, 2}, {0, 3, 2, 1}, - {1, 0, 2, 3}, {1, 0, 3, 2}, {1, 2, 0, 3}, {1, 2, 3, 0}, {1, 3, 0, 2}, {1, 3, 2, 0}, - {2, 0, 1, 3}, {2, 0, 3, 1}, {2, 1, 0, 3}, {2, 1, 3, 0}, {2, 3, 0, 1}, {2, 3, 1, 0}, - {3, 0, 1, 2}, {3, 0, 2, 1}, {3, 1, 0, 2}, {3, 1, 2, 0}, {3, 2, 0, 1}, {3, 2, 1, 0}} +var ( + clientHintGreaseNA = []string{" ", "(", ":", "-", ".", "/", ")", ";", "=", "?", "_"} + clientHintVersionNA = []string{"8", "99", "24"} + clientHintShuffle3 = [][3]int{{0, 1, 2}, {0, 2, 1}, {1, 0, 2}, {1, 2, 0}, {2, 0, 1}, {2, 1, 0}} + clientHintShuffle4 = [][4]int{ + {0, 1, 2, 3}, + {0, 1, 3, 2}, + {0, 2, 1, 3}, + {0, 2, 3, 1}, + {0, 3, 1, 2}, + {0, 3, 2, 1}, + {1, 0, 2, 3}, + {1, 0, 3, 2}, + {1, 2, 0, 3}, + {1, 2, 3, 0}, + {1, 3, 0, 2}, + {1, 3, 2, 0}, + {2, 0, 1, 3}, + {2, 0, 3, 1}, + {2, 1, 0, 3}, + {2, 1, 3, 0}, + {2, 3, 0, 1}, + {2, 3, 1, 0}, + {3, 0, 1, 2}, + {3, 0, 2, 1}, + {3, 1, 0, 2}, + {3, 1, 2, 0}, + {3, 2, 0, 1}, + {3, 2, 1, 0}, + } +) func getGreasedChInvalidBrand(seed int) string { return "\"Not" + clientHintGreaseNA[seed%len(clientHintGreaseNA)] + "A" + clientHintGreaseNA[(seed+1)%len(clientHintGreaseNA)] + "Brand\";v=\"" + clientHintVersionNA[seed%len(clientHintVersionNA)] + "\"" } + func getGreasedChOrder(brandLength int, seed int) []int { switch brandLength { case 1: @@ -92,6 +120,7 @@ func getGreasedChOrder(brandLength int, seed int) []int { } //return []int{} } + func getUngreasedChUa(majorVersion int, forkName string) []string { // Set the capacity to 4, the maximum allowed brand size, so Go will never allocate memory twice baseChUa := make([]string, 0, 4) @@ -105,6 +134,7 @@ func getUngreasedChUa(majorVersion int, forkName string) []string { } return baseChUa } + func getGreasedChUa(majorVersion int, forkName string) string { ungreasedCh := getUngreasedChUa(majorVersion, forkName) shuffleMap := getGreasedChOrder(len(ungreasedCh), majorVersion) @@ -116,17 +146,21 @@ func getGreasedChUa(majorVersion int, forkName string) string { } // The code below provides a coherent default browser user agent string based on a CPU-seeded PRNG. -var CurlUA = "curl/" + CurlVersion() -var AnchoredFirefoxVersion = strconv.Itoa(FirefoxVersion()) -var FirefoxUA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:" + AnchoredFirefoxVersion + ".0) Gecko/20100101 Firefox/" + AnchoredFirefoxVersion + ".0" -var SafariUA = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/" + SafariVersion() + " Safari/605.1.15" +var ( + CurlUA = "curl/" + CurlVersion() + AnchoredFirefoxVersion = strconv.Itoa(FirefoxVersion()) + FirefoxUA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:" + AnchoredFirefoxVersion + ".0) Gecko/20100101 Firefox/" + AnchoredFirefoxVersion + ".0" + SafariUA = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/" + SafariVersion() + " Safari/605.1.15" +) // Chromium browsers. -var AnchoredChromeVersion = ChromeVersion() -var ChromeUA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/" + strconv.Itoa(AnchoredChromeVersion) + ".0.0.0 Safari/537.36" -var ChromeUACH = getGreasedChUa(AnchoredChromeVersion, "chrome") -var MSEdgeUA = ChromeUA + "Edg/" + strconv.Itoa(AnchoredChromeVersion) + ".0.0.0" -var MSEdgeUACH = getGreasedChUa(AnchoredChromeVersion, "edge") +var ( + AnchoredChromeVersion = ChromeVersion() + ChromeUA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/" + strconv.Itoa(AnchoredChromeVersion) + ".0.0.0 Safari/537.36" + ChromeUACH = getGreasedChUa(AnchoredChromeVersion, "chrome") + MSEdgeUA = ChromeUA + "Edg/" + strconv.Itoa(AnchoredChromeVersion) + ".0.0.0" + MSEdgeUACH = getGreasedChUa(AnchoredChromeVersion, "edge") +) func applyMasqueradedHeaders(header http.Header, browser string, variant string) { // Browser-specific. diff --git a/daemon/started_service.go b/daemon/started_service.go index c260e8cb..3af0ea5a 100644 --- a/daemon/started_service.go +++ b/daemon/started_service.go @@ -603,10 +603,7 @@ func (s *StartedService) URLTest(ctx context.Context, request *URLTestRequest) ( return false } _, isGroup := it.(adapter.OutboundGroup) - if isGroup { - return false - } - return true + return !isGroup }) b, _ := batch.New(boxService.ctx, batch.WithConcurrencyNum[any](10)) for _, detour := range outbounds { diff --git a/daemon/started_service.pb.go b/daemon/started_service.pb.go index f26f2379..40e48639 100644 --- a/daemon/started_service.pb.go +++ b/daemon/started_service.pb.go @@ -1,12 +1,13 @@ package daemon import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - emptypb "google.golang.org/protobuf/types/known/emptypb" reflect "reflect" sync "sync" unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + emptypb "google.golang.org/protobuf/types/known/emptypb" ) const ( @@ -1947,40 +1948,42 @@ func file_daemon_started_service_proto_rawDescGZIP() []byte { return file_daemon_started_service_proto_rawDescData } -var file_daemon_started_service_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_daemon_started_service_proto_msgTypes = make([]protoimpl.MessageInfo, 26) -var file_daemon_started_service_proto_goTypes = []any{ - (LogLevel)(0), // 0: daemon.LogLevel - (ConnectionEventType)(0), // 1: daemon.ConnectionEventType - (ServiceStatus_Type)(0), // 2: daemon.ServiceStatus.Type - (*ServiceStatus)(nil), // 3: daemon.ServiceStatus - (*ReloadServiceRequest)(nil), // 4: daemon.ReloadServiceRequest - (*SubscribeStatusRequest)(nil), // 5: daemon.SubscribeStatusRequest - (*Log)(nil), // 6: daemon.Log - (*DefaultLogLevel)(nil), // 7: daemon.DefaultLogLevel - (*Status)(nil), // 8: daemon.Status - (*Groups)(nil), // 9: daemon.Groups - (*Group)(nil), // 10: daemon.Group - (*GroupItem)(nil), // 11: daemon.GroupItem - (*URLTestRequest)(nil), // 12: daemon.URLTestRequest - (*SelectOutboundRequest)(nil), // 13: daemon.SelectOutboundRequest - (*SetGroupExpandRequest)(nil), // 14: daemon.SetGroupExpandRequest - (*ClashMode)(nil), // 15: daemon.ClashMode - (*ClashModeStatus)(nil), // 16: daemon.ClashModeStatus - (*SystemProxyStatus)(nil), // 17: daemon.SystemProxyStatus - (*SetSystemProxyEnabledRequest)(nil), // 18: daemon.SetSystemProxyEnabledRequest - (*SubscribeConnectionsRequest)(nil), // 19: daemon.SubscribeConnectionsRequest - (*ConnectionEvent)(nil), // 20: daemon.ConnectionEvent - (*ConnectionEvents)(nil), // 21: daemon.ConnectionEvents - (*Connection)(nil), // 22: daemon.Connection - (*ProcessInfo)(nil), // 23: daemon.ProcessInfo - (*CloseConnectionRequest)(nil), // 24: daemon.CloseConnectionRequest - (*DeprecatedWarnings)(nil), // 25: daemon.DeprecatedWarnings - (*DeprecatedWarning)(nil), // 26: daemon.DeprecatedWarning - (*StartedAt)(nil), // 27: daemon.StartedAt - (*Log_Message)(nil), // 28: daemon.Log.Message - (*emptypb.Empty)(nil), // 29: google.protobuf.Empty -} +var ( + file_daemon_started_service_proto_enumTypes = make([]protoimpl.EnumInfo, 3) + file_daemon_started_service_proto_msgTypes = make([]protoimpl.MessageInfo, 26) + file_daemon_started_service_proto_goTypes = []any{ + LogLevel(0), // 0: daemon.LogLevel + ConnectionEventType(0), // 1: daemon.ConnectionEventType + ServiceStatus_Type(0), // 2: daemon.ServiceStatus.Type + (*ServiceStatus)(nil), // 3: daemon.ServiceStatus + (*ReloadServiceRequest)(nil), // 4: daemon.ReloadServiceRequest + (*SubscribeStatusRequest)(nil), // 5: daemon.SubscribeStatusRequest + (*Log)(nil), // 6: daemon.Log + (*DefaultLogLevel)(nil), // 7: daemon.DefaultLogLevel + (*Status)(nil), // 8: daemon.Status + (*Groups)(nil), // 9: daemon.Groups + (*Group)(nil), // 10: daemon.Group + (*GroupItem)(nil), // 11: daemon.GroupItem + (*URLTestRequest)(nil), // 12: daemon.URLTestRequest + (*SelectOutboundRequest)(nil), // 13: daemon.SelectOutboundRequest + (*SetGroupExpandRequest)(nil), // 14: daemon.SetGroupExpandRequest + (*ClashMode)(nil), // 15: daemon.ClashMode + (*ClashModeStatus)(nil), // 16: daemon.ClashModeStatus + (*SystemProxyStatus)(nil), // 17: daemon.SystemProxyStatus + (*SetSystemProxyEnabledRequest)(nil), // 18: daemon.SetSystemProxyEnabledRequest + (*SubscribeConnectionsRequest)(nil), // 19: daemon.SubscribeConnectionsRequest + (*ConnectionEvent)(nil), // 20: daemon.ConnectionEvent + (*ConnectionEvents)(nil), // 21: daemon.ConnectionEvents + (*Connection)(nil), // 22: daemon.Connection + (*ProcessInfo)(nil), // 23: daemon.ProcessInfo + (*CloseConnectionRequest)(nil), // 24: daemon.CloseConnectionRequest + (*DeprecatedWarnings)(nil), // 25: daemon.DeprecatedWarnings + (*DeprecatedWarning)(nil), // 26: daemon.DeprecatedWarning + (*StartedAt)(nil), // 27: daemon.StartedAt + (*Log_Message)(nil), // 28: daemon.Log.Message + (*emptypb.Empty)(nil), // 29: google.protobuf.Empty + } +) var file_daemon_started_service_proto_depIdxs = []int32{ 2, // 0: daemon.ServiceStatus.status:type_name -> daemon.ServiceStatus.Type 28, // 1: daemon.Log.messages:type_name -> daemon.Log.Message diff --git a/daemon/started_service_grpc.pb.go b/daemon/started_service_grpc.pb.go index ea01be35..438cca5c 100644 --- a/daemon/started_service_grpc.pb.go +++ b/daemon/started_service_grpc.pb.go @@ -2,6 +2,7 @@ package daemon import ( context "context" + grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" @@ -374,63 +375,83 @@ type UnimplementedStartedServiceServer struct{} func (UnimplementedStartedServiceServer) StopService(context.Context, *emptypb.Empty) (*emptypb.Empty, error) { return nil, status.Error(codes.Unimplemented, "method StopService not implemented") } + func (UnimplementedStartedServiceServer) ReloadService(context.Context, *emptypb.Empty) (*emptypb.Empty, error) { return nil, status.Error(codes.Unimplemented, "method ReloadService not implemented") } + func (UnimplementedStartedServiceServer) SubscribeServiceStatus(*emptypb.Empty, grpc.ServerStreamingServer[ServiceStatus]) error { return status.Error(codes.Unimplemented, "method SubscribeServiceStatus not implemented") } + func (UnimplementedStartedServiceServer) SubscribeLog(*emptypb.Empty, grpc.ServerStreamingServer[Log]) error { return status.Error(codes.Unimplemented, "method SubscribeLog not implemented") } + func (UnimplementedStartedServiceServer) GetDefaultLogLevel(context.Context, *emptypb.Empty) (*DefaultLogLevel, error) { return nil, status.Error(codes.Unimplemented, "method GetDefaultLogLevel not implemented") } + func (UnimplementedStartedServiceServer) ClearLogs(context.Context, *emptypb.Empty) (*emptypb.Empty, error) { return nil, status.Error(codes.Unimplemented, "method ClearLogs not implemented") } + func (UnimplementedStartedServiceServer) SubscribeStatus(*SubscribeStatusRequest, grpc.ServerStreamingServer[Status]) error { return status.Error(codes.Unimplemented, "method SubscribeStatus not implemented") } + func (UnimplementedStartedServiceServer) SubscribeGroups(*emptypb.Empty, grpc.ServerStreamingServer[Groups]) error { return status.Error(codes.Unimplemented, "method SubscribeGroups not implemented") } + func (UnimplementedStartedServiceServer) GetClashModeStatus(context.Context, *emptypb.Empty) (*ClashModeStatus, error) { return nil, status.Error(codes.Unimplemented, "method GetClashModeStatus not implemented") } + func (UnimplementedStartedServiceServer) SubscribeClashMode(*emptypb.Empty, grpc.ServerStreamingServer[ClashMode]) error { return status.Error(codes.Unimplemented, "method SubscribeClashMode not implemented") } + func (UnimplementedStartedServiceServer) SetClashMode(context.Context, *ClashMode) (*emptypb.Empty, error) { return nil, status.Error(codes.Unimplemented, "method SetClashMode not implemented") } + func (UnimplementedStartedServiceServer) URLTest(context.Context, *URLTestRequest) (*emptypb.Empty, error) { return nil, status.Error(codes.Unimplemented, "method URLTest not implemented") } + func (UnimplementedStartedServiceServer) SelectOutbound(context.Context, *SelectOutboundRequest) (*emptypb.Empty, error) { return nil, status.Error(codes.Unimplemented, "method SelectOutbound not implemented") } + func (UnimplementedStartedServiceServer) SetGroupExpand(context.Context, *SetGroupExpandRequest) (*emptypb.Empty, error) { return nil, status.Error(codes.Unimplemented, "method SetGroupExpand not implemented") } + func (UnimplementedStartedServiceServer) GetSystemProxyStatus(context.Context, *emptypb.Empty) (*SystemProxyStatus, error) { return nil, status.Error(codes.Unimplemented, "method GetSystemProxyStatus not implemented") } + func (UnimplementedStartedServiceServer) SetSystemProxyEnabled(context.Context, *SetSystemProxyEnabledRequest) (*emptypb.Empty, error) { return nil, status.Error(codes.Unimplemented, "method SetSystemProxyEnabled not implemented") } + func (UnimplementedStartedServiceServer) SubscribeConnections(*SubscribeConnectionsRequest, grpc.ServerStreamingServer[ConnectionEvents]) error { return status.Error(codes.Unimplemented, "method SubscribeConnections not implemented") } + func (UnimplementedStartedServiceServer) CloseConnection(context.Context, *CloseConnectionRequest) (*emptypb.Empty, error) { return nil, status.Error(codes.Unimplemented, "method CloseConnection not implemented") } + func (UnimplementedStartedServiceServer) CloseAllConnections(context.Context, *emptypb.Empty) (*emptypb.Empty, error) { return nil, status.Error(codes.Unimplemented, "method CloseAllConnections not implemented") } + func (UnimplementedStartedServiceServer) GetDeprecatedWarnings(context.Context, *emptypb.Empty) (*DeprecatedWarnings, error) { return nil, status.Error(codes.Unimplemented, "method GetDeprecatedWarnings not implemented") } + func (UnimplementedStartedServiceServer) GetStartedAt(context.Context, *emptypb.Empty) (*StartedAt, error) { return nil, status.Error(codes.Unimplemented, "method GetStartedAt not implemented") } diff --git a/dns/client.go b/dns/client.go index 1a2ee8f8..89b6170c 100644 --- a/dns/client.go +++ b/dns/client.go @@ -70,10 +70,7 @@ func NewClient(options ClientOptions) *Client { if client.timeout == 0 { client.timeout = C.DNSTimeout } - cacheCapacity := options.CacheCapacity - if cacheCapacity < 1024 { - cacheCapacity = 1024 - } + cacheCapacity := max(options.CacheCapacity, 1024) if !client.disableCache { if !client.independentCache { client.cache = common.Must1(freelru.NewSharded[dns.Question, *dns.Msg](cacheCapacity, maphash.NewHasher[dns.Question]().Hash32)) @@ -334,9 +331,10 @@ func (c *Client) Lookup(ctx context.Context, transport adapter.DNSTransport, dom if options.LookupStrategy != C.DomainStrategyAsIS { lookupOptions.Strategy = strategy } - if strategy == C.DomainStrategyIPv4Only { + switch strategy { + case C.DomainStrategyIPv4Only: return c.lookupToExchange(ctx, transport, dnsName, dns.TypeA, lookupOptions, responseChecker) - } else if strategy == C.DomainStrategyIPv6Only { + case C.DomainStrategyIPv6Only: return c.lookupToExchange(ctx, transport, dnsName, dns.TypeAAAA, lookupOptions, responseChecker) } var response4 []netip.Addr @@ -500,10 +498,7 @@ func (c *Client) loadResponse(question dns.Question, transport adapter.DNSTransp } } } - nowTTL := int(expireAt.Sub(timeNow).Seconds()) - if nowTTL < 0 { - nowTTL = 0 - } + nowTTL := max(int(expireAt.Sub(timeNow).Seconds()), 0) response = response.Copy() if originTTL > 0 { duration := uint32(originTTL - nowTTL) @@ -551,18 +546,6 @@ func MessageToAddresses(response *dns.Msg) []netip.Addr { return addresses } -func wrapError(err error) error { - switch dnsErr := err.(type) { - case *net.DNSError: - if dnsErr.IsNotFound { - return RcodeNameError - } - case *net.AddrError: - return RcodeNameError - } - return err -} - type transportKey struct{} func contextWithTransportTag(ctx context.Context, transportTag string) context.Context { diff --git a/dns/transport/conn_pool.go b/dns/transport/conn_pool.go index 6161e9bd..0e7a20a8 100644 --- a/dns/transport/conn_pool.go +++ b/dns/transport/conn_pool.go @@ -4,9 +4,10 @@ import ( "context" "net" "sync" - "time" "github.com/sagernet/sing/common/x/list" + + "golang.org/x/sync/semaphore" ) type ConnPoolMode int @@ -17,14 +18,18 @@ const ( ) type ConnPoolOptions[T comparable] struct { - Mode ConnPoolMode - IsAlive func(T) bool - Close func(T, error) + Mode ConnPoolMode + // MaxInflight caps concurrent in-progress dials. Only honored in ConnPoolOrdered mode. + MaxInflight int + IsAlive func(T) bool + Close func(T, error) } type ConnPool[T comparable] struct { options ConnPoolOptions[T] + sem *semaphore.Weighted + access sync.Mutex closed bool state *connPoolState[T] @@ -53,24 +58,15 @@ type connPoolConnect[T comparable] struct { err error } -type connPoolDialContext struct { - context.Context - parent context.Context -} - -func (c connPoolDialContext) Deadline() (time.Time, bool) { - return c.parent.Deadline() -} - -func (c connPoolDialContext) Value(key any) any { - return c.parent.Value(key) -} - func NewConnPool[T comparable](options ConnPoolOptions[T]) *ConnPool[T] { - return &ConnPool[T]{ + p := &ConnPool[T]{ options: options, - state: newConnPoolState[T](options.Mode), } + if options.Mode == ConnPoolOrdered && options.MaxInflight > 0 { + p.sem = semaphore.NewWeighted(int64(options.MaxInflight)) + } + p.state = newConnPoolState[T](options.Mode) + return p } func newConnPoolState[T comparable](mode ConnPoolMode) *connPoolState[T] { @@ -108,67 +104,27 @@ func (p *ConnPool[T]) AcquireShared(ctx context.Context, dial func(context.Conte } func (p *ConnPool[T]) Release(conn T, reuse bool) { - var ( - closeConn bool - closeErr error - ) - p.access.Lock() - if p.closed || p.state == nil { - closeConn = true - closeErr = net.ErrClosed + if p.closed { p.access.Unlock() - if closeConn { - p.options.Close(conn, closeErr) - } + p.options.Close(conn, net.ErrClosed) return } - - currentState := p.state - _, tracked := currentState.all[conn] - if !tracked { - closeConn = true - closeErr = p.closeCause(currentState) + state := p.state + if _, tracked := state.all[conn]; !tracked { p.access.Unlock() - if closeConn { - p.options.Close(conn, closeErr) - } + p.options.Close(conn, net.ErrClosed) return } - if !reuse || !p.options.IsAlive(conn) { - delete(currentState.all, conn) - switch p.options.Mode { - case ConnPoolSingle: - if currentState.hasShared && currentState.shared == conn { - var zero T - currentState.shared = zero - currentState.hasShared = false - currentState.sharedClaimed = false - currentState.sharedCtx = nil - if currentState.sharedCancel != nil { - currentState.sharedCancel(net.ErrClosed) - currentState.sharedCancel = nil - } - } - case ConnPoolOrdered: - if element, loaded := currentState.idleElements[conn]; loaded { - currentState.idle.Remove(element) - delete(currentState.idleElements, conn) - } - } - closeConn = true - closeErr = net.ErrClosed + p.removeConn(state, conn, net.ErrClosed) p.access.Unlock() - if closeConn { - p.options.Close(conn, closeErr) - } + p.options.Close(conn, net.ErrClosed) return } - if p.options.Mode == ConnPoolOrdered { - if _, loaded := currentState.idleElements[conn]; !loaded { - currentState.idleElements[conn] = currentState.idle.PushBack(conn) + if _, idle := state.idleElements[conn]; !idle { + state.idleElements[conn] = state.idle.PushBack(conn) } } p.access.Unlock() @@ -176,42 +132,68 @@ func (p *ConnPool[T]) Release(conn T, reuse bool) { func (p *ConnPool[T]) Invalidate(conn T, cause error) { p.access.Lock() - if p.closed || p.state == nil { + if p.closed { p.access.Unlock() p.options.Close(conn, cause) return } - - currentState := p.state - _, tracked := currentState.all[conn] - if !tracked { + state := p.state + if _, tracked := state.all[conn]; !tracked { p.access.Unlock() return } + p.removeConn(state, conn, cause) + p.access.Unlock() + p.options.Close(conn, cause) +} - delete(currentState.all, conn) +func (p *ConnPool[T]) acquireSlot(ctx context.Context, state *connPoolState[T]) error { + if p.sem == nil { + return nil + } + acquireCtx, cancel := context.WithCancel(ctx) + stopStateCancel := context.AfterFunc(state.ctx, cancel) + err := p.sem.Acquire(acquireCtx, 1) + stopStateCancel() + cancel() + if err == nil { + return nil + } + ctxErr := ctx.Err() + if ctxErr != nil { + return ctxErr + } + return context.Cause(state.ctx) +} + +func (p *ConnPool[T]) releaseSlot() { + if p.sem != nil { + p.sem.Release(1) + } +} + +// removeConn must be called with p.access held. +func (p *ConnPool[T]) removeConn(state *connPoolState[T], conn T, cause error) { + delete(state.all, conn) switch p.options.Mode { case ConnPoolSingle: - if currentState.hasShared && currentState.shared == conn { + if state.hasShared && state.shared == conn { var zero T - currentState.shared = zero - currentState.hasShared = false - currentState.sharedClaimed = false - currentState.sharedCtx = nil - if currentState.sharedCancel != nil { - currentState.sharedCancel(cause) - currentState.sharedCancel = nil + state.shared = zero + state.hasShared = false + state.sharedClaimed = false + state.sharedCtx = nil + if state.sharedCancel != nil { + state.sharedCancel(cause) + state.sharedCancel = nil } } case ConnPoolOrdered: - if element, loaded := currentState.idleElements[conn]; loaded { - currentState.idle.Remove(element) - delete(currentState.idleElements, conn) + if element, loaded := state.idleElements[conn]; loaded { + state.idle.Remove(element) + delete(state.idleElements, conn) } } - p.access.Unlock() - - p.options.Close(conn, cause) } func (p *ConnPool[T]) Reset() { @@ -220,7 +202,6 @@ func (p *ConnPool[T]) Reset() { p.access.Unlock() return } - oldState := p.state p.state = newConnPoolState[T](p.options.Mode) p.access.Unlock() @@ -234,7 +215,6 @@ func (p *ConnPool[T]) Close() error { p.access.Unlock() return nil } - p.closed = true oldState := p.state p.state = nil @@ -247,77 +227,83 @@ func (p *ConnPool[T]) Close() error { func (p *ConnPool[T]) acquireOrdered(ctx context.Context, dial func(context.Context) (T, error)) (T, bool, error) { var zero T for { - var ( - staleConn T - hasStale bool - ) - p.access.Lock() if p.closed { p.access.Unlock() return zero, false, net.ErrClosed } - - currentState := p.state - if element := currentState.idle.Front(); element != nil { - conn := currentState.idle.Remove(element) - delete(currentState.idleElements, conn) - if p.options.IsAlive(conn) { + current := p.state + if element := current.idle.Front(); element != nil { + idleConn := current.idle.Remove(element) + delete(current.idleElements, idleConn) + if p.options.IsAlive(idleConn) { p.access.Unlock() - return conn, false, nil + return idleConn, false, nil } - delete(currentState.all, conn) - staleConn = conn - hasStale = true - } - p.access.Unlock() - - if hasStale { - p.options.Close(staleConn, net.ErrClosed) + delete(current.all, idleConn) + p.access.Unlock() + p.options.Close(idleConn, net.ErrClosed) continue } - - conn, err := p.dial(ctx, currentState, dial) - if err != nil { - return zero, false, err - } - - p.access.Lock() - if p.closed { - p.access.Unlock() - p.options.Close(conn, net.ErrClosed) - return zero, false, net.ErrClosed - } - if p.state != currentState { - cause := p.closeCause(currentState) - p.access.Unlock() - p.options.Close(conn, cause) - return zero, false, cause - } - currentState.all[conn] = struct{}{} p.access.Unlock() - return conn, true, nil + return p.dialAndInstall(ctx, current, dial) } } +func (p *ConnPool[T]) dialAndInstall(ctx context.Context, current *connPoolState[T], dial func(context.Context) (T, error)) (T, bool, error) { + var zero T + err := p.acquireSlot(ctx, current) + if err != nil { + return zero, false, err + } + defer p.releaseSlot() + dialCtx, dialCancel := context.WithCancelCause(ctx) + stopStateCancel := context.AfterFunc(current.ctx, func() { + dialCancel(context.Cause(current.ctx)) + }) + conn, err := dial(dialCtx) + stateCancelStopped := stopStateCancel() + dialErr := context.Cause(dialCtx) + if dialErr == nil && !stateCancelStopped { + dialErr = context.Cause(current.ctx) + } + dialCancel(nil) + if err != nil { + if dialErr != nil { + return zero, false, dialErr + } + return zero, false, err + } + if dialErr != nil { + p.options.Close(conn, dialErr) + return zero, false, dialErr + } + + p.access.Lock() + if p.closed { + p.access.Unlock() + p.options.Close(conn, net.ErrClosed) + return zero, false, net.ErrClosed + } + if p.state != current { + p.access.Unlock() + p.options.Close(conn, net.ErrClosed) + return zero, false, net.ErrClosed + } + current.all[conn] = struct{}{} + p.access.Unlock() + return conn, true, nil +} + func (p *ConnPool[T]) acquireShared(ctx context.Context, dial func(context.Context) (T, error)) (T, context.Context, bool, error) { var zero T for { - var ( - staleConn T - hasStale bool - state *connPoolConnect[T] - current *connPoolState[T] - startDial bool - ) - p.access.Lock() if p.closed { p.access.Unlock() return zero, nil, false, net.ErrClosed } - - current = p.state + current := p.state if current.hasShared { conn := current.shared if p.options.IsAlive(conn) { @@ -327,35 +313,19 @@ func (p *ConnPool[T]) acquireShared(ctx context.Context, dial func(context.Conte p.access.Unlock() return conn, connCtx, created, nil } - delete(current.all, conn) - var zeroConn T - current.shared = zeroConn - current.hasShared = false - current.sharedClaimed = false - current.sharedCtx = nil - if current.sharedCancel != nil { - current.sharedCancel(net.ErrClosed) - current.sharedCancel = nil - } - staleConn = conn - hasStale = true + p.removeConn(current, conn, net.ErrClosed) p.access.Unlock() - p.options.Close(staleConn, net.ErrClosed) + p.options.Close(conn, net.ErrClosed) continue } - if current.connecting == nil { - current.connecting = &connPoolConnect[T]{ - done: make(chan struct{}), - } - startDial = true + startDial := current.connecting == nil + if startDial { + current.connecting = &connPoolConnect[T]{done: make(chan struct{})} } - state = current.connecting + state := current.connecting p.access.Unlock() - if hasStale { - continue - } if startDial { go p.connectSingle(current, state, ctx, dial) } @@ -381,35 +351,39 @@ func (p *ConnPool[T]) acquireShared(ctx context.Context, dial func(context.Conte } func (p *ConnPool[T]) connectSingle(current *connPoolState[T], state *connPoolConnect[T], ctx context.Context, dial func(context.Context) (T, error)) { - conn, err := p.dial(ctx, current, dial) - if err != nil { - p.access.Lock() - if current.connecting == state { - current.connecting = nil + dialCtx, dialCancel := context.WithCancelCause(ctx) + stopStateCancel := context.AfterFunc(current.ctx, func() { + dialCancel(context.Cause(current.ctx)) + }) + conn, err := dial(dialCtx) + stateCancelStopped := stopStateCancel() + dialErr := context.Cause(dialCtx) + if dialErr == nil && !stateCancelStopped { + dialErr = context.Cause(current.ctx) + } + dialCancel(nil) + if dialErr != nil { + if err == nil { + p.options.Close(conn, dialErr) } - state.err = err - p.access.Unlock() - close(state.done) - return + err = dialErr } var closeErr error - p.access.Lock() - if current.connecting == state { - current.connecting = nil - } - if p.closed { + current.connecting = nil + if err != nil { + state.err = err + } else if p.closed { closeErr = net.ErrClosed state.err = closeErr } else if p.state != current { - closeErr = p.closeCause(current) + closeErr = net.ErrClosed state.err = closeErr } else { sharedCtx, sharedCancel := context.WithCancelCause(current.ctx) current.shared = conn current.hasShared = true - current.sharedClaimed = false current.sharedCtx = sharedCtx current.sharedCancel = sharedCancel current.all[conn] = struct{}{} @@ -439,9 +413,8 @@ func (p *ConnPool[T]) collectShared(current *connPoolState[T], state *connPoolCo return zero, nil, false, false, net.ErrClosed } if p.state != current { - cause := p.closeCause(current) p.access.Unlock() - return zero, nil, false, false, cause + return zero, nil, false, false, net.ErrClosed } if !current.hasShared { p.access.Unlock() @@ -450,16 +423,7 @@ func (p *ConnPool[T]) collectShared(current *connPoolState[T], state *connPoolCo conn := current.shared if !p.options.IsAlive(conn) { - delete(current.all, conn) - var zeroConn T - current.shared = zeroConn - current.hasShared = false - current.sharedClaimed = false - current.sharedCtx = nil - if current.sharedCancel != nil { - current.sharedCancel(net.ErrClosed) - current.sharedCancel = nil - } + p.removeConn(current, conn, net.ErrClosed) p.access.Unlock() p.options.Close(conn, net.ErrClosed) return zero, nil, false, true, nil @@ -472,76 +436,9 @@ func (p *ConnPool[T]) collectShared(current *connPoolState[T], state *connPoolCo return conn, connCtx, created, false, nil } -func (p *ConnPool[T]) dial(ctx context.Context, current *connPoolState[T], dial func(context.Context) (T, error)) (T, error) { - var zero T - - if err := ctx.Err(); err != nil { - return zero, err - } - if cause := context.Cause(current.ctx); cause != nil { - return zero, cause - } - - dialCtx, cancel := context.WithCancelCause(current.ctx) - var ( - stateAccess sync.Mutex - dialComplete bool - ) - stopCancel := context.AfterFunc(ctx, func() { - stateAccess.Lock() - if !dialComplete { - cancel(context.Cause(ctx)) - } - stateAccess.Unlock() - }) - - select { - case <-ctx.Done(): - stateAccess.Lock() - dialComplete = true - stateAccess.Unlock() - stopCancel() - cancel(context.Cause(ctx)) - return zero, ctx.Err() - default: - } - - conn, err := dial(connPoolDialContext{ - Context: dialCtx, - parent: ctx, - }) - stateAccess.Lock() - dialComplete = true - stateAccess.Unlock() - stopCancel() - if err != nil { - if cause := context.Cause(dialCtx); cause != nil { - return zero, cause - } - return zero, err - } - if cause := context.Cause(dialCtx); cause != nil { - p.options.Close(conn, cause) - return zero, cause - } - return conn, nil -} - func (p *ConnPool[T]) closeState(state *connPoolState[T], cause error) { - if state == nil { - return - } - state.cancel(cause) - if state.sharedCancel != nil { - state.sharedCancel(cause) - } for conn := range state.all { p.options.Close(conn, cause) } } - -func (p *ConnPool[T]) closeCause(state *connPoolState[T]) error { - _ = state - return net.ErrClosed -} diff --git a/dns/transport/dhcp/dhcp.go b/dns/transport/dhcp/dhcp.go index 3f4eb721..8dc22c49 100644 --- a/dns/transport/dhcp/dhcp.go +++ b/dns/transport/dhcp/dhcp.go @@ -222,7 +222,7 @@ func (t *Transport) fetchServers0(ctx context.Context, iface *control.Interface) packetConn net.PacketConn err error ) - for i := 0; i < 5; i++ { + for range 5 { packetConn, err = listener.ListenPacket(t.ctx, "udp4", listenAddr) if err == nil || !errors.Is(err, syscall.EADDRINUSE) { break diff --git a/dns/transport/dhcp/dhcp_shared.go b/dns/transport/dhcp/dhcp_shared.go index 20cd50c5..16e319ba 100644 --- a/dns/transport/dhcp/dhcp_shared.go +++ b/dns/transport/dhcp/dhcp_shared.go @@ -72,7 +72,7 @@ func (t *Transport) tryOneName(ctx context.Context, servers []M.Socksaddr, fqdn sLen := len(servers) var lastErr error for i := 0; i < t.attempts; i++ { - for j := 0; j < sLen; j++ { + for j := range sLen { server := servers[j] question := message.Question[0] question.Name = fqdn diff --git a/dns/transport/local/local_resolved_stub.go b/dns/transport/local/local_resolved_stub.go index 2e011851..e3bf8432 100644 --- a/dns/transport/local/local_resolved_stub.go +++ b/dns/transport/local/local_resolved_stub.go @@ -1,5 +1,6 @@ //go:build !linux +//nolint:unused package local import ( diff --git a/dns/transport/local/local_shared.go b/dns/transport/local/local_shared.go index 77635458..07040911 100644 --- a/dns/transport/local/local_shared.go +++ b/dns/transport/local/local_shared.go @@ -82,7 +82,7 @@ func (t *Transport) tryOneName(ctx context.Context, config *dnsConfig, fqdn stri sLen := uint32(len(config.servers)) var lastErr error for i := 0; i < config.attempts; i++ { - for j := uint32(0); j < sLen; j++ { + for j := range sLen { server := config.servers[(serverOffset+j)%sLen] question := message.Question[0] question.Name = fqdn diff --git a/dns/transport/local/resolv.go b/dns/transport/local/resolv.go index 3586cbbf..4aa10a64 100644 --- a/dns/transport/local/resolv.go +++ b/dns/transport/local/resolv.go @@ -1,3 +1,4 @@ +//nolint:unused package local import ( diff --git a/dns/transport/local/resolv_default.go b/dns/transport/local/resolv_default.go index 0a7d8810..9c5e8fa2 100644 --- a/dns/transport/local/resolv_default.go +++ b/dns/transport/local/resolv_default.go @@ -1,3 +1,4 @@ +//nolint:unused package local import ( diff --git a/dns/transport/quic/quic.go b/dns/transport/quic/quic.go index 3a7b6163..3bb93e41 100644 --- a/dns/transport/quic/quic.go +++ b/dns/transport/quic/quic.go @@ -100,7 +100,7 @@ func (t *Transport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, err error response *mDNS.Msg ) - for i := 0; i < 2; i++ { + for range 2 { conn, _, err = t.connection.Acquire(ctx, func(ctx context.Context) (*quic.Conn, error) { rawConn, err := t.dialer.DialContext(ctx, N.NetworkUDP, t.serverAddr) if err != nil { diff --git a/dns/transport/tcp.go b/dns/transport/tcp.go index 59333de8..f8249437 100644 --- a/dns/transport/tcp.go +++ b/dns/transport/tcp.go @@ -4,6 +4,8 @@ import ( "context" "encoding/binary" "io" + "net" + "time" "github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/common/dialer" @@ -13,6 +15,7 @@ import ( "github.com/sagernet/sing-box/option" "github.com/sagernet/sing/common" "github.com/sagernet/sing/common/buf" + "github.com/sagernet/sing/common/bufio/deadline" E "github.com/sagernet/sing/common/exceptions" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" @@ -71,6 +74,7 @@ func (t *TCPTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.M return nil, E.Cause(err, "dial TCP connection") } defer conn.Close() + defer setConnDeadline(ctx, conn, deadline.NeedAdditionalReadDeadline(conn))() err = WriteMessage(conn, 0, message) if err != nil { return nil, E.Cause(err, "write request") @@ -82,6 +86,20 @@ func (t *TCPTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.M return response, nil } +func setConnDeadline(ctx context.Context, conn net.Conn, needClose bool) func() { + if needClose { + stop := context.AfterFunc(ctx, func() { + conn.Close() + }) + return func() { stop() } + } + if d, ok := ctx.Deadline(); ok { + conn.SetDeadline(d) + return func() { conn.SetDeadline(time.Time{}) } + } + return func() {} +} + func ReadMessage(reader io.Reader) (*mDNS.Msg, error) { var responseLen uint16 err := binary.Read(reader, binary.BigEndian, &responseLen) diff --git a/dns/transport/tls.go b/dns/transport/tls.go index 43978b6f..fdb48563 100644 --- a/dns/transport/tls.go +++ b/dns/transport/tls.go @@ -2,7 +2,6 @@ package transport import ( "context" - "time" "github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/common/dialer" @@ -12,6 +11,7 @@ import ( "github.com/sagernet/sing-box/log" "github.com/sagernet/sing-box/option" "github.com/sagernet/sing/common" + "github.com/sagernet/sing/common/bufio/deadline" E "github.com/sagernet/sing/common/exceptions" "github.com/sagernet/sing/common/logger" M "github.com/sagernet/sing/common/metadata" @@ -22,6 +22,8 @@ import ( var _ adapter.DNSTransport = (*TLSTransport)(nil) +const tlsDNSMaxInflight = 8 + func RegisterTLS(registry *dns.TransportRegistry) { dns.RegisterTransport[option.RemoteTLSDNSServerOptions](registry, C.DNSTypeTLS, NewTLS) } @@ -38,7 +40,8 @@ type TLSTransport struct { type tlsDNSConn struct { tls.Conn - queryId uint16 + queryId uint16 + needDeadlineClose bool } func NewTLS(ctx context.Context, logger log.ContextLogger, tag string, options option.RemoteTLSDNSServerOptions) (adapter.DNSTransport, error) { @@ -70,7 +73,8 @@ func NewTLSRaw(logger logger.ContextLogger, adapter dns.TransportAdapter, dialer serverAddr: serverAddr, tlsConfig: tlsConfig, connections: NewConnPool(ConnPoolOptions[*tlsDNSConn]{ - Mode: ConnPoolOrdered, + Mode: ConnPoolOrdered, + MaxInflight: tlsDNSMaxInflight, IsAlive: func(conn *tlsDNSConn) bool { return conn != nil }, @@ -98,13 +102,16 @@ func (t *TLSTransport) Reset() { func (t *TLSTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, error) { var lastErr error - for attempt := 0; attempt < 2; attempt++ { + for range 2 { conn, created, err := t.connections.Acquire(ctx, func(ctx context.Context) (*tlsDNSConn, error) { tlsConn, err := t.dialer.DialTLSContext(ctx, t.serverAddr) if err != nil { return nil, E.Cause(err, "dial TLS connection") } - return &tlsDNSConn{Conn: tlsConn}, nil + return &tlsDNSConn{ + Conn: tlsConn, + needDeadlineClose: deadline.NeedAdditionalReadDeadline(tlsConn.NetConn()), + }, nil }) if err != nil { return nil, err @@ -125,9 +132,7 @@ func (t *TLSTransport) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.M } func (t *TLSTransport) exchange(ctx context.Context, message *mDNS.Msg, conn *tlsDNSConn) (*mDNS.Msg, error) { - if deadline, ok := ctx.Deadline(); ok { - conn.SetDeadline(deadline) - } + defer setConnDeadline(ctx, conn, conn.needDeadlineClose)() conn.queryId++ err := WriteMessage(conn, conn.queryId, message) if err != nil { @@ -137,6 +142,5 @@ func (t *TLSTransport) exchange(ctx context.Context, message *mDNS.Msg, conn *tl if err != nil { return nil, E.Cause(err, "read response") } - conn.SetDeadline(time.Time{}) return response, nil } diff --git a/dns/transport/udp.go b/dns/transport/udp.go index c9f520e3..7203b5ad 100644 --- a/dns/transport/udp.go +++ b/dns/transport/udp.go @@ -13,6 +13,7 @@ import ( "github.com/sagernet/sing-box/log" "github.com/sagernet/sing-box/option" "github.com/sagernet/sing/common/buf" + "github.com/sagernet/sing/common/bufio/deadline" E "github.com/sagernet/sing/common/exceptions" "github.com/sagernet/sing/common/logger" M "github.com/sagernet/sing/common/metadata" @@ -130,6 +131,7 @@ func (t *UDPTransport) exchangeTCP(ctx context.Context, message *mDNS.Msg) (*mDN return nil, E.Cause(err, "dial TCP connection") } defer conn.Close() + defer setConnDeadline(ctx, conn, deadline.NeedAdditionalReadDeadline(conn))() err = WriteMessage(conn, message.Id, message) if err != nil { return nil, E.Cause(err, "write request") diff --git a/docs/changelog.md b/docs/changelog.md index f38e84de..ad33030c 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -2,6 +2,11 @@ icon: material/alert-decagram --- +#### 1.13.12 + +* Update naiveproxy to v148.0.7778.96-1 +* Fixes and improvements + #### 1.13.11 * Fix process searcher failure introduced in 1.13.9 diff --git a/experimental/cachefile/cache.go b/experimental/cachefile/cache.go index c97ba500..1b537852 100644 --- a/experimental/cachefile/cache.go +++ b/experimental/cachefile/cache.go @@ -116,7 +116,7 @@ func (c *CacheFile) Start(stage adapter.StartStage) error { db *bbolt.DB err error ) - for i := 0; i < 10; i++ { + for range 10 { db, err = bbolt.Open(c.path, fileMode, &options) if err == nil { break diff --git a/experimental/clashapi/server.go b/experimental/clashapi/server.go index c5255314..a1171855 100644 --- a/experimental/clashapi/server.go +++ b/experimental/clashapi/server.go @@ -166,7 +166,7 @@ func (s *Server) Start(stage adapter.StartStage) error { listener net.Listener err error ) - for i := 0; i < 3; i++ { + for range 3 { listener, err = net.Listen("tcp", s.httpServer.Addr) if runtime.GOOS == "android" && errors.Is(err, syscall.EADDRINUSE) { time.Sleep(100 * time.Millisecond) diff --git a/experimental/libbox/command_client.go b/experimental/libbox/command_client.go index a5077bea..2f347bdd 100644 --- a/experimental/libbox/command_client.go +++ b/experimental/libbox/command_client.go @@ -147,7 +147,7 @@ func (c *CommandClient) dialWithRetry(target string, contextDialer func(context. var client daemon.StartedServiceClient var lastError error - for attempt := 0; attempt < commandClientDialAttempts; attempt++ { + for attempt := range commandClientDialAttempts { if connection == nil { options := []grpc.DialOption{ grpc.WithTransportCredentials(insecure.NewCredentials()), diff --git a/experimental/libbox/command_server.go b/experimental/libbox/command_server.go index 1c2412b6..7eca1194 100644 --- a/experimental/libbox/command_server.go +++ b/experimental/libbox/command_server.go @@ -114,7 +114,7 @@ func (s *CommandServer) Start() error { if sCommandServerListenPort == 0 { sockPath := filepath.Join(sBasePath, "command.sock") os.Remove(sockPath) - for i := 0; i < 30; i++ { + for range 30 { listener, err = net.ListenUnix("unix", &net.UnixAddr{ Name: sockPath, Net: "unix", diff --git a/experimental/libbox/command_types.go b/experimental/libbox/command_types.go index c330dd4b..b811aaf4 100644 --- a/experimental/libbox/command_types.go +++ b/experimental/libbox/command_types.go @@ -418,13 +418,3 @@ func systemProxyStatusFromGRPC(status *daemon.SystemProxyStatus) *SystemProxySta Enabled: status.Enabled, } } - -func systemProxyStatusToGRPC(status *SystemProxyStatus) *daemon.SystemProxyStatus { - if status == nil { - return nil - } - return &daemon.SystemProxyStatus{ - Available: status.Available, - Enabled: status.Enabled, - } -} diff --git a/experimental/libbox/log.go b/experimental/libbox/log.go index ff33f081..aa12f8f2 100644 --- a/experimental/libbox/log.go +++ b/experimental/libbox/log.go @@ -8,8 +8,6 @@ import ( "runtime/debug" ) -var crashOutputFile *os.File - func RedirectStderr(path string) error { if stats, err := os.Stat(path); err == nil && stats.Size() > 0 { _ = os.Rename(path, path+".old") @@ -32,6 +30,5 @@ func RedirectStderr(path string) error { os.Remove(outputFile.Name()) return err } - crashOutputFile = outputFile - return nil + return outputFile.Close() } diff --git a/experimental/libbox/monitor.go b/experimental/libbox/monitor.go index 2deedb2e..62f91613 100644 --- a/experimental/libbox/monitor.go +++ b/experimental/libbox/monitor.go @@ -16,7 +16,6 @@ var ( type platformDefaultInterfaceMonitor struct { *platformInterfaceWrapper logger logger.Logger - element *list.Element[tun.NetworkUpdateCallback] callbacks list.List[tun.DefaultInterfaceUpdateCallback] myInterface string } diff --git a/experimental/libbox/platform.go b/experimental/libbox/platform.go index 4db32a22..b82121b7 100644 --- a/experimental/libbox/platform.go +++ b/experimental/libbox/platform.go @@ -1,9 +1,6 @@ package libbox -import ( - C "github.com/sagernet/sing-box/constant" - "github.com/sagernet/sing-box/option" -) +import C "github.com/sagernet/sing-box/constant" type PlatformInterface interface { LocalDNSTransport() LocalDNSTransport @@ -98,37 +95,3 @@ type OnDemandRuleIterator interface { Next() OnDemandRule HasNext() bool } - -type onDemandRule struct { - option.OnDemandRule -} - -func (r *onDemandRule) Target() int32 { - if r.OnDemandRule.Action == nil { - return -1 - } - return int32(*r.OnDemandRule.Action) -} - -func (r *onDemandRule) DNSSearchDomainMatch() StringIterator { - return newIterator(r.OnDemandRule.DNSSearchDomainMatch) -} - -func (r *onDemandRule) DNSServerAddressMatch() StringIterator { - return newIterator(r.OnDemandRule.DNSServerAddressMatch) -} - -func (r *onDemandRule) InterfaceTypeMatch() int32 { - if r.OnDemandRule.InterfaceTypeMatch == nil { - return -1 - } - return int32(*r.OnDemandRule.InterfaceTypeMatch) -} - -func (r *onDemandRule) SSIDMatch() StringIterator { - return newIterator(r.OnDemandRule.SSIDMatch) -} - -func (r *onDemandRule) ProbeURL() string { - return r.OnDemandRule.ProbeURL -} diff --git a/experimental/libbox/tun_darwin.go b/experimental/libbox/tun_darwin.go index e312cb91..b6c6d56c 100644 --- a/experimental/libbox/tun_darwin.go +++ b/experimental/libbox/tun_darwin.go @@ -11,7 +11,7 @@ const utunControlName = "com.apple.net.utun_control" func GetTunnelFileDescriptor() int32 { ctlInfo := &unix.CtlInfo{} copy(ctlInfo.Name[:], utunControlName) - for fd := 0; fd < 1024; fd++ { + for fd := range 1024 { addr, err := unix.Getpeername(fd) if err != nil { continue diff --git a/experimental/v2rayapi/stats.pb.go b/experimental/v2rayapi/stats.pb.go index 1fc3c826..87c8240c 100644 --- a/experimental/v2rayapi/stats.pb.go +++ b/experimental/v2rayapi/stats.pb.go @@ -1,11 +1,12 @@ package v2rayapi import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( @@ -483,16 +484,18 @@ func file_experimental_v2rayapi_stats_proto_rawDescGZIP() []byte { return file_experimental_v2rayapi_stats_proto_rawDescData } -var file_experimental_v2rayapi_stats_proto_msgTypes = make([]protoimpl.MessageInfo, 7) -var file_experimental_v2rayapi_stats_proto_goTypes = []any{ - (*GetStatsRequest)(nil), // 0: experimental.v2rayapi.GetStatsRequest - (*Stat)(nil), // 1: experimental.v2rayapi.Stat - (*GetStatsResponse)(nil), // 2: experimental.v2rayapi.GetStatsResponse - (*QueryStatsRequest)(nil), // 3: experimental.v2rayapi.QueryStatsRequest - (*QueryStatsResponse)(nil), // 4: experimental.v2rayapi.QueryStatsResponse - (*SysStatsRequest)(nil), // 5: experimental.v2rayapi.SysStatsRequest - (*SysStatsResponse)(nil), // 6: experimental.v2rayapi.SysStatsResponse -} +var ( + file_experimental_v2rayapi_stats_proto_msgTypes = make([]protoimpl.MessageInfo, 7) + file_experimental_v2rayapi_stats_proto_goTypes = []any{ + (*GetStatsRequest)(nil), // 0: experimental.v2rayapi.GetStatsRequest + (*Stat)(nil), // 1: experimental.v2rayapi.Stat + (*GetStatsResponse)(nil), // 2: experimental.v2rayapi.GetStatsResponse + (*QueryStatsRequest)(nil), // 3: experimental.v2rayapi.QueryStatsRequest + (*QueryStatsResponse)(nil), // 4: experimental.v2rayapi.QueryStatsResponse + (*SysStatsRequest)(nil), // 5: experimental.v2rayapi.SysStatsRequest + (*SysStatsResponse)(nil), // 6: experimental.v2rayapi.SysStatsResponse + } +) var file_experimental_v2rayapi_stats_proto_depIdxs = []int32{ 1, // 0: experimental.v2rayapi.GetStatsResponse.stat:type_name -> experimental.v2rayapi.Stat 1, // 1: experimental.v2rayapi.QueryStatsResponse.stat:type_name -> experimental.v2rayapi.Stat diff --git a/experimental/v2rayapi/stats_grpc.pb.go b/experimental/v2rayapi/stats_grpc.pb.go index 662e8b1f..0745899f 100644 --- a/experimental/v2rayapi/stats_grpc.pb.go +++ b/experimental/v2rayapi/stats_grpc.pb.go @@ -2,6 +2,7 @@ package v2rayapi import ( context "context" + grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" @@ -85,9 +86,11 @@ type UnimplementedStatsServiceServer struct{} func (UnimplementedStatsServiceServer) GetStats(context.Context, *GetStatsRequest) (*GetStatsResponse, error) { return nil, status.Error(codes.Unimplemented, "method GetStats not implemented") } + func (UnimplementedStatsServiceServer) QueryStats(context.Context, *QueryStatsRequest) (*QueryStatsResponse, error) { return nil, status.Error(codes.Unimplemented, "method QueryStats not implemented") } + func (UnimplementedStatsServiceServer) GetSysStats(context.Context, *SysStatsRequest) (*SysStatsResponse, error) { return nil, status.Error(codes.Unimplemented, "method GetSysStats not implemented") } diff --git a/go.mod b/go.mod index b91f23a7..48b4b21e 100644 --- a/go.mod +++ b/go.mod @@ -34,13 +34,13 @@ require ( github.com/sagernet/asc-go v0.0.0-20241217030726-d563060fe4e1 github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a github.com/sagernet/cors v1.2.1 - github.com/sagernet/cronet-go v0.0.0-20260413093659-e4926ba205fa - github.com/sagernet/cronet-go/all v0.0.0-20260413093659-e4926ba205fa + github.com/sagernet/cronet-go v0.0.0-20260513071958-2faf34666c2c + github.com/sagernet/cronet-go/all v0.0.0-20260513071958-2faf34666c2c github.com/sagernet/fswatch v0.1.2 github.com/sagernet/gomobile v0.1.12 github.com/sagernet/gvisor v0.0.0-20250811.0-sing-box-mod.1 github.com/sagernet/quic-go v0.59.0-sing-box-mod.4 - github.com/sagernet/sing v0.8.9 + github.com/sagernet/sing v0.8.10 github.com/sagernet/sing-mux v0.3.4 github.com/sagernet/sing-quic v0.6.1 github.com/sagernet/sing-shadowsocks v0.2.8 @@ -108,7 +108,7 @@ require ( github.com/dblohm7/wingoes v0.0.0-20240119213807-a09d6be7affa // indirect github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1 // indirect github.com/dolonet/mtg-multi v1.8.0 - github.com/ebitengine/purego v0.9.1 // indirect + github.com/ebitengine/purego v0.10.0 // indirect github.com/florianl/go-nfqueue/v2 v2.0.2 // indirect github.com/fsnotify/fsnotify v1.9.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect @@ -149,35 +149,35 @@ require ( github.com/prometheus-community/pro-bing v0.4.0 // indirect github.com/quic-go/qpack v0.6.0 // indirect github.com/safchain/ethtool v0.3.0 // indirect - github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_loong64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_loong64_musl v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_mips64le v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_mipsle v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_mipsle_musl v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_riscv64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/linux_riscv64_musl v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20260413092954-cd09eb3e271b // indirect - github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20260413092954-cd09eb3e271b // indirect + github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_loong64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_loong64_musl v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_mips64le v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_mipsle v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_mipsle_musl v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_riscv64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/linux_riscv64_musl v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20260513071149-ade33496efb8 // indirect + github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20260513071149-ade33496efb8 // indirect github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a // indirect github.com/sagernet/nftables v0.3.0-mod.2 // indirect github.com/spf13/pflag v1.0.10 // indirect @@ -199,7 +199,7 @@ require ( go.uber.org/zap/exp v0.3.0 // indirect go4.org/mem v0.0.0-20240501181205-ae6ca9944745 // indirect golang.org/x/oauth2 v0.34.0 // indirect - golang.org/x/sync v0.20.0 // indirect + golang.org/x/sync v0.20.0 golang.org/x/term v0.41.0 // indirect golang.org/x/text v0.35.0 // indirect golang.org/x/time v0.15.0 diff --git a/go.sum b/go.sum index 4493b1e1..99ab127b 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ github.com/dunglas/httpsfv v1.1.0 h1:Jw76nAyKWKZKFrpMMcL76y35tOpYHqQPzHQiwDvpe54 github.com/dunglas/httpsfv v1.1.0/go.mod h1:zID2mqw9mFsnt7YC3vYQ9/cjq30q41W+1AnDwH8TiMg= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A= -github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= +github.com/ebitengine/purego v0.10.0 h1:QIw4xfpWT6GWTzaW5XEKy3HXoqrJGx1ijYHzTF0/ISU= +github.com/ebitengine/purego v0.10.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= github.com/enfein/mieru/v3 v3.17.1 h1:pIKbspsKRYNyUrORVI33t1/yz2syaaUkIanskAbGBHY= github.com/enfein/mieru/v3 v3.17.1/go.mod h1:zJBUCsi5rxyvHM8fjFf+GLaEl4OEjjBXr1s5F6Qd3hM= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -283,68 +283,68 @@ github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a h1:+NkI2670SQpQWvkk github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a/go.mod h1:63s7jpZqcDAIpj8oI/1v4Izok+npJOHACFCU6+huCkM= github.com/sagernet/cors v1.2.1 h1:Cv5Z8y9YSD6Gm+qSpNrL3LO4lD3eQVvbFYJSG7JCMHQ= github.com/sagernet/cors v1.2.1/go.mod h1:O64VyOjjhrkLmQIjF4KGRrJO/5dVXFdpEmCW/eISRAI= -github.com/sagernet/cronet-go v0.0.0-20260413093659-e4926ba205fa h1:7SehNSF1UHbLZa5dk+1rW1aperffJzl5r6TCJIXtAaY= -github.com/sagernet/cronet-go v0.0.0-20260413093659-e4926ba205fa/go.mod h1:hwFHBEjjthyEquDULbr4c4ucMedp8Drb6Jvm2kt/0Bw= -github.com/sagernet/cronet-go/all v0.0.0-20260413093659-e4926ba205fa h1:ijk5v9N/akiMgqu734yMpv7Pk9F4Qmjh8Vfdcb4uJHE= -github.com/sagernet/cronet-go/all v0.0.0-20260413093659-e4926ba205fa/go.mod h1:+FENo4+0AOvH9e3oY6/iO7yy7USNt61dgbnI5W0TDZ0= -github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20260413092954-cd09eb3e271b h1:O+PkYT88ayVWESX5tqxeMeS9OnzC3ZTic8gYiPJNXT8= -github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:XXDwdjX/T8xftoeJxQmbBoYXZp8MAPFR2CwbFuTpEtw= -github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20260413092954-cd09eb3e271b h1:o0MsgbsJwYkbqlbfaCvmAwb8/LAXeoSP8NE/aNvR/yY= -github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:iNiUGoLtnr8/JTuVNj7XJbmpOAp2C6+B81KDrPxwaZM= -github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20260413092954-cd09eb3e271b h1:JEQnc7cRMUahWJFtWY6n0hs1LE0KgyRv3pD0RWS8Yo8= -github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:19ILNUOGIzRdOqa2mq+iY0JoHxuieB7/lnjYeaA2vEc= -github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20260413092954-cd09eb3e271b h1:69+AKzuUW9hzw2nU79c2DWfuzrIZ3PJm1KAwXh+7xr0= -github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:JxzGyQf94Cr6sBShKqODGDyRUlESfJK/Njcz9Lz6qMQ= -github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20260413092954-cd09eb3e271b h1:jp9FHUVTCJQ67Ecw3Inoct6/z1VTFXPtNYpXt47pa4E= -github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:KN+9T9TBycGOLzmKU4QdcHAJEj6Nlx48ifnlTvvHMvs= -github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20260413092954-cd09eb3e271b h1:WN3DZoECd2UbhmYQGpOA4jx4QBXiZuN1DvL/35NT61g= -github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:kojvtUc29KKnk8hs2QIANynVR59921SnGWA9kXohHc0= -github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20260413092954-cd09eb3e271b h1:H4RKicwrIa4PwTXZOmXOg85hiCrpeFja4daOlX180pE= -github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:hkQzRE5GDbaH1/ioqYh0Taho4L6i0yLRCVEZ5xHz5M0= -github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20260413092954-cd09eb3e271b h1:Rwi+Cu+Hgwj28F1lh837gGqSqn7oU8+r5i3UJyLPkKc= -github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:tzVJFTOm66UxLxy6K0ZN5Ic2PC79e+sKKnt+V9puEa4= -github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20260413092954-cd09eb3e271b h1:v2wcnPX3gt0PngFYXjXYAiarFckwx3pVAP6ETSpbSWE= -github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:M/pN6m3j0HFU6/y83n0HU6GLYys3tYdr/xTE8hVEGMo= -github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20260413092954-cd09eb3e271b h1:Bl0zZ3QZq6pPJMbQlYHDhhaGngVefRlFzxWc0p48eHo= -github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:cGh5hO6eljCo6KMQ/Cel8Xgq4+etL0awZLRBDVG1EZQ= -github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20260413092954-cd09eb3e271b h1:vf+MbGv6RvvmXUNvganykBOnDIVXxy8XgtKOOqOcxtE= -github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:JFE0/cxaKkx0wqPMZU7MgaplQlU0zudv82dROJjClKU= -github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20260413092954-cd09eb3e271b h1:2IAc1bVFYF+B6hof34ChQKVhw7LElBxEEx7S0n+7o78= -github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:vU8VftFeSt7fURCa3JXD6+k6ss1YAX+idQjPvHmJ2tI= -github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20260413092954-cd09eb3e271b h1:NrJaiOS0VLmWTbUHhXDsLTqelmCW4y3xJqptPs4Sx0s= -github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:vCe4OUuL+XOUge9v3MyTD45BnuAXiH+DkjN9quDXJzQ= -github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20260413092954-cd09eb3e271b h1:A+ubSkca1nl2cT8pYUqCo1O7M41suNrKpWhZKCM/aIQ= -github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:w9amBWrvjtohQzBGCKJ7LCh22LhTIJs4sE7cYaKQzM0= -github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20260413092954-cd09eb3e271b h1:WrhGH5FDXlCAoXwN6N44yCMvy6EbIurmTmptkz3mmms= -github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:TqlsFtcYS/etTeck46kHBeT8Le0Igw1Q/AV88UnMS3s= -github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20260413092954-cd09eb3e271b h1:kgwB5p5e0gdVX5iYRE7VbZS/On4qnb4UKonkGPwhkDI= -github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:B6Qd0vys8sv9OKVRN6J9RqDzYRGE938Fb2zrYdBDyTQ= -github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20260413092954-cd09eb3e271b h1:Z3dOeFlRIOeQhSh+mCYDHui1yR3S/Uw8eupczzBvxqw= -github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:3tXMMFY7AHugOVBZ5Al7cL7JKsnFOe5bMVr0hZPk3ow= -github.com/sagernet/cronet-go/lib/linux_loong64 v0.0.0-20260413092954-cd09eb3e271b h1:LPi6jz1k11Q67hm3Pw6aaPJ/Z6e3VtNhzrRjr5/5AQo= -github.com/sagernet/cronet-go/lib/linux_loong64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:Wt5uFdU3tnmm8YzobYewwdF7Mt6SucRQg6xeTNWC3Tk= -github.com/sagernet/cronet-go/lib/linux_loong64_musl v0.0.0-20260413092954-cd09eb3e271b h1:55sqihyfXWN7y7p7gOEgtUz9cm1mV3SDQ90/v6ROFaA= -github.com/sagernet/cronet-go/lib/linux_loong64_musl v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:lyIF6wKBLwWa5ZXaAKbAoewewl+yCHo2iYev39Mbj4E= -github.com/sagernet/cronet-go/lib/linux_mips64le v0.0.0-20260413092954-cd09eb3e271b h1:OTA1cbv5YIDVsYA8AAXHC4NgEc7b6pDiY+edujLWfJU= -github.com/sagernet/cronet-go/lib/linux_mips64le v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:H46PnSTTZNcZokLLiDeMDaHiS1l14PH3tzWi0eykjD8= -github.com/sagernet/cronet-go/lib/linux_mipsle v0.0.0-20260413092954-cd09eb3e271b h1:B/rdD/1A+RgqUYUZcoGhLeMqijnBd1mUt8+5LhOH7j8= -github.com/sagernet/cronet-go/lib/linux_mipsle v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:RBhSUDAKWq7fswtV4nQUQhuaTLcX3ettR7teA7/yf2w= -github.com/sagernet/cronet-go/lib/linux_mipsle_musl v0.0.0-20260413092954-cd09eb3e271b h1:QFRWi6FucrODS4xQ8e9GYIzGSeMFO/DAMtTCVeJiCvM= -github.com/sagernet/cronet-go/lib/linux_mipsle_musl v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:wRzoIOGG4xbpp3Gh3triLKwMwYriScXzFtunLYhY4w0= -github.com/sagernet/cronet-go/lib/linux_riscv64 v0.0.0-20260413092954-cd09eb3e271b h1:2WJjPKZHLNIB4D17c3o9S+SP9kb3Qh0D26oWlun1+pE= -github.com/sagernet/cronet-go/lib/linux_riscv64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:LNiZXmWil1OPwKCheqQjtakZlJuKGFz+iv2eGF76Hhs= -github.com/sagernet/cronet-go/lib/linux_riscv64_musl v0.0.0-20260413092954-cd09eb3e271b h1:cUNTe4gNncRpYL28jzQf6qcJej40zzGQsH0o6CLUGws= -github.com/sagernet/cronet-go/lib/linux_riscv64_musl v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:YFDGKTkpkJGc5+hnX/RYosZyTWg9h+68VB55fYRRLYc= -github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20260413092954-cd09eb3e271b h1:+sc1LJF0FjU2hVO5xBqqT+8qzoU08J2uHwxSle2m/Hw= -github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:aaX0YGl8nhGmfRWI8bc3BtDjY8Vzx6O0cS/e1uqxDq4= -github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20260413092954-cd09eb3e271b h1:+D/uhFxllI/KTLpeNEl8dwF3omPGmUFbrqt5tJkAyp0= -github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:EdzMKA96xITc42QEI+ct4SwqX8Dn3ltKK8wzdkLWpSc= -github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20260413092954-cd09eb3e271b h1:nSUzzTUAZdqjGGckayk64sz+F0TGJPHvauTiAn27UKk= -github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:qix4kv1TTAJ5tY4lJ9vjhe9EY4mM+B7H5giOhbxDVcc= -github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20260413092954-cd09eb3e271b h1:PE/fYBiHzB52gnQMg0soBfQyJCzmWHti48kCe2TBt9w= -github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:lm9w/oCCRyBiUa3G8lDQTT8x/ONUvgVR2iV9fVzUZB8= -github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20260413092954-cd09eb3e271b h1:hy/3lPV11pKAAojDFnb95l9NpwOym6kME7FxS9p8sXs= -github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20260413092954-cd09eb3e271b/go.mod h1:n34YyLgapgjWdKa0IoeczjAFCwD3/dxbsH5sucKw0bw= +github.com/sagernet/cronet-go v0.0.0-20260513071958-2faf34666c2c h1:JatMWK/reVa5Y+x3D3l49SVtHB/EQUEtQnAFTxPBNxY= +github.com/sagernet/cronet-go v0.0.0-20260513071958-2faf34666c2c/go.mod h1:T/mwtrpC4JlWfScw73CmSBvHzIvc7BatQ1MhRr+cYNw= +github.com/sagernet/cronet-go/all v0.0.0-20260513071958-2faf34666c2c h1:F/tL+VzLZ2F4SNZZze6SRSRL/jcX7LwIsuL1+hECiz0= +github.com/sagernet/cronet-go/all v0.0.0-20260513071958-2faf34666c2c/go.mod h1:GGE1tBbFgHq8kV99AKX1JXFY+9FvgNSK/W6Z5j24Ihc= +github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20260513071149-ade33496efb8 h1:NCKxyAnEkwsEueAEbuuUUjs2FEZAIflr+WN3Mwbvsdg= +github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20260513071149-ade33496efb8/go.mod h1:XXDwdjX/T8xftoeJxQmbBoYXZp8MAPFR2CwbFuTpEtw= +github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20260513071149-ade33496efb8 h1:o3AGm7/L/zAdBvPu0u1dFgDR/tH086qyuXZkjLNJ7/E= +github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:iNiUGoLtnr8/JTuVNj7XJbmpOAp2C6+B81KDrPxwaZM= +github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20260513071149-ade33496efb8 h1:AeO8yHQj7aNj16fiJNU797alyuM3T+3VASnETHeV220= +github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20260513071149-ade33496efb8/go.mod h1:19ILNUOGIzRdOqa2mq+iY0JoHxuieB7/lnjYeaA2vEc= +github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20260513071149-ade33496efb8 h1:ZgW2/Qq/5Q6eTlW80QXLokU56kfjvbLJSEGYTkcG3hU= +github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:JxzGyQf94Cr6sBShKqODGDyRUlESfJK/Njcz9Lz6qMQ= +github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20260513071149-ade33496efb8 h1:orYgvX5X9aUa+sRrAuuqA6PXiiBUI2D367ZJqan4lIU= +github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:KN+9T9TBycGOLzmKU4QdcHAJEj6Nlx48ifnlTvvHMvs= +github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20260513071149-ade33496efb8 h1:2w1s3wEk7qW2w4IGwlJflxwXBM97UChNiqAErKpvHr0= +github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:kojvtUc29KKnk8hs2QIANynVR59921SnGWA9kXohHc0= +github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20260513071149-ade33496efb8 h1:22k6CB3d4gHT+SARUh2bgNyGU4QwYupcCdP8cGuwygY= +github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20260513071149-ade33496efb8/go.mod h1:hkQzRE5GDbaH1/ioqYh0Taho4L6i0yLRCVEZ5xHz5M0= +github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20260513071149-ade33496efb8 h1:PkJ5EaqLrv6bNR+MHx1/joJXoRcoYcV7JA4NtXbFQsc= +github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:tzVJFTOm66UxLxy6K0ZN5Ic2PC79e+sKKnt+V9puEa4= +github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20260513071149-ade33496efb8 h1:V629H+OQ9yOR2d0Jkq5y42j5btpvoSWJbUaBH7FCGPI= +github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20260513071149-ade33496efb8/go.mod h1:M/pN6m3j0HFU6/y83n0HU6GLYys3tYdr/xTE8hVEGMo= +github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20260513071149-ade33496efb8 h1:gfObF5uoqJslCdMRRm2Yo+gmPJQPVlrci5Myrki0Kzk= +github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20260513071149-ade33496efb8/go.mod h1:cGh5hO6eljCo6KMQ/Cel8Xgq4+etL0awZLRBDVG1EZQ= +github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20260513071149-ade33496efb8 h1:JRPN0RBKvoOBEHezJh/54KD9ftWL7YadtcCgOf/vRnw= +github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20260513071149-ade33496efb8/go.mod h1:JFE0/cxaKkx0wqPMZU7MgaplQlU0zudv82dROJjClKU= +github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20260513071149-ade33496efb8 h1:mM8gNdFlXSpjZFs9kgaMgW94oTRF8YdEEQgdOp/OEUA= +github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:vU8VftFeSt7fURCa3JXD6+k6ss1YAX+idQjPvHmJ2tI= +github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20260513071149-ade33496efb8 h1:ZtCH0fH07giTK6wqkenA9fdFYt7krjWiyOvC8z9nPwk= +github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20260513071149-ade33496efb8/go.mod h1:vCe4OUuL+XOUge9v3MyTD45BnuAXiH+DkjN9quDXJzQ= +github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20260513071149-ade33496efb8 h1:Uviqmw+Q4No9kCxJWJ5CYcq6PNHB9f0jQhd15j39+no= +github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20260513071149-ade33496efb8/go.mod h1:w9amBWrvjtohQzBGCKJ7LCh22LhTIJs4sE7cYaKQzM0= +github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20260513071149-ade33496efb8 h1:la4zRTE9zpZCmsixwzKT2LnHuo0e439EmGwOlB1An9Q= +github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:TqlsFtcYS/etTeck46kHBeT8Le0Igw1Q/AV88UnMS3s= +github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20260513071149-ade33496efb8 h1:KodFGMqn+X2dqET0O3xww3iemAGmpoC8U4JW8gwt0x4= +github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20260513071149-ade33496efb8/go.mod h1:B6Qd0vys8sv9OKVRN6J9RqDzYRGE938Fb2zrYdBDyTQ= +github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20260513071149-ade33496efb8 h1:QTk1RXNLOIcorZYcF0rBrwLpCIZCKEA2Jr69eFrt8xg= +github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20260513071149-ade33496efb8/go.mod h1:3tXMMFY7AHugOVBZ5Al7cL7JKsnFOe5bMVr0hZPk3ow= +github.com/sagernet/cronet-go/lib/linux_loong64 v0.0.0-20260513071149-ade33496efb8 h1:SXqSlM/GjZFvNdUV3IvHq5gqHfW4iWlQHMGzEsgXGXE= +github.com/sagernet/cronet-go/lib/linux_loong64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:Wt5uFdU3tnmm8YzobYewwdF7Mt6SucRQg6xeTNWC3Tk= +github.com/sagernet/cronet-go/lib/linux_loong64_musl v0.0.0-20260513071149-ade33496efb8 h1:aAgLWpfESvy7rfDVH7ioOZQ7u2kmRsbUqJVrwJtkFWs= +github.com/sagernet/cronet-go/lib/linux_loong64_musl v0.0.0-20260513071149-ade33496efb8/go.mod h1:lyIF6wKBLwWa5ZXaAKbAoewewl+yCHo2iYev39Mbj4E= +github.com/sagernet/cronet-go/lib/linux_mips64le v0.0.0-20260513071149-ade33496efb8 h1:oTLUyhLckc8TZQ8SRCapgTYyRbz1pBpIvzjMCLMPFu8= +github.com/sagernet/cronet-go/lib/linux_mips64le v0.0.0-20260513071149-ade33496efb8/go.mod h1:H46PnSTTZNcZokLLiDeMDaHiS1l14PH3tzWi0eykjD8= +github.com/sagernet/cronet-go/lib/linux_mipsle v0.0.0-20260513071149-ade33496efb8 h1:LHm/85Y3zN0kNgG+li5qHvP3dzvavEytCYzdLtrfrrg= +github.com/sagernet/cronet-go/lib/linux_mipsle v0.0.0-20260513071149-ade33496efb8/go.mod h1:RBhSUDAKWq7fswtV4nQUQhuaTLcX3ettR7teA7/yf2w= +github.com/sagernet/cronet-go/lib/linux_mipsle_musl v0.0.0-20260513071149-ade33496efb8 h1:Pom5TSHV8Cln73uOgQlJ+JtmEu9xh+OuLHWq57dBaVg= +github.com/sagernet/cronet-go/lib/linux_mipsle_musl v0.0.0-20260513071149-ade33496efb8/go.mod h1:wRzoIOGG4xbpp3Gh3triLKwMwYriScXzFtunLYhY4w0= +github.com/sagernet/cronet-go/lib/linux_riscv64 v0.0.0-20260513071149-ade33496efb8 h1:1pPcb15BonaFl4153tRo7zOJ7U2zD1vjH+5JipSfJ3g= +github.com/sagernet/cronet-go/lib/linux_riscv64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:LNiZXmWil1OPwKCheqQjtakZlJuKGFz+iv2eGF76Hhs= +github.com/sagernet/cronet-go/lib/linux_riscv64_musl v0.0.0-20260513071149-ade33496efb8 h1:3Dy4exYQ/IVJGcnTtvW3LmjfjDaxFgJT1hn/ALBpd2M= +github.com/sagernet/cronet-go/lib/linux_riscv64_musl v0.0.0-20260513071149-ade33496efb8/go.mod h1:YFDGKTkpkJGc5+hnX/RYosZyTWg9h+68VB55fYRRLYc= +github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20260513071149-ade33496efb8 h1:mo9YMCYTGCRUiWNKtPVQb+qEetufxnch372xUOh9q3M= +github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20260513071149-ade33496efb8/go.mod h1:aaX0YGl8nhGmfRWI8bc3BtDjY8Vzx6O0cS/e1uqxDq4= +github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20260513071149-ade33496efb8 h1:mhh3JEDDx68oKT4kfqKlWp5QTyzVR84OS/qgqHYIbq0= +github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:EdzMKA96xITc42QEI+ct4SwqX8Dn3ltKK8wzdkLWpSc= +github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20260513071149-ade33496efb8 h1:04KOo38hZojV3bJ5Vqwbpj48ZQy6o7aliYXLN/TNX6g= +github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20260513071149-ade33496efb8/go.mod h1:qix4kv1TTAJ5tY4lJ9vjhe9EY4mM+B7H5giOhbxDVcc= +github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20260513071149-ade33496efb8 h1:p535QakpDZEeBz/BfFZGZo0D+Pdn74TE8UTr6c6MSog= +github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:lm9w/oCCRyBiUa3G8lDQTT8x/ONUvgVR2iV9fVzUZB8= +github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20260513071149-ade33496efb8 h1:dovTyKHh3toBIUOS70P4Yx+3Baw6Gppsfy1sJbXoAy0= +github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20260513071149-ade33496efb8/go.mod h1:n34YyLgapgjWdKa0IoeczjAFCwD3/dxbsH5sucKw0bw= github.com/sagernet/fswatch v0.1.2 h1:/TT7k4mkce1qFPxamLO842WjqBgbTBiXP2mlUjp9PFk= github.com/sagernet/fswatch v0.1.2/go.mod h1:5BpGmpUQVd3Mc5r313HRpvADHRg3/rKn5QbwFteB880= github.com/sagernet/gomobile v0.1.12 h1:XwzjZaclFF96deLqwAgK8gU3w0M2A8qxgDmhV+A0wjg= @@ -357,8 +357,8 @@ github.com/sagernet/nftables v0.3.0-mod.2 h1:ck2KMU02OxL1eDFgGaWYglMDpoOZ7OHzxje github.com/sagernet/nftables v0.3.0-mod.2/go.mod h1:8kslHG4VvYNihcco+i6uxIX7qbT8A56T0y5q7U44ZaQ= github.com/sagernet/quic-go v0.59.0-sing-box-mod.4 h1:6qvrUW79S+CrPwWz6cMePXohgjHoKxLo3c+MDhNwc3o= github.com/sagernet/quic-go v0.59.0-sing-box-mod.4/go.mod h1:OqILvS182CyOol5zNNo6bguvOGgXzV459+chpRaUC+4= -github.com/sagernet/sing v0.8.9 h1:iX8FyMrWNl/divVgTe7cLT9n36v6bfzfnCYlcM1cLaU= -github.com/sagernet/sing v0.8.9/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak= +github.com/sagernet/sing v0.8.10 h1:V5VZffy8rm4dtBVKIpKa8vibRR2SiJprtu/10DFUalU= +github.com/sagernet/sing v0.8.10/go.mod h1:olXxWQNqRW/l2Q6JI3b2Qmz8iQnIFlOeeH8bx6JhgUA= github.com/sagernet/sing-quic v0.6.1 h1:lx0tcm99wIA1RkyvILNzRSsMy1k7TTQYIhx71E/WBlw= github.com/sagernet/sing-quic v0.6.1/go.mod h1:K5bWvITOm4vE10fwLfrWpw27bCoVJ+tfQ79tOWg+Ko8= github.com/sagernet/sing-shadowsocks v0.2.8 h1:PURj5PRoAkqeHh2ZW205RWzN9E9RtKCVCzByXruQWfE= diff --git a/log/id.go b/log/id.go index 21719cd2..4df728cf 100644 --- a/log/id.go +++ b/log/id.go @@ -4,14 +4,8 @@ import ( "context" "math/rand" "time" - - "github.com/sagernet/sing/common/random" ) -func init() { - random.InitializeSeed() -} - type ( idKey struct{} muxIdKey struct{} diff --git a/option/types.go b/option/types.go index fe7d4b3d..87cf382c 100644 --- a/option/types.go +++ b/option/types.go @@ -28,7 +28,6 @@ func (v *NetworkList) UnmarshalJSON(content []byte) error { for _, networkName := range networkList { switch networkName { case N.NetworkTCP, N.NetworkUDP: - break default: return E.New("unknown network: " + networkName) } diff --git a/protocol/direct/loopback_detect.go b/protocol/direct/loopback_detect.go deleted file mode 100644 index 7a62164e..00000000 --- a/protocol/direct/loopback_detect.go +++ /dev/null @@ -1,186 +0,0 @@ -package direct - -import ( - "net" - "net/netip" - "sync" - - "github.com/sagernet/sing-box/adapter" - M "github.com/sagernet/sing/common/metadata" - N "github.com/sagernet/sing/common/network" -) - -type loopBackDetector struct { - networkManager adapter.NetworkManager - connAccess sync.RWMutex - packetConnAccess sync.RWMutex - connMap map[netip.AddrPort]netip.AddrPort - packetConnMap map[uint16]uint16 -} - -func newLoopBackDetector(networkManager adapter.NetworkManager) *loopBackDetector { - return &loopBackDetector{ - networkManager: networkManager, - connMap: make(map[netip.AddrPort]netip.AddrPort), - packetConnMap: make(map[uint16]uint16), - } -} - -func (l *loopBackDetector) NewConn(conn net.Conn) net.Conn { - source := M.AddrPortFromNet(conn.LocalAddr()) - if !source.IsValid() { - return conn - } - if udpConn, isUDPConn := conn.(abstractUDPConn); isUDPConn { - if !source.Addr().IsLoopback() { - _, err := l.networkManager.InterfaceFinder().ByAddr(source.Addr()) - if err != nil { - return conn - } - } - if !N.IsPublicAddr(source.Addr()) { - return conn - } - l.packetConnAccess.Lock() - l.packetConnMap[source.Port()] = M.AddrPortFromNet(conn.RemoteAddr()).Port() - l.packetConnAccess.Unlock() - return &loopBackDetectUDPWrapper{abstractUDPConn: udpConn, detector: l, connPort: source.Port()} - } else { - l.connAccess.Lock() - l.connMap[source] = M.AddrPortFromNet(conn.RemoteAddr()) - l.connAccess.Unlock() - return &loopBackDetectWrapper{Conn: conn, detector: l, connAddr: source} - } -} - -func (l *loopBackDetector) NewPacketConn(conn N.NetPacketConn, destination M.Socksaddr) N.NetPacketConn { - source := M.AddrPortFromNet(conn.LocalAddr()) - if !source.IsValid() { - return conn - } - if !source.Addr().IsLoopback() { - _, err := l.networkManager.InterfaceFinder().ByAddr(source.Addr()) - if err != nil { - return conn - } - } - l.packetConnAccess.Lock() - l.packetConnMap[source.Port()] = destination.AddrPort().Port() - l.packetConnAccess.Unlock() - return &loopBackDetectPacketWrapper{NetPacketConn: conn, detector: l, connPort: source.Port()} -} - -func (l *loopBackDetector) CheckConn(source netip.AddrPort, local netip.AddrPort) bool { - l.connAccess.RLock() - defer l.connAccess.RUnlock() - destination, loaded := l.connMap[source] - return loaded && destination != local -} - -func (l *loopBackDetector) CheckPacketConn(source netip.AddrPort, local netip.AddrPort) bool { - if !source.IsValid() { - return false - } - if !source.Addr().IsLoopback() { - _, err := l.networkManager.InterfaceFinder().ByAddr(source.Addr()) - if err != nil { - return false - } - } - if N.IsPublicAddr(source.Addr()) { - return false - } - l.packetConnAccess.RLock() - defer l.packetConnAccess.RUnlock() - destinationPort, loaded := l.packetConnMap[source.Port()] - return loaded && destinationPort != local.Port() -} - -type loopBackDetectWrapper struct { - net.Conn - detector *loopBackDetector - connAddr netip.AddrPort - closeOnce sync.Once -} - -func (w *loopBackDetectWrapper) Close() error { - w.closeOnce.Do(func() { - w.detector.connAccess.Lock() - delete(w.detector.connMap, w.connAddr) - w.detector.connAccess.Unlock() - }) - return w.Conn.Close() -} - -func (w *loopBackDetectWrapper) ReaderReplaceable() bool { - return true -} - -func (w *loopBackDetectWrapper) WriterReplaceable() bool { - return true -} - -func (w *loopBackDetectWrapper) Upstream() any { - return w.Conn -} - -type loopBackDetectPacketWrapper struct { - N.NetPacketConn - detector *loopBackDetector - connPort uint16 - closeOnce sync.Once -} - -func (w *loopBackDetectPacketWrapper) Close() error { - w.closeOnce.Do(func() { - w.detector.packetConnAccess.Lock() - delete(w.detector.packetConnMap, w.connPort) - w.detector.packetConnAccess.Unlock() - }) - return w.NetPacketConn.Close() -} - -func (w *loopBackDetectPacketWrapper) ReaderReplaceable() bool { - return true -} - -func (w *loopBackDetectPacketWrapper) WriterReplaceable() bool { - return true -} - -func (w *loopBackDetectPacketWrapper) Upstream() any { - return w.NetPacketConn -} - -type abstractUDPConn interface { - net.Conn - net.PacketConn -} - -type loopBackDetectUDPWrapper struct { - abstractUDPConn - detector *loopBackDetector - connPort uint16 - closeOnce sync.Once -} - -func (w *loopBackDetectUDPWrapper) Close() error { - w.closeOnce.Do(func() { - w.detector.packetConnAccess.Lock() - delete(w.detector.packetConnMap, w.connPort) - w.detector.packetConnAccess.Unlock() - }) - return w.abstractUDPConn.Close() -} - -func (w *loopBackDetectUDPWrapper) ReaderReplaceable() bool { - return true -} - -func (w *loopBackDetectUDPWrapper) WriterReplaceable() bool { - return true -} - -func (w *loopBackDetectUDPWrapper) Upstream() any { - return w.abstractUDPConn -} diff --git a/protocol/direct/outbound.go b/protocol/direct/outbound.go index 9d24f31a..630a6755 100644 --- a/protocol/direct/outbound.go +++ b/protocol/direct/outbound.go @@ -41,7 +41,6 @@ type Outbound struct { domainStrategy C.DomainStrategy fallbackDelay time.Duration isEmpty bool - // loopBack *loopBackDetector } func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.DirectOutboundOptions) (adapter.Outbound, error) { @@ -67,7 +66,6 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL fallbackDelay: time.Duration(options.FallbackDelay), dialer: outboundDialer.(dialer.ParallelInterfaceDialer), isEmpty: reflect.DeepEqual(options.DialerOptions, option.DialerOptions{UDPFragmentDefault: true}), - // loopBack: newLoopBackDetector(router), } //nolint:staticcheck if options.ProxyProtocol != 0 { @@ -87,11 +85,6 @@ func (h *Outbound) DialContext(ctx context.Context, network string, destination case N.NetworkUDP: h.logger.InfoContext(ctx, "outbound packet connection to ", destination) } - /*conn, err := h.dialer.DialContext(ctx, network, destination) - if err != nil { - return nil, err - } - return h.loopBack.NewConn(conn), nil*/ return h.dialer.DialContext(ctx, network, destination) } @@ -104,7 +97,6 @@ func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (n if err != nil { return nil, err } - // conn = h.loopBack.NewPacketConn(bufio.NewPacketConn(conn), destination) return conn, nil } @@ -161,18 +153,3 @@ func (h *Outbound) ListenSerialNetworkPacket(ctx context.Context, destination M. func (h *Outbound) IsEmpty() bool { return h.isEmpty } - -/*func (h *Outbound) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error { - if h.loopBack.CheckConn(metadata.Source.AddrPort(), M.AddrPortFromNet(conn.LocalAddr())) { - return E.New("reject loopback connection to ", metadata.Destination) - } - return NewConnection(ctx, h, conn, metadata) -} - -func (h *Outbound) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error { - if h.loopBack.CheckPacketConn(metadata.Source.AddrPort(), M.AddrPortFromNet(conn.LocalAddr())) { - return E.New("reject loopback packet connection to ", metadata.Destination) - } - return NewPacketConnection(ctx, h, conn, metadata) -} -*/ diff --git a/protocol/dns/handle.go b/protocol/dns/handle.go index e1323509..d7d89ca8 100644 --- a/protocol/dns/handle.go +++ b/protocol/dns/handle.go @@ -82,7 +82,7 @@ func NewDNSPacketConnection(ctx context.Context, router adapter.DNSRouter, conn } break } - fastClose, cancel := common.ContextWithCancelCause(ctx) + fastClose, cancel := context.WithCancelCause(ctx) timeout := canceler.New(fastClose, cancel, C.DNSTimeout) var group task.Group group.Append0(func(_ context.Context) error { @@ -150,7 +150,7 @@ func NewDNSPacketConnection(ctx context.Context, router adapter.DNSRouter, conn } func newDNSPacketConnection(ctx context.Context, router adapter.DNSRouter, conn N.PacketConn, readWaiter N.PacketReadWaiter, readCounters []N.CountFunc, cached []*N.PacketBuffer, metadata adapter.InboundContext) error { - fastClose, cancel := common.ContextWithCancelCause(ctx) + fastClose, cancel := context.WithCancelCause(ctx) timeout := canceler.New(fastClose, cancel, C.DNSTimeout) var group task.Group group.Append0(func(_ context.Context) error { diff --git a/protocol/group/urltest.go b/protocol/group/urltest.go index 4b20c629..8680882d 100644 --- a/protocol/group/urltest.go +++ b/protocol/group/urltest.go @@ -35,7 +35,6 @@ var _ adapter.OutboundGroup = (*URLTest)(nil) type URLTest struct { outbound.Adapter ctx context.Context - router adapter.Router outbound adapter.OutboundManager connection adapter.ConnectionManager logger log.ContextLogger @@ -62,7 +61,6 @@ func NewURLTest(ctx context.Context, router adapter.Router, logger log.ContextLo outbound := &URLTest{ Adapter: outbound.NewAdapter(C.TypeURLTest, tag, []string{N.NetworkTCP, N.NetworkUDP}, options.Outbounds), ctx: ctx, - router: router, outbound: service.FromContext[adapter.OutboundManager](ctx), connection: service.FromContext[adapter.ConnectionManager](ctx), logger: logger, @@ -291,7 +289,6 @@ func (s *URLTest) onProviderUpdated(tag string) error { type URLTestGroup struct { ctx context.Context - router adapter.Router outbound adapter.OutboundManager pause pause.Manager pauseCallback *list.Element[pause.Callback] @@ -370,9 +367,10 @@ func (g *URLTestGroup) Touch() { g.lastActive.Store(time.Now()) return } - g.ticker = time.NewTicker(g.interval) - go g.loopCheck() - g.pauseCallback = pause.RegisterTicker(g.pause, g.ticker, g.interval, nil) + ticker := time.NewTicker(g.interval) + g.ticker = ticker + g.pauseCallback = pause.RegisterTicker(g.pause, ticker, g.interval, nil) + go g.loopCheck(ticker, g.close) } func (g *URLTestGroup) Close() error { @@ -382,7 +380,9 @@ func (g *URLTestGroup) Close() error { return nil } g.ticker.Stop() + g.ticker = nil g.pause.UnregisterCallback(g.pauseCallback) + g.pauseCallback = nil close(g.close) return nil } @@ -431,23 +431,25 @@ func (g *URLTestGroup) Select(network string) (adapter.Outbound, bool) { return minOutbound, true } -func (g *URLTestGroup) loopCheck() { +func (g *URLTestGroup) loopCheck(ticker *time.Ticker, closeChan <-chan struct{}) { if time.Since(g.lastActive.Load()) > g.interval { g.lastActive.Store(time.Now()) g.CheckOutbounds(false) } for { select { - case <-g.close: + case <-closeChan: return - case <-g.ticker.C: + case <-ticker.C: } if time.Since(g.lastActive.Load()) > g.idleTimeout { g.access.Lock() - g.ticker.Stop() - g.ticker = nil - g.pause.UnregisterCallback(g.pauseCallback) - g.pauseCallback = nil + if g.ticker == ticker { + g.ticker.Stop() + g.ticker = nil + g.pause.UnregisterCallback(g.pauseCallback) + g.pauseCallback = nil + } g.access.Unlock() return } diff --git a/protocol/naive/inbound.go b/protocol/naive/inbound.go index 5613f196..41f41798 100644 --- a/protocol/naive/inbound.go +++ b/protocol/naive/inbound.go @@ -140,7 +140,7 @@ func (n *Inbound) Start(stage adapter.StartStage) error { func (n *Inbound) Close() error { return common.Close( - &n.listener, + n.listener, common.PtrOrNil(n.httpServer), n.h3Server, n.tlsConfig, diff --git a/protocol/naive/inbound_conn.go b/protocol/naive/inbound_conn.go index 8cc3ded2..77500435 100644 --- a/protocol/naive/inbound_conn.go +++ b/protocol/naive/inbound_conn.go @@ -22,7 +22,7 @@ func generatePaddingHeader() string { paddingLen := rand.Intn(32) + 30 padding := make([]byte, paddingLen) bits := rand.Uint64() - for i := 0; i < 16; i++ { + for i := range 16 { padding[i] = "!#$()+<>?@[]^`{}"[bits&15] bits >>= 4 } diff --git a/protocol/tailscale/endpoint.go b/protocol/tailscale/endpoint.go index 30db4b6a..7e5d3542 100644 --- a/protocol/tailscale/endpoint.go +++ b/protocol/tailscale/endpoint.go @@ -111,6 +111,7 @@ type Endpoint struct { systemInterfaceName string systemInterfaceMTU uint32 serverStarted bool + started atomic.Bool systemTun tun.Tun systemDialer *dialer.DefaultDialer fallbackTCPCloser func() @@ -422,6 +423,7 @@ func (t *Endpoint) postStart() error { } t.filter = localBackend.ExportFilter() go t.watchState() + t.started.Store(true) return nil } @@ -485,6 +487,7 @@ func (t *Endpoint) watchState() { func (t *Endpoint) Close() error { var err error + t.started.Store(false) if t.serverStarted { err = common.Close(common.PtrOrNil(t.server)) t.serverStarted = false @@ -509,6 +512,9 @@ func (t *Endpoint) DialContext(ctx context.Context, network string, destination case N.NetworkUDP: t.logger.InfoContext(ctx, "outbound packet connection to ", destination) } + if !t.started.Load() { + return nil, E.New("Tailscale is not ready yet") + } if destination.IsDomain() { destinationAddresses, err := t.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{}) if err != nil { @@ -565,6 +571,9 @@ func (t *Endpoint) DialContext(ctx context.Context, network string, destination } func (t *Endpoint) listenPacketWithAddress(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) { + if !t.started.Load() { + return nil, E.New("Tailscale is not ready yet") + } if t.systemDialer != nil { return t.systemDialer.ListenPacket(ctx, destination) } @@ -632,6 +641,9 @@ func (t *Endpoint) ListenPacket(ctx context.Context, destination M.Socksaddr) (n } func (t *Endpoint) PrepareConnection(network string, source M.Socksaddr, destination M.Socksaddr, routeContext tun.DirectRouteContext, timeout time.Duration) (tun.DirectRouteDestination, error) { + if !t.started.Load() { + return nil, E.New("Tailscale is not ready yet") + } tsFilter := t.filter.Load() if tsFilter != nil { var ipProto ipproto.Proto @@ -725,6 +737,9 @@ func (t *Endpoint) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn, } func (t *Endpoint) NewDirectRouteConnection(metadata adapter.InboundContext, routeContext tun.DirectRouteContext, timeout time.Duration) (tun.DirectRouteDestination, error) { + if !t.started.Load() { + return nil, E.New("Tailscale is not ready yet") + } ctx := log.ContextWithNewID(t.ctx) var destination tun.DirectRouteDestination var err error diff --git a/protocol/tailscale/tun_device_unix.go b/protocol/tailscale/tun_device_unix.go index a8d237ab..d4bc7ced 100644 --- a/protocol/tailscale/tun_device_unix.go +++ b/protocol/tailscale/tun_device_unix.go @@ -11,7 +11,6 @@ import ( "sync/atomic" singTun "github.com/sagernet/sing-tun" - "github.com/sagernet/sing/common" "github.com/sagernet/sing/common/logger" wgTun "github.com/sagernet/wireguard-go/tun" ) @@ -57,7 +56,7 @@ func (a *tunDeviceAdapter) Read(bufs [][]byte, sizes []int, offset int) (count i if a.linuxTUN != nil { n, err := a.linuxTUN.BatchRead(bufs, offset-singTun.PacketOffset, sizes) if err == nil { - for i := 0; i < n; i++ { + for i := range n { a.debugPacket("read", bufs[i][offset:offset+sizes[i]]) } } @@ -92,7 +91,7 @@ func (a *tunDeviceAdapter) Write(bufs [][]byte, offset int) (count int, err erro for _, packet := range bufs { a.debugPacket("write", packet[offset:]) if singTun.PacketOffset > 0 { - common.ClearArray(packet[offset-singTun.PacketOffset : offset]) + clear(packet[offset-singTun.PacketOffset : offset]) singTun.PacketFillHeader(packet[offset-singTun.PacketOffset:], singTun.PacketIPVersion(packet[offset:])) } _, err = a.tun.Write(packet[offset-singTun.PacketOffset:]) diff --git a/protocol/wireguard/endpoint.go b/protocol/wireguard/endpoint.go index 4f2cda42..2fd54795 100644 --- a/protocol/wireguard/endpoint.go +++ b/protocol/wireguard/endpoint.go @@ -4,6 +4,7 @@ import ( "context" "net" "net/netip" + "sync/atomic" "time" "github.com/sagernet/sing-box/adapter" @@ -41,11 +42,12 @@ type Endpoint struct { logger logger.ContextLogger localAddresses []netip.Prefix endpoint *wireguard.Endpoint + started atomic.Bool } func NewEndpoint(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.WireGuardEndpointOptions) (adapter.Endpoint, error) { ep := &Endpoint{ - Adapter: endpoint.NewAdapterWithDialerOptions(C.TypeWireGuard, tag, []string{N.NetworkTCP, N.NetworkUDP}, options.DialerOptions), + Adapter: endpoint.NewAdapterWithDialerOptions(C.TypeWireGuard, tag, []string{N.NetworkTCP, N.NetworkUDP, N.NetworkICMP}, options.DialerOptions), ctx: ctx, router: router, dnsRouter: service.FromContext[adapter.DNSRouter](ctx), @@ -148,16 +150,24 @@ func (w *Endpoint) Start(stage adapter.StartStage) error { case adapter.StartStateStart: return w.endpoint.Start(false) case adapter.StartStatePostStart: - return w.endpoint.Start(true) + err := w.endpoint.Start(true) + if err != nil { + return err + } + w.started.Store(true) } return nil } func (w *Endpoint) Close() error { + w.started.Store(false) return w.endpoint.Close() } func (w *Endpoint) PrepareConnection(network string, source M.Socksaddr, destination M.Socksaddr, routeContext tun.DirectRouteContext, timeout time.Duration) (tun.DirectRouteDestination, error) { + if !w.started.Load() { + return nil, E.New("WireGuard is not ready yet") + } var ipVersion uint8 if !destination.IsIPv6() { ipVersion = 4 @@ -238,6 +248,9 @@ func (w *Endpoint) DialContext(ctx context.Context, network string, destination case N.NetworkUDP: w.logger.InfoContext(ctx, "outbound packet connection to ", destination) } + if !w.started.Load() { + return nil, E.New("WireGuard is not ready yet") + } if destination.IsDomain() { destinationAddresses, err := w.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{}) if err != nil { @@ -252,6 +265,9 @@ func (w *Endpoint) DialContext(ctx context.Context, network string, destination func (w *Endpoint) ListenPacketWithDestination(ctx context.Context, destination M.Socksaddr) (net.PacketConn, netip.Addr, error) { w.logger.InfoContext(ctx, "outbound packet connection to ", destination) + if !w.started.Load() { + return nil, netip.Addr{}, E.New("WireGuard is not ready yet") + } if destination.IsDomain() { destinationAddresses, err := w.dnsRouter.Lookup(ctx, destination.Fqdn, adapter.DNSQueryOptions{}) if err != nil { @@ -285,9 +301,15 @@ func (w *Endpoint) PreferredDomain(domain string) bool { } func (w *Endpoint) PreferredAddress(address netip.Addr) bool { + if !w.started.Load() { + return false + } return w.endpoint.Lookup(address) != nil } func (w *Endpoint) NewDirectRouteConnection(metadata adapter.InboundContext, routeContext tun.DirectRouteContext, timeout time.Duration) (tun.DirectRouteDestination, error) { + if !w.started.Load() { + return nil, E.New("WireGuard is not ready yet") + } return w.endpoint.NewDirectRouteConnection(metadata, routeContext, timeout) } diff --git a/route/conn.go b/route/conn.go index fa295bc0..58de9320 100644 --- a/route/conn.go +++ b/route/conn.go @@ -13,6 +13,7 @@ import ( "github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/common/dialer" + "github.com/sagernet/sing-box/common/sniff" tf "github.com/sagernet/sing-box/common/tlsfragment" C "github.com/sagernet/sing-box/constant" "github.com/sagernet/sing/common" @@ -128,11 +129,12 @@ func (m *ConnectionManager) NewConnection(ctx context.Context, this N.Dialer, co if metadata.TLSFragment || metadata.TLSRecordFragment { remoteConn = tf.NewConn(remoteConn, ctx, metadata.TLSFragment, metadata.TLSRecordFragment, metadata.TLSFragmentFallbackDelay) } + serverFirst := sniff.Skip(&metadata) var done atomic.Bool - if m.kickWriteHandshake(ctx, conn, remoteConn, false, &done, onClose) { + if m.kickWriteHandshake(ctx, conn, remoteConn, serverFirst, false, &done, onClose) { return } - if m.kickWriteHandshake(ctx, remoteConn, conn, true, &done, onClose) { + if m.kickWriteHandshake(ctx, remoteConn, conn, serverFirst, true, &done, onClose) { return } go m.connectionCopy(ctx, conn, remoteConn, false, &done, onClose) @@ -293,37 +295,43 @@ func (m *ConnectionManager) connectionCopy(ctx context.Context, source net.Conn, } } -func (m *ConnectionManager) kickWriteHandshake(ctx context.Context, source net.Conn, destination net.Conn, direction bool, done *atomic.Bool, onClose N.CloseHandlerFunc) bool { +func (m *ConnectionManager) kickWriteHandshake(ctx context.Context, source net.Conn, destination net.Conn, serverFirst bool, direction bool, done *atomic.Bool, onClose N.CloseHandlerFunc) bool { if !N.NeedHandshakeForWrite(destination) { return false } var ( - cachedBuffer *buf.Buffer + err error wrotePayload bool ) - sourceReader, readCounters := N.UnwrapCountReader(source, nil) - destinationWriter, writeCounters := N.UnwrapCountWriter(destination, nil) - if cachedReader, ok := sourceReader.(N.CachedReader); ok { - cachedBuffer = cachedReader.ReadCached() - } - var err error - if cachedBuffer != nil { - wrotePayload = true - dataLen := cachedBuffer.Len() - _, err = destinationWriter.Write(cachedBuffer.Bytes()) - cachedBuffer.Release() - if err == nil { - for _, counter := range readCounters { - counter(int64(dataLen)) - } - for _, counter := range writeCounters { - counter(int64(dataLen)) - } - } - } else { + if serverFirst { _ = destination.SetWriteDeadline(time.Now().Add(C.ReadPayloadTimeout)) - _, err = destinationWriter.Write(nil) + _, err = destination.Write(nil) _ = destination.SetWriteDeadline(time.Time{}) + } else { + var cachedBuffer *buf.Buffer + sourceReader, readCounters := N.UnwrapCountReader(source, nil) + destinationWriter, writeCounters := N.UnwrapCountWriter(destination, nil) + if cachedReader, ok := sourceReader.(N.CachedReader); ok { + cachedBuffer = cachedReader.ReadCached() + } + if cachedBuffer != nil { + wrotePayload = true + dataLen := cachedBuffer.Len() + _, err = destinationWriter.Write(cachedBuffer.Bytes()) + cachedBuffer.Release() + if err == nil { + for _, counter := range readCounters { + counter(int64(dataLen)) + } + for _, counter := range writeCounters { + counter(int64(dataLen)) + } + } + } else { + _ = destination.SetWriteDeadline(time.Now().Add(C.ReadPayloadTimeout)) + _, err = destinationWriter.Write(nil) + _ = destination.SetWriteDeadline(time.Time{}) + } } if err == nil { return false diff --git a/route/process_cache.go b/route/process_cache.go index 44ee3fcf..f99cebad 100644 --- a/route/process_cache.go +++ b/route/process_cache.go @@ -3,6 +3,7 @@ package route import ( "context" "net/netip" + "slices" "strings" "github.com/sagernet/sing-box/adapter" @@ -78,10 +79,8 @@ func (r *Router) isLocalSource(source netip.Addr) bool { return true } if r.platformInterface != nil { - for _, addr := range r.platformInterface.MyInterfaceAddress() { - if addr == source { - return true - } + if slices.Contains(r.platformInterface.MyInterfaceAddress(), source) { + return true } } for _, netInterface := range r.network.InterfaceFinder().Interfaces() { diff --git a/route/route.go b/route/route.go index 2aaccc58..ec6ca399 100644 --- a/route/route.go +++ b/route/route.go @@ -31,7 +31,7 @@ import ( // Deprecated: use RouteConnectionEx instead. func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error { - done := make(chan interface{}) + done := make(chan any) err := r.routeConnection(ctx, conn, metadata, N.OnceClose(func(it error) { close(done) })) @@ -160,7 +160,7 @@ func (r *Router) routeConnection(ctx context.Context, conn net.Conn, metadata ad } func (r *Router) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error { - done := make(chan interface{}) + done := make(chan any) err := r.routePacketConnection(ctx, conn, metadata, N.OnceClose(func(it error) { close(done) })) diff --git a/route/rule/match_state.go b/route/rule/match_state.go index feac8418..0d2e4b0b 100644 --- a/route/rule/match_state.go +++ b/route/rule/match_state.go @@ -42,11 +42,11 @@ func (s ruleMatchStateSet) combine(other ruleMatchStateSet) ruleMatchStateSet { return 0 } var combined ruleMatchStateSet - for left := ruleMatchState(0); left < 16; left++ { + for left := range ruleMatchState(16) { if !s.contains(left) { continue } - for right := ruleMatchState(0); right < 16; right++ { + for right := range ruleMatchState(16) { if !other.contains(right) { continue } @@ -61,7 +61,7 @@ func (s ruleMatchStateSet) withBase(base ruleMatchState) ruleMatchStateSet { return 0 } var withBase ruleMatchStateSet - for state := ruleMatchState(0); state < 16; state++ { + for state := range ruleMatchState(16) { if !s.contains(state) { continue } @@ -72,7 +72,7 @@ func (s ruleMatchStateSet) withBase(base ruleMatchState) ruleMatchStateSet { func (s ruleMatchStateSet) filter(allowed func(ruleMatchState) bool) ruleMatchStateSet { var filtered ruleMatchStateSet - for state := ruleMatchState(0); state < 16; state++ { + for state := range ruleMatchState(16) { if !s.contains(state) { continue } @@ -91,10 +91,6 @@ type ruleStateMatcherWithBase interface { matchStatesWithBase(metadata *adapter.InboundContext, base ruleMatchState) ruleMatchStateSet } -func matchHeadlessRuleStates(rule adapter.HeadlessRule, metadata *adapter.InboundContext) ruleMatchStateSet { - return matchHeadlessRuleStatesWithBase(rule, metadata, 0) -} - func matchHeadlessRuleStatesWithBase(rule adapter.HeadlessRule, metadata *adapter.InboundContext, base ruleMatchState) ruleMatchStateSet { if matcher, isStateMatcher := rule.(ruleStateMatcherWithBase); isStateMatcher { return matcher.matchStatesWithBase(metadata, base) @@ -108,10 +104,6 @@ func matchHeadlessRuleStatesWithBase(rule adapter.HeadlessRule, metadata *adapte return 0 } -func matchRuleItemStates(item RuleItem, metadata *adapter.InboundContext) ruleMatchStateSet { - return matchRuleItemStatesWithBase(item, metadata, 0) -} - func matchRuleItemStatesWithBase(item RuleItem, metadata *adapter.InboundContext, base ruleMatchState) ruleMatchStateSet { if matcher, isStateMatcher := item.(ruleStateMatcherWithBase); isStateMatcher { return matcher.matchStatesWithBase(metadata, base) diff --git a/route/rule/rule_abstract_test.go b/route/rule/rule_abstract_test.go index ace3dec6..a5bbc353 100644 --- a/route/rule/rule_abstract_test.go +++ b/route/rule/rule_abstract_test.go @@ -141,7 +141,6 @@ func TestAbstractLogicalRule_And_WithRuleSetInvert(t *testing.T) { }, } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { t.Parallel() logicalRule := &abstractLogicalRule{ diff --git a/route/rule/rule_item_cidr.go b/route/rule/rule_item_cidr.go index c823dcf3..1b0105ea 100644 --- a/route/rule/rule_item_cidr.go +++ b/route/rule/rule_item_cidr.go @@ -2,6 +2,7 @@ package rule import ( "net/netip" + "slices" "strings" "github.com/sagernet/sing-box/adapter" @@ -80,12 +81,7 @@ func (r *IPCIDRItem) Match(metadata *adapter.InboundContext) bool { return r.ipSet.Contains(metadata.Destination.Addr) } if len(metadata.DestinationAddresses) > 0 { - for _, address := range metadata.DestinationAddresses { - if r.ipSet.Contains(address) { - return true - } - } - return false + return slices.ContainsFunc(metadata.DestinationAddresses, r.ipSet.Contains) } return metadata.IPCIDRAcceptEmpty } diff --git a/route/rule/rule_item_domain.go b/route/rule/rule_item_domain.go index af790aa3..7e6484ea 100644 --- a/route/rule/rule_item_domain.go +++ b/route/rule/rule_item_domain.go @@ -1,6 +1,7 @@ package rule import ( + "slices" "strings" "github.com/sagernet/sing-box/adapter" @@ -16,15 +17,11 @@ type DomainItem struct { } func NewDomainItem(domains []string, domainSuffixes []string) (*DomainItem, error) { - for _, domainItem := range domains { - if domainItem == "" { - return nil, E.New("domain: empty item is not allowed") - } + if slices.Contains(domains, "") { + return nil, E.New("domain: empty item is not allowed") } - for _, domainSuffixItem := range domainSuffixes { - if domainSuffixItem == "" { - return nil, E.New("domain_suffix: empty item is not allowed") - } + if slices.Contains(domainSuffixes, "") { + return nil, E.New("domain_suffix: empty item is not allowed") } var description string if dLen := len(domains); dLen > 0 { diff --git a/route/rule/rule_set_semantics_test.go b/route/rule/rule_set_semantics_test.go index a01defe6..f1985015 100644 --- a/route/rule/rule_set_semantics_test.go +++ b/route/rule/rule_set_semantics_test.go @@ -57,7 +57,6 @@ func TestRouteRuleSetMergeDestinationAddressGroup(t *testing.T) { }, } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { t.Parallel() ruleSet := newLocalRuleSetForTest("merge-destination", testCase.inner) @@ -223,7 +222,6 @@ func TestRouteRuleSetOuterGroupedStateMergesIntoSameGroup(t *testing.T) { }, } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { t.Parallel() ruleSet := newLocalRuleSetForTest("outer-merge-"+testCase.name, headlessDefaultRule(t, func(rule *abstractDefaultRule) { @@ -652,7 +650,6 @@ func TestDNSInvertAddressLimitPreLookupRegression(t *testing.T) { }, } for _, testCase := range testCases { - testCase := testCase t.Run(testCase.name, func(t *testing.T) { t.Parallel() rule := dnsRuleForTest(func(rule *abstractDefaultRule) { diff --git a/service/ccm/credential_other.go b/service/ccm/credential_other.go index 11888b50..828c78c0 100644 --- a/service/ccm/credential_other.go +++ b/service/ccm/credential_other.go @@ -1,4 +1,4 @@ -//go:build !darwin +//go:build !darwin || !cgo package ccm diff --git a/service/ccm/service.go b/service/ccm/service.go index 34c38824..3aca535d 100644 --- a/service/ccm/service.go +++ b/service/ccm/service.go @@ -124,8 +124,6 @@ type Service struct { userManager *UserManager accessMutex sync.RWMutex usageTracker *AggregatedUsage - trackingGroup sync.WaitGroup - shuttingDown bool } func NewService(ctx context.Context, logger log.ContextLogger, tag string, options option.CCMServiceOptions) (adapter.Service, error) { @@ -283,8 +281,8 @@ func (s *Service) getAccessToken() (string, error) { func detectContextWindow(betaHeader string, totalInputTokens int64) int { if totalInputTokens > premiumContextThreshold { - features := strings.Split(betaHeader, ",") - for _, feature := range features { + features := strings.SplitSeq(betaHeader, ",") + for feature := range features { if strings.HasPrefix(strings.TrimSpace(feature), "context-1m") { return contextWindowPremium } @@ -507,8 +505,8 @@ func (s *Service) handleResponseWithTracking(writer http.ResponseWriter, respons continue } - if bytes.HasPrefix(line, []byte("data: ")) { - eventData := bytes.TrimPrefix(line, []byte("data: ")) + if after, ok0 := bytes.CutPrefix(line, []byte("data: ")); ok0 { + eventData := after if bytes.Equal(eventData, []byte("[DONE]")) { continue } diff --git a/service/ocm/service.go b/service/ocm/service.go index 8b66964a..18bae457 100644 --- a/service/ocm/service.go +++ b/service/ocm/service.go @@ -556,8 +556,8 @@ func (s *Service) handleResponseWithTracking(writer http.ResponseWriter, respons continue } - if bytes.HasPrefix(line, []byte("data: ")) { - eventData := bytes.TrimPrefix(line, []byte("data: ")) + if after, ok0 := bytes.CutPrefix(line, []byte("data: ")); ok0 { + eventData := after if bytes.Equal(eventData, []byte("[DONE]")) { continue } diff --git a/service/ocm/service_usage.go b/service/ocm/service_usage.go index 589fd093..18696f3b 100644 --- a/service/ocm/service_usage.go +++ b/service/ocm/service_usage.go @@ -851,10 +851,7 @@ func normalizeGPT5Model(model string) string { func calculateCost(stats UsageStats, model string, serviceTier string, contextWindow int) float64 { pricing := getPricing(model, serviceTier, contextWindow) - regularInputTokens := stats.InputTokens - stats.CachedTokens - if regularInputTokens < 0 { - regularInputTokens = 0 - } + regularInputTokens := max(stats.InputTokens-stats.CachedTokens, 0) cost := (float64(regularInputTokens)*pricing.InputPrice + float64(stats.OutputTokens)*pricing.OutputPrice + diff --git a/service/oomkiller/service.go b/service/oomkiller/service.go index c3612d92..ff90f6e4 100644 --- a/service/oomkiller/service.go +++ b/service/oomkiller/service.go @@ -96,6 +96,7 @@ func (s *Service) Start(stage adapter.StartStage) error { if s.hasTimerMode { s.adaptiveTimer = newAdaptiveTimer(s.logger, s.router, s.timerConfig) + s.adaptiveTimer.start(false) if s.memoryLimit > 0 { s.logger.Info("started memory monitor with limit: ", s.memoryLimit/(1024*1024), " MiB") } else { @@ -164,7 +165,7 @@ func goMemoryPressureCallback(status C.ulong) { if isCritical { s.logger.Warn("memory pressure: ", level, ", usage: ", usage/(1024*1024), " MiB") if s.adaptiveTimer != nil { - s.adaptiveTimer.startNow() + s.adaptiveTimer.start(true) } } else if isWarning { s.logger.Warn("memory pressure: ", level, ", usage: ", usage/(1024*1024), " MiB") diff --git a/service/oomkiller/service_stub.go b/service/oomkiller/service_stub.go index 13348bac..7c1b84e8 100644 --- a/service/oomkiller/service_stub.go +++ b/service/oomkiller/service_stub.go @@ -64,7 +64,7 @@ func (s *Service) Start(stage adapter.StartStage) error { return E.New("memory pressure monitoring is not available on this platform without memory_limit") } s.adaptiveTimer = newAdaptiveTimer(s.logger, s.router, s.timerConfig) - s.adaptiveTimer.start(0) + s.adaptiveTimer.start(false) if s.useAvailable { s.logger.Info("started memory monitor with available memory detection") } else { diff --git a/service/oomkiller/service_timer.go b/service/oomkiller/service_timer.go index 315e1715..9f6a06c7 100644 --- a/service/oomkiller/service_timer.go +++ b/service/oomkiller/service_timer.go @@ -55,17 +55,13 @@ func newAdaptiveTimer(logger log.ContextLogger, router adapter.Router, config ti } } -func (t *adaptiveTimer) start(_ uint64) { - t.access.Lock() - defer t.access.Unlock() - t.startLocked() -} - -func (t *adaptiveTimer) startNow() { +func (t *adaptiveTimer) start(immediate bool) { t.access.Lock() t.startLocked() t.access.Unlock() - t.poll() + if immediate { + t.poll() + } } func (t *adaptiveTimer) startLocked() { @@ -90,12 +86,6 @@ func (t *adaptiveTimer) stopLocked() { } } -func (t *adaptiveTimer) running() bool { - t.access.Lock() - defer t.access.Unlock() - return t.timer != nil -} - func (t *adaptiveTimer) poll() { t.access.Lock() defer t.access.Unlock() @@ -144,13 +134,8 @@ func (t *adaptiveTimer) poll() { interval = t.maxInterval } else { timeToLimit := time.Duration(float64(remaining) / float64(delta) * float64(t.lastInterval)) - interval = timeToLimit / time.Duration(t.checksBeforeLimit) - if interval < t.minInterval { - interval = t.minInterval - } - if interval > t.maxInterval { - interval = t.maxInterval - } + interval = max(timeToLimit/time.Duration(t.checksBeforeLimit), t.minInterval) + interval = min(interval, t.maxInterval) } t.lastInterval = interval diff --git a/service/resolved/resolve1.go b/service/resolved/resolve1.go index ed1ee41a..6b347060 100644 --- a/service/resolved/resolve1.go +++ b/service/resolved/resolve1.go @@ -10,6 +10,7 @@ import ( "os" "os/user" "path/filepath" + "slices" "strconv" "strings" "syscall" @@ -127,7 +128,7 @@ func (t *resolve1Manager) createMetadata(sender dbus.Sender) adapter.InboundCont var uidFound bool statusContent, err := os.ReadFile(F.ToString("/proc/", senderPid, "/status")) if err == nil { - for _, line := range strings.Split(string(statusContent), "\n") { + for line := range strings.SplitSeq(string(statusContent), "\n") { line = strings.TrimSpace(line) if strings.HasPrefix(line, "Uid:") { fields := strings.Fields(line) @@ -255,8 +256,8 @@ func (t *resolve1Manager) ResolveAddress(sender dbus.Sender, ifIndex int32, fami return } var nibbles []string - for i := len(address) - 1; i >= 0; i-- { - b := address[i] + for _, v := range slices.Backward(address) { + b := v nibbles = append(nibbles, fmt.Sprintf("%x", b&0x0F)) nibbles = append(nibbles, fmt.Sprintf("%x", b>>4)) } diff --git a/service/resolved/transport.go b/service/resolved/transport.go index ac20663a..bdc35551 100644 --- a/service/resolved/transport.go +++ b/service/resolved/transport.go @@ -248,7 +248,7 @@ func (t *Transport) tryOneName(ctx context.Context, servers *LinkServers, messag sLen := uint32(len(servers.Servers)) var lastErr error for i := 0; i < t.attempts; i++ { - for j := uint32(0); j < sLen; j++ { + for j := range sLen { server := servers.Servers[(serverOffset+j)%sLen] question := message.Question[0] question.Name = fqdn diff --git a/transport/masque/buffer.go b/transport/masque/buffer.go deleted file mode 100644 index 61082e7e..00000000 --- a/transport/masque/buffer.go +++ /dev/null @@ -1,34 +0,0 @@ -package masque - -import "sync" - -type NetBuffer struct { - capacity uint32 - buf sync.Pool -} - -func (n *NetBuffer) Get() []byte { - return *n.buf.Get().(*[]byte) -} - -func (n *NetBuffer) Put(buf []byte) { - if cap(buf) != int(n.capacity) { - return - } - n.buf.Put(&buf) -} - -func NewNetBuffer(capacity uint32) *NetBuffer { - if capacity == 0 { - panic("capacity must be greater than 0") - } - return &NetBuffer{ - capacity: capacity, - buf: sync.Pool{ - New: func() interface{} { - b := make([]byte, capacity) - return &b - }, - }, - } -} diff --git a/transport/masque/device_stack.go b/transport/masque/device_stack.go index a25115c0..0d926dca 100644 --- a/transport/masque/device_stack.go +++ b/transport/masque/device_stack.go @@ -1,3 +1,5 @@ +//go:build with_gvisor + package masque import ( diff --git a/transport/masque/device_stack_stub.go b/transport/masque/device_stack_stub.go new file mode 100644 index 00000000..476a1f58 --- /dev/null +++ b/transport/masque/device_stack_stub.go @@ -0,0 +1,13 @@ +//go:build !with_gvisor + +package masque + +import "github.com/sagernet/sing-tun" + +func newStackDevice(options DeviceOptions) (Device, error) { + return nil, tun.ErrGVisorNotIncluded +} + +func newSystemStackDevice(options DeviceOptions) (Device, error) { + return nil, tun.ErrGVisorNotIncluded +} diff --git a/transport/masque/masque.go b/transport/masque/masque.go index 62b90fd7..477eb9d4 100644 --- a/transport/masque/masque.go +++ b/transport/masque/masque.go @@ -8,7 +8,6 @@ import ( "net" "net/http" "net/netip" - "net/url" "strings" connectip "github.com/Diniboy1123/connect-ip-go" @@ -85,7 +84,9 @@ func ConnectTunnel(ctx context.Context, dialer N.Dialer, tlsConfig aTLS.Config, hconn := tr.NewClientConn(conn) ipConn, rsp, err := connectip.Dial(ctx, hconn, template, "cf-connect-ip", additionalHeaders, true) if err != nil { - if err.Error() == "CRYPTO_ERROR 0x131 (remote): tls: access denied" { + _ = tr.Close() + _ = conn.CloseWithError(0, "connect-ip dial failed") + if strings.Contains(err.Error(), "tls: access denied") { return udpConn, nil, nil, nil, errors.New("login failed! Please double-check if your tls key and cert is enrolled in the Cloudflare Access service") } return udpConn, nil, nil, nil, fmt.Errorf("failed to dial connect-ip: %w", err) @@ -139,28 +140,3 @@ func newHTTP2Client(dialer N.Dialer, baseTLSConfig aTLS.Config, endpoint *net.TC }, }, nil } - -func authorityWithDefaultPort(u *url.URL, defaultPort string) string { - if u == nil { - return "" - } - - host := u.Hostname() - if host == "" { - return u.Host - } - - port := u.Port() - if port == "" { - port = defaultPort - } - - return net.JoinHostPort(host, port) -} - -func proxyDefaultPort(u *url.URL) string { - if u != nil && u.Scheme == "https" { - return "443" - } - return "80" -} diff --git a/transport/masque/tunnel.go b/transport/masque/tunnel.go index c5f65443..f76e4599 100644 --- a/transport/masque/tunnel.go +++ b/transport/masque/tunnel.go @@ -6,9 +6,11 @@ import ( "fmt" "net" "os" + "sync" "time" connectip "github.com/Diniboy1123/connect-ip-go" + "github.com/sagernet/quic-go/http3" E "github.com/sagernet/sing/common/exceptions" "github.com/sagernet/sing/common/logger" M "github.com/sagernet/sing/common/metadata" @@ -25,6 +27,12 @@ type Tunnel struct { options TunnelOptions tunDevice Device tunnelDevice TunnelDevice + + udpConn net.PacketConn + tr *http3.Transport + ipConn *connectip.Conn + + mtx sync.Mutex } func NewTunnel(ctx context.Context, logger logger.ContextLogger, options TunnelOptions) (*Tunnel, error) { @@ -55,7 +63,7 @@ func (e *Tunnel) Start(resolve bool) error { if err != nil { return err } - go e.MaintainTunnel() + go e.maintainTunnel() } return nil } @@ -75,19 +83,95 @@ func (e *Tunnel) ListenPacket(ctx context.Context, destination M.Socksaddr) (net } func (e *Tunnel) Close() error { + e.mtx.Lock() + defer e.mtx.Unlock() + if e.ipConn != nil { + e.ipConn.Close() + if e.udpConn != nil { + e.udpConn.Close() + } + if e.tr != nil { + e.tr.Close() + } + e.ipConn = nil + } return e.tunDevice.Close() } -func (e *Tunnel) MaintainTunnel() { - packetBufferPool := NewNetBuffer(1280) +func (e *Tunnel) maintainTunnel() { + go func() { + buf := make([]byte, 1280) + for e.ctx.Err() == nil { + n, err := e.tunnelDevice.ReadPacket(buf) + if err != nil { + e.logger.ErrorContext(e.ctx, fmt.Errorf("failed to read from TUN device: %v", err)) + continue + } + ipConn, err := e.getIpConn() + if err != nil { + return + } + icmp, err := ipConn.WritePacket(buf[:n]) + if err != nil { + if errors.As(err, new(*connectip.CloseError)) { + if ok := e.closeIpConn(ipConn); ok { + e.logger.ErrorContext(e.ctx, fmt.Errorf("connection closed while writing to IP connection: %w", err)) + } + continue + } + e.logger.ErrorContext(e.ctx, fmt.Errorf("Error writing to IP connection: %v, continuing...", err)) + continue + } + if len(icmp) > 0 { + if err := e.tunnelDevice.WritePacket(icmp); err != nil { + if errors.As(err, new(*connectip.CloseError)) { + e.logger.ErrorContext(e.ctx, fmt.Errorf("connection closed while writing ICMP to TUN device: %v", err)) + continue + } + e.logger.ErrorContext(e.ctx, fmt.Errorf("Error writing ICMP to TUN device: %v, continuing...", err)) + } + } + } + }() + go func() { + buf := make([]byte, 1280) + for e.ctx.Err() == nil { + ipConn, err := e.getIpConn() + if err != nil { + return + } + n, err := ipConn.ReadPacket(buf, true) + if err != nil { + if e.options.UseHTTP2 || errors.As(err, new(*connectip.CloseError)) { + if ok := e.closeIpConn(ipConn); ok { + e.logger.ErrorContext(e.ctx, fmt.Errorf("connection closed while reading from IP connection: %v", err)) + } + continue + } + e.logger.ErrorContext(e.ctx, fmt.Errorf("Error reading from IP connection: %v, continuine...", err)) + continue + } + if err := e.tunnelDevice.WritePacket(buf[:n]); err != nil { + continue + } + } + }() + <-e.ctx.Done() +} + +func (e *Tunnel) getIpConn() (*connectip.Conn, error) { + e.mtx.Lock() + defer e.mtx.Unlock() + if e.ctx.Err() != nil { + return nil, e.ctx.Err() + } + if e.ipConn != nil { + return e.ipConn, nil + } + e.logger.InfoContext(e.ctx, "Establishing MASQUE connection to ", e.options.Endpoint) timer := time.NewTimer(0) defer timer.Stop() for { - select { - case <-e.ctx.Done(): - return - default: - } e.logger.InfoContext(e.ctx, fmt.Errorf("Establishing MASQUE connection to %s", e.options.Endpoint)) udpConn, tr, ipConn, rsp, err := ConnectTunnel( e.ctx, @@ -99,17 +183,17 @@ func (e *Tunnel) MaintainTunnel() { e.options.UseHTTP2, ) if err != nil { - e.logger.InfoContext(e.ctx, fmt.Errorf("Failed to connect tunnel: %v", err)) + e.logger.ErrorContext(e.ctx, fmt.Errorf("Failed to connect tunnel: %v", err)) timer.Reset(e.options.ReconnectDelay) select { case <-e.ctx.Done(): - return + return nil, err case <-timer.C: } continue } if rsp.StatusCode != 200 { - e.logger.InfoContext(e.ctx, fmt.Errorf("Tunnel connection failed: %s", rsp.Status)) + e.logger.ErrorContext(e.ctx, fmt.Errorf("Tunnel connection failed: %s", rsp.Status)) ipConn.Close() if udpConn != nil { udpConn.Close() @@ -120,81 +204,32 @@ func (e *Tunnel) MaintainTunnel() { timer.Reset(e.options.ReconnectDelay) select { case <-e.ctx.Done(): - return + return nil, err case <-timer.C: } continue } - e.logger.InfoContext(e.ctx, "Connected to MASQUE server") - errChan := make(chan error, 2) - go func() { - for { - buf := packetBufferPool.Get() - n, err := e.tunnelDevice.ReadPacket(buf) - if err != nil { - packetBufferPool.Put(buf) - errChan <- fmt.Errorf("failed to read from TUN device: %w", err) - return - } - icmp, err := ipConn.WritePacket(buf[:n]) - if err != nil { - packetBufferPool.Put(buf) - if errors.As(err, new(*connectip.CloseError)) { - errChan <- fmt.Errorf("connection closed while writing to IP connection: %w", err) - return - } - e.logger.InfoContext(e.ctx, fmt.Errorf("Error writing to IP connection: %v, continuing...", err)) - continue - } - packetBufferPool.Put(buf) - if len(icmp) > 0 { - if err := e.tunnelDevice.WritePacket(icmp); err != nil { - if errors.As(err, new(*connectip.CloseError)) { - errChan <- fmt.Errorf("connection closed while writing ICMP to TUN device: %w", err) - return - } - e.logger.InfoContext(e.ctx, fmt.Errorf("Error writing ICMP to TUN device: %v, continuing...", err)) - } - } - } - }() - go func() { - buf := packetBufferPool.Get() - defer packetBufferPool.Put(buf) - for { - n, err := ipConn.ReadPacket(buf, true) - if err != nil { - if e.options.UseHTTP2 { - errChan <- fmt.Errorf("connection closed while reading from IP connection: %w", err) - return - } - if errors.As(err, new(*connectip.CloseError)) { - errChan <- fmt.Errorf("connection closed while reading from IP connection: %w", err) - return - } - e.logger.InfoContext(e.ctx, fmt.Errorf("Error reading from IP connection: %v, continuing...", err)) - continue - } - if err := e.tunnelDevice.WritePacket(buf[:n]); err != nil { - errChan <- fmt.Errorf("failed to write to TUN device: %w", err) - return - } - } - }() - err = <-errChan - e.logger.InfoContext(e.ctx, fmt.Errorf("Tunnel connection lost: %v. Reconnecting...", err)) - ipConn.Close() - if udpConn != nil { - udpConn.Close() - } - if tr != nil { - tr.Close() - } - timer.Reset(e.options.ReconnectDelay) - select { - case <-e.ctx.Done(): - return - case <-timer.C: - } + e.udpConn = udpConn + e.tr = tr + e.ipConn = ipConn + e.logger.InfoContext(e.ctx, "Connected to MASQUE server", e.options.Endpoint) + return ipConn, nil } } + +func (e *Tunnel) closeIpConn(ipConn *connectip.Conn) bool { + e.mtx.Lock() + defer e.mtx.Unlock() + if ipConn == e.ipConn { + e.ipConn.Close() + if e.udpConn != nil { + e.udpConn.Close() + } + if e.tr != nil { + e.tr.Close() + } + e.ipConn = nil + return true + } + return false +} diff --git a/transport/sip003/args.go b/transport/sip003/args.go index b9fae3da..de6113f7 100644 --- a/transport/sip003/args.go +++ b/transport/sip003/args.go @@ -105,15 +105,3 @@ func ParsePluginOptions(s string) (opts Args, err error) { } return opts, nil } - -// Escape backslashes and all the bytes that are in set. -func backslashEscape(s string, set []byte) string { - var buf bytes.Buffer - for _, b := range []byte(s) { - if b == '\\' || bytes.IndexByte(set, b) != -1 { - buf.WriteByte('\\') - } - buf.WriteByte(b) - } - return buf.String() -} diff --git a/transport/v2raygrpc/client.go b/transport/v2raygrpc/client.go index 5af53856..a915e1eb 100644 --- a/transport/v2raygrpc/client.go +++ b/transport/v2raygrpc/client.go @@ -10,7 +10,6 @@ import ( "github.com/sagernet/sing-box/adapter" "github.com/sagernet/sing-box/common/tls" "github.com/sagernet/sing-box/option" - "github.com/sagernet/sing/common" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" @@ -100,7 +99,7 @@ func (c *Client) DialContext(ctx context.Context) (net.Conn, error) { return nil, err } client := NewGunServiceClient(clientConn).(GunServiceCustomNameClient) - ctx, cancel := common.ContextWithCancelCause(ctx) + ctx, cancel := context.WithCancelCause(ctx) stream, err := client.TunCustomName(ctx, c.serviceName) if err != nil { cancel(err) diff --git a/transport/v2raygrpc/credentials/credentials.go b/transport/v2raygrpc/credentials/credentials.go index 32c9b590..9deee7f6 100644 --- a/transport/v2raygrpc/credentials/credentials.go +++ b/transport/v2raygrpc/credentials/credentials.go @@ -25,12 +25,12 @@ import ( type requestInfoKey struct{} // NewRequestInfoContext creates a context with ri. -func NewRequestInfoContext(ctx context.Context, ri interface{}) context.Context { +func NewRequestInfoContext(ctx context.Context, ri any) context.Context { return context.WithValue(ctx, requestInfoKey{}, ri) } // RequestInfoFromContext extracts the RequestInfo from ctx. -func RequestInfoFromContext(ctx context.Context) interface{} { +func RequestInfoFromContext(ctx context.Context) any { return ctx.Value(requestInfoKey{}) } @@ -39,11 +39,11 @@ func RequestInfoFromContext(ctx context.Context) interface{} { type clientHandshakeInfoKey struct{} // ClientHandshakeInfoFromContext extracts the ClientHandshakeInfo from ctx. -func ClientHandshakeInfoFromContext(ctx context.Context) interface{} { +func ClientHandshakeInfoFromContext(ctx context.Context) any { return ctx.Value(clientHandshakeInfoKey{}) } // NewClientHandshakeInfoContext creates a context with chi. -func NewClientHandshakeInfoContext(ctx context.Context, chi interface{}) context.Context { +func NewClientHandshakeInfoContext(ctx context.Context, chi any) context.Context { return context.WithValue(ctx, clientHandshakeInfoKey{}, chi) } diff --git a/transport/v2raygrpc/credentials/util.go b/transport/v2raygrpc/credentials/util.go index f792fd22..ab864977 100644 --- a/transport/v2raygrpc/credentials/util.go +++ b/transport/v2raygrpc/credentials/util.go @@ -20,16 +20,15 @@ package credentials import ( "crypto/tls" + "slices" ) const alpnProtoStrH2 = "h2" // AppendH2ToNextProtos appends h2 to next protos. func AppendH2ToNextProtos(ps []string) []string { - for _, p := range ps { - if p == alpnProtoStrH2 { - return ps - } + if slices.Contains(ps, alpnProtoStrH2) { + return ps } ret := make([]string, 0, len(ps)+1) ret = append(ret, ps...) diff --git a/transport/v2raygrpc/server.go b/transport/v2raygrpc/server.go index 4d426aa1..6160c2f3 100644 --- a/transport/v2raygrpc/server.go +++ b/transport/v2raygrpc/server.go @@ -60,7 +60,7 @@ func (s *Server) Tun(server GunService_TunServer) error { if grpcMetadata, loaded := gM.FromIncomingContext(server.Context()); loaded { forwardFrom := strings.Join(grpcMetadata.Get("X-Forwarded-For"), ",") if forwardFrom != "" { - for _, from := range strings.Split(forwardFrom, ",") { + for from := range strings.SplitSeq(forwardFrom, ",") { originAddr := M.ParseSocksaddr(from) if originAddr.IsValid() { source = originAddr.Unwrap() diff --git a/transport/v2raygrpc/stream.pb.go b/transport/v2raygrpc/stream.pb.go index 5eaa9326..b14d7207 100644 --- a/transport/v2raygrpc/stream.pb.go +++ b/transport/v2raygrpc/stream.pb.go @@ -1,17 +1,12 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.36.11 -// protoc v6.31.1 -// source: transport/v2raygrpc/stream.proto - package v2raygrpc import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( @@ -88,10 +83,12 @@ func file_transport_v2raygrpc_stream_proto_rawDescGZIP() []byte { return file_transport_v2raygrpc_stream_proto_rawDescData } -var file_transport_v2raygrpc_stream_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_transport_v2raygrpc_stream_proto_goTypes = []any{ - (*Hunk)(nil), // 0: transport.v2raygrpc.Hunk -} +var ( + file_transport_v2raygrpc_stream_proto_msgTypes = make([]protoimpl.MessageInfo, 1) + file_transport_v2raygrpc_stream_proto_goTypes = []any{ + (*Hunk)(nil), // 0: transport.v2raygrpc.Hunk + } +) var file_transport_v2raygrpc_stream_proto_depIdxs = []int32{ 0, // 0: transport.v2raygrpc.GunService.Tun:input_type -> transport.v2raygrpc.Hunk 0, // 1: transport.v2raygrpc.GunService.Tun:output_type -> transport.v2raygrpc.Hunk diff --git a/transport/v2raygrpc/stream_grpc.pb.go b/transport/v2raygrpc/stream_grpc.pb.go index 69a05ab0..21cc3279 100644 --- a/transport/v2raygrpc/stream_grpc.pb.go +++ b/transport/v2raygrpc/stream_grpc.pb.go @@ -1,13 +1,8 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. -// versions: -// - protoc-gen-go-grpc v1.6.1 -// - protoc v6.31.1 -// source: transport/v2raygrpc/stream.proto - package v2raygrpc import ( context "context" + grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" diff --git a/transport/v2rayxhttp/client.go b/transport/v2rayxhttp/client.go index 6261635d..e8f5fb12 100644 --- a/transport/v2rayxhttp/client.go +++ b/transport/v2rayxhttp/client.go @@ -192,6 +192,8 @@ func (c *Client) DialContext(ctx context.Context) (net.Conn, error) { go func() { var seq int64 var lastWrite time.Time + dynamicHTTPClient := httpClient + dynamicXmuxClient := xmuxClient for { // by offloading the uploads into a buffered pipe, multiple conn.Write // calls get automatically batched together into larger POST requests. @@ -219,12 +221,12 @@ func (c *Client) DialContext(ctx context.Context) (net.Conn, error) { time.Sleep(time.Duration(scMinPostsIntervalMs.Rand())*time.Millisecond - time.Since(lastWrite)) } lastWrite = time.Now() - if xmuxClient != nil && (xmuxClient.LeftRequests.Add(-1) <= 0 || - (xmuxClient.UnreusableAt != time.Time{} && lastWrite.After(xmuxClient.UnreusableAt))) { - httpClient, xmuxClient = c.getHTTPClient() + if dynamicXmuxClient != nil && (dynamicXmuxClient.LeftRequests.Add(-1) <= 0 || + (dynamicXmuxClient.UnreusableAt != time.Time{} && lastWrite.After(dynamicXmuxClient.UnreusableAt))) { + dynamicHTTPClient, dynamicXmuxClient = c.getHTTPClient() } - go func() { - err := httpClient.PostPacket( + go func(hClient DialerClient) { + err := hClient.PostPacket( ctx, requestURL.String(), sessionId, @@ -236,8 +238,8 @@ func (c *Client) DialContext(ctx context.Context) (net.Conn, error) { uploadPipeReader.Interrupt() doSplit.Store(false) } - }() - if _, ok := httpClient.(*DefaultDialerClient); ok { + }(dynamicHTTPClient) + if _, ok := dynamicHTTPClient.(*DefaultDialerClient); ok { <-wroteRequest.Wait() } } diff --git a/transport/v2rayxhttp/dialer.go b/transport/v2rayxhttp/dialer.go index 4b85edd1..08cc4ddc 100644 --- a/transport/v2rayxhttp/dialer.go +++ b/transport/v2rayxhttp/dialer.go @@ -70,12 +70,14 @@ func (c *DefaultDialerClient) OpenStream(ctx context.Context, url string, sessio c.closed = true } gotConn.Close() + common.Close(body) wrc.Close() return } if resp.StatusCode != 200 || uploadOnly { // stream-up io.Copy(io.Discard, resp.Body) resp.Body.Close() // if it is called immediately, the upload will be interrupted also + common.Close(body) wrc.Close() return } diff --git a/transport/wireguard/client_bind.go b/transport/wireguard/client_bind.go index 10a0f691..fa673b82 100644 --- a/transport/wireguard/client_bind.go +++ b/transport/wireguard/client_bind.go @@ -136,7 +136,7 @@ func (c *ClientBind) receive(packets [][]byte, sizes []int, eps []conn.Endpoint) sizes[0] = n if n > 3 { b := packets[0] - common.ClearArray(b[1:4]) + clear(b[1:4]) } eps[0] = remoteEndpoint(M.SocksaddrFromNet(addr).Unwrap().AddrPort()) count = 1 diff --git a/transport/wireguard/device_stack.go b/transport/wireguard/device_stack.go index a190baba..373a050d 100644 --- a/transport/wireguard/device_stack.go +++ b/transport/wireguard/device_stack.go @@ -7,6 +7,7 @@ import ( "net" "net/netip" "os" + "sync" "time" "github.com/sagernet/gvisor/pkg/buffer" @@ -42,6 +43,7 @@ type stackDevice struct { outbound chan *stack.PacketBuffer packetOutbound chan *buf.Buffer done chan struct{} + closeOnce sync.Once dispatcher stack.NetworkDispatcher inet4Address netip.Addr inet6Address netip.Addr @@ -146,11 +148,17 @@ func (w *stackDevice) ListenPacket(ctx context.Context, destination M.Socksaddr) } var networkProtocol tcpip.NetworkProtocolNumber if destination.IsIPv4() { + if !w.inet4Address.IsValid() { + return nil, E.New("missing IPv4 local address") + } networkProtocol = header.IPv4ProtocolNumber bind.Addr = tun.AddressFromAddr(w.inet4Address) } else { + if !w.inet6Address.IsValid() { + return nil, E.New("missing IPv6 local address") + } networkProtocol = header.IPv6ProtocolNumber - bind.Addr = tun.AddressFromAddr(w.inet4Address) + bind.Addr = tun.AddressFromAddr(w.inet6Address) } udpConn, err := gonet.DialUDP(w.stack, &bind, nil, networkProtocol) if err != nil { @@ -244,13 +252,15 @@ func (w *stackDevice) Events() <-chan wgTun.Event { } func (w *stackDevice) Close() error { - close(w.done) - close(w.events) - w.stack.Close() - for _, endpoint := range w.stack.CleanupEndpoints() { - endpoint.Abort() - } - w.stack.Wait() + w.closeOnce.Do(func() { + close(w.done) + close(w.events) + w.stack.Close() + for _, endpoint := range w.stack.CleanupEndpoints() { + endpoint.Abort() + } + w.stack.Wait() + }) return nil } diff --git a/transport/wireguard/device_system.go b/transport/wireguard/device_system.go index dcf2959b..1c0b8b6c 100644 --- a/transport/wireguard/device_system.go +++ b/transport/wireguard/device_system.go @@ -111,6 +111,7 @@ func (w *systemDevice) Start() error { } err = tunInterface.Start() if err != nil { + tunInterface.Close() return err } w.options.Logger.Info("started at ", w.options.Name) @@ -147,7 +148,7 @@ func (w *systemDevice) Write(bufs [][]byte, offset int) (count int, err error) { } else { for _, packet := range bufs { if tun.PacketOffset > 0 { - common.ClearArray(packet[offset-tun.PacketOffset : offset]) + clear(packet[offset-tun.PacketOffset : offset]) tun.PacketFillHeader(packet[offset-tun.PacketOffset:], tun.PacketIPVersion(packet[offset:])) } _, err = w.device.Write(packet[offset-tun.PacketOffset:]) @@ -177,8 +178,14 @@ func (w *systemDevice) Events() <-chan wgTun.Event { } func (w *systemDevice) Close() error { - close(w.events) - return w.device.Close() + var err error + w.closeOnce.Do(func() { + close(w.events) + if w.device != nil { + err = w.device.Close() + } + }) + return err } func (w *systemDevice) BatchSize() int { diff --git a/transport/wireguard/device_system_stack.go b/transport/wireguard/device_system_stack.go index 94fd6f4f..59c5f4ab 100644 --- a/transport/wireguard/device_system_stack.go +++ b/transport/wireguard/device_system_stack.go @@ -5,6 +5,7 @@ package wireguard import ( "context" "net/netip" + "sync" "time" "github.com/sagernet/gvisor/pkg/buffer" @@ -20,7 +21,6 @@ import ( "github.com/sagernet/sing-box/log" "github.com/sagernet/sing-tun" "github.com/sagernet/sing-tun/ping" - "github.com/sagernet/sing/common" E "github.com/sagernet/sing/common/exceptions" "github.com/sagernet/sing/common/logger" "github.com/sagernet/wireguard-go/device" @@ -35,6 +35,7 @@ type systemStackDevice struct { stack *stack.Stack endpoint *deviceEndpoint writeBufs [][]byte + closeOnce sync.Once } func newSystemStackDevice(options DeviceOptions) (*systemStackDevice, error) { @@ -104,13 +105,13 @@ func (w *systemStackDevice) Write(bufs [][]byte, offset int) (count int, err err } } if len(w.writeBufs) > 0 { - return w.batchDevice.BatchWrite(bufs, offset) + return w.batchDevice.BatchWrite(w.writeBufs, offset) } } else { for _, packet := range bufs { if !w.writeStack(packet[offset:]) { if tun.PacketOffset > 0 { - common.ClearArray(packet[offset-tun.PacketOffset : offset]) + clear(packet[offset-tun.PacketOffset : offset]) tun.PacketFillHeader(packet[offset-tun.PacketOffset:], tun.PacketIPVersion(packet[offset:])) } _, err = w.device.Write(packet[offset-tun.PacketOffset:]) @@ -125,13 +126,17 @@ func (w *systemStackDevice) Write(bufs [][]byte, offset int) (count int, err err } func (w *systemStackDevice) Close() error { - close(w.endpoint.done) - w.stack.Close() - for _, endpoint := range w.stack.CleanupEndpoints() { - endpoint.Abort() - } - w.stack.Wait() - return w.systemDevice.Close() + var err error + w.closeOnce.Do(func() { + close(w.endpoint.done) + w.stack.Close() + for _, endpoint := range w.stack.CleanupEndpoints() { + endpoint.Abort() + } + w.stack.Wait() + err = w.systemDevice.Close() + }) + return err } func (w *systemStackDevice) writeStack(packet []byte) bool { diff --git a/transport/wireguard/endpoint.go b/transport/wireguard/endpoint.go index b8010334..c32d2214 100644 --- a/transport/wireguard/endpoint.go +++ b/transport/wireguard/endpoint.go @@ -183,10 +183,10 @@ func (e *Endpoint) Start(resolve bool) error { return err } logger := &device.Logger{ - Verbosef: func(format string, args ...interface{}) { + Verbosef: func(format string, args ...any) { e.options.Logger.Debug(fmt.Sprintf(strings.ToLower(format), args...)) }, - Errorf: func(format string, args ...interface{}) { + Errorf: func(format string, args ...any) { e.options.Logger.Error(fmt.Sprintf(strings.ToLower(format), args...)) }, } @@ -198,75 +198,77 @@ func (e *Endpoint) Start(resolve bool) error { } wgDevice := device.NewDevice(e.options.Context, deviceInput, bind, logger, e.options.Workers, e.options.PreallocatedBuffersPerPool, e.options.DisablePauses) e.tunDevice.SetDevice(wgDevice) - ipcConf := e.ipcConf + var ipcConf strings.Builder + ipcConf.WriteString(e.ipcConf) if e.options.Amnezia != nil { if e.options.Amnezia.JC > 0 { - ipcConf += "\njc=" + strconv.Itoa(e.options.Amnezia.JC) + ipcConf.WriteString("\njc=" + strconv.Itoa(e.options.Amnezia.JC)) } if e.options.Amnezia.JMin > 0 { - ipcConf += "\njmin=" + strconv.Itoa(e.options.Amnezia.JMin) + ipcConf.WriteString("\njmin=" + strconv.Itoa(e.options.Amnezia.JMin)) } if e.options.Amnezia.JMax > 0 { - ipcConf += "\njmax=" + strconv.Itoa(e.options.Amnezia.JMax) + ipcConf.WriteString("\njmax=" + strconv.Itoa(e.options.Amnezia.JMax)) } if e.options.Amnezia.S1 > 0 { - ipcConf += "\ns1=" + strconv.Itoa(e.options.Amnezia.S1) + ipcConf.WriteString("\ns1=" + strconv.Itoa(e.options.Amnezia.S1)) } if e.options.Amnezia.S2 > 0 { - ipcConf += "\ns2=" + strconv.Itoa(e.options.Amnezia.S2) + ipcConf.WriteString("\ns2=" + strconv.Itoa(e.options.Amnezia.S2)) } if e.options.Amnezia.S3 > 0 { - ipcConf += "\ns3=" + strconv.Itoa(e.options.Amnezia.S3) + ipcConf.WriteString("\ns3=" + strconv.Itoa(e.options.Amnezia.S3)) } if e.options.Amnezia.S4 > 0 { - ipcConf += "\ns4=" + strconv.Itoa(e.options.Amnezia.S4) + ipcConf.WriteString("\ns4=" + strconv.Itoa(e.options.Amnezia.S4)) } if e.options.Amnezia.H1 != nil { - ipcConf += "\nh1=" + e.options.Amnezia.H1.String() + ipcConf.WriteString("\nh1=" + e.options.Amnezia.H1.String()) } if e.options.Amnezia.H2 != nil { - ipcConf += "\nh2=" + e.options.Amnezia.H2.String() + ipcConf.WriteString("\nh2=" + e.options.Amnezia.H2.String()) } if e.options.Amnezia.H3 != nil { - ipcConf += "\nh3=" + e.options.Amnezia.H3.String() + ipcConf.WriteString("\nh3=" + e.options.Amnezia.H3.String()) } if e.options.Amnezia.H4 != nil { - ipcConf += "\nh4=" + e.options.Amnezia.H4.String() + ipcConf.WriteString("\nh4=" + e.options.Amnezia.H4.String()) } if e.options.Amnezia.I1 != "" { - ipcConf += "\ni1=" + e.options.Amnezia.I1 + ipcConf.WriteString("\ni1=" + e.options.Amnezia.I1) } if e.options.Amnezia.I2 != "" { - ipcConf += "\ni2=" + e.options.Amnezia.I2 + ipcConf.WriteString("\ni2=" + e.options.Amnezia.I2) } if e.options.Amnezia.I3 != "" { - ipcConf += "\ni3=" + e.options.Amnezia.I3 + ipcConf.WriteString("\ni3=" + e.options.Amnezia.I3) } if e.options.Amnezia.I4 != "" { - ipcConf += "\ni4=" + e.options.Amnezia.I4 + ipcConf.WriteString("\ni4=" + e.options.Amnezia.I4) } if e.options.Amnezia.I5 != "" { - ipcConf += "\ni5=" + e.options.Amnezia.I5 + ipcConf.WriteString("\ni5=" + e.options.Amnezia.I5) } if e.options.Amnezia.J1 != "" { - ipcConf += "\nj1=" + e.options.Amnezia.J1 + ipcConf.WriteString("\nj1=" + e.options.Amnezia.J1) } if e.options.Amnezia.J2 != "" { - ipcConf += "\nj2=" + e.options.Amnezia.J2 + ipcConf.WriteString("\nj2=" + e.options.Amnezia.J2) } if e.options.Amnezia.J3 != "" { - ipcConf += "\nj3=" + e.options.Amnezia.J3 + ipcConf.WriteString("\nj3=" + e.options.Amnezia.J3) } if e.options.Amnezia.ITime > 0 { - ipcConf += "\nitime=" + strconv.FormatInt(e.options.Amnezia.ITime, 10) + ipcConf.WriteString("\nitime=" + strconv.FormatInt(e.options.Amnezia.ITime, 10)) } } for _, peer := range e.peers { - ipcConf += peer.GenerateIpcLines() + ipcConf.WriteString(peer.GenerateIpcLines()) } - err = wgDevice.IpcSet(ipcConf) + err = wgDevice.IpcSet(ipcConf.String()) if err != nil { - return E.Cause(err, "setup wireguard: \n", ipcConf) + wgDevice.Close() + return E.Cause(err, "setup wireguard: \n", ipcConf.String()) } e.device = wgDevice e.pause = service.FromContext[pause.Manager](e.options.Context) @@ -294,10 +296,12 @@ func (e *Endpoint) ListenPacket(ctx context.Context, destination M.Socksaddr) (n func (e *Endpoint) Close() error { if e.pauseCallback != nil { e.pause.UnregisterCallback(e.pauseCallback) + e.pauseCallback = nil } if e.device != nil { e.device.Down() e.device.Close() + e.device = nil } return nil } @@ -336,18 +340,19 @@ type peerConfig struct { } func (c peerConfig) GenerateIpcLines() string { - ipcLines := "\npublic_key=" + c.publicKeyHex + var ipcLines strings.Builder + ipcLines.WriteString("\npublic_key=" + c.publicKeyHex) if c.endpoint.IsValid() { - ipcLines += "\nendpoint=" + c.endpoint.String() + ipcLines.WriteString("\nendpoint=" + c.endpoint.String()) } if c.preSharedKeyHex != "" { - ipcLines += "\npreshared_key=" + c.preSharedKeyHex + ipcLines.WriteString("\npreshared_key=" + c.preSharedKeyHex) } for _, allowedIP := range c.allowedIPs { - ipcLines += "\nallowed_ip=" + allowedIP.String() + ipcLines.WriteString("\nallowed_ip=" + allowedIP.String()) } if c.keepalive > 0 { - ipcLines += "\npersistent_keepalive_interval=" + F.ToString(c.keepalive) + ipcLines.WriteString("\npersistent_keepalive_interval=" + F.ToString(c.keepalive)) } - return ipcLines + return ipcLines.String() }