Update sing-box core, refactor MASQUE, update XHTTP

2026-06-26 20:29:03 +03:00 · 2026-05-29 01:31:57 +03:00
parent 1cb7950810
commit b953954b60
111 changed files with 1291 additions and 1660 deletions
--- a/common/certificate/store.go
+++ b/common/certificate/store.go
@@ -22,6 +22,7 @@ var _ adapter.CertificateStore = (*Store)(nil)

 type Store struct {
 	access                    sync.RWMutex
+	storeType                 string
 	systemPool                *x509.CertPool
 	currentPool               *x509.CertPool
 	certificate               string
@@ -31,9 +32,13 @@ type Store struct {
 }

 func NewStore(ctx context.Context, logger logger.Logger, options option.CertificateOptions) (*Store, error) {
+	storeType := options.Store
+	if storeType == "" {
+		storeType = C.CertificateStoreSystem
+	}
 	var systemPool *x509.CertPool
-	switch options.Store {
-	case C.CertificateStoreSystem, "":
+	switch storeType {
+	case C.CertificateStoreSystem:
 		systemPool = x509.NewCertPool()
 		platformInterface := service.FromContext[adapter.PlatformInterface](ctx)
 		var systemValid bool
@@ -51,16 +56,13 @@ func NewStore(ctx context.Context, logger logger.Logger, options option.Certific
 			}
 			systemPool = certPool
 		}
-	case C.CertificateStoreMozilla:
-		systemPool = mozillaIncluded
-	case C.CertificateStoreChrome:
-		systemPool = chromeIncluded
+	case C.CertificateStoreMozilla, C.CertificateStoreChrome:
 	case C.CertificateStoreNone:
-		systemPool = nil
 	default:
 		return nil, E.New("unknown certificate store: ", options.Store)
 	}
 	store := &Store{
+		storeType:                 storeType,
 		systemPool:                systemPool,
 		certificate:               strings.Join(options.Certificate, "\n"),
 		certificatePaths:          options.CertificatePath,
@@ -124,13 +126,9 @@ func (s *Store) Pool() *x509.CertPool {
 }

 func (s *Store) update() error {
-	s.access.Lock()
-	defer s.access.Unlock()
-	var currentPool *x509.CertPool
-	if s.systemPool == nil {
-		currentPool = x509.NewCertPool()
-	} else {
-		currentPool = s.systemPool.Clone()
+	currentPool, err := s.newBasePool()
+	if err != nil {
+		return err
 	}
 	if s.certificate != "" {
 		if !currentPool.AppendCertsFromPEM([]byte(s.certificate)) {
@@ -165,10 +163,30 @@ func (s *Store) update() error {
 	if firstErr != nil {
 		return firstErr
 	}
+	s.access.Lock()
+	defer s.access.Unlock()
 	s.currentPool = currentPool
 	return nil
 }

+func (s *Store) newBasePool() (*x509.CertPool, error) {
+	switch s.storeType {
+	case C.CertificateStoreSystem:
+		if s.systemPool == nil {
+			return x509.NewCertPool(), nil
+		}
+		return s.systemPool.Clone(), nil
+	case C.CertificateStoreMozilla:
+		return newMozillaIncluded(), nil
+	case C.CertificateStoreChrome:
+		return newChromeIncluded(), nil
+	case C.CertificateStoreNone:
+		return x509.NewCertPool(), nil
+	default:
+		return nil, E.New("unknown certificate store: ", s.storeType)
+	}
+}
+
 func readUniqueDirectoryEntries(dir string) ([]fs.DirEntry, error) {
 	files, err := os.ReadDir(dir)
 	if err != nil {