feat(trojan): support verify SSL hostname

README.md

@@ -58,6 +58,8 @@ put *config.json* file into the unpacked folder before running server
 
 >> `serverName`: the Server Name Indication field in the SSL handshake. If left blank, it will be set to `server.host`
 
+>> `verifyHostname`: whether to verify SSL hostname, default is `true`
+
 ## Features
 
 ### Transport

urban-spork-client/src/com/urbanspork/client/ClientSocksInitializer.java

@@ -11,7 +11,9 @@
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslHandler;
 
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 import java.io.File;
 
 public class ClientSocksInitializer extends ChannelInitializer<NioSocketChannel> {
@@ -34,6 +36,7 @@ protected void initChannel(NioSocketChannel channel) {
     public static SslHandler buildSslHandler(Channel ch, ServerConfig config) throws SSLException {
         String serverName = config.getHost();
         SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
+        boolean verifyHostname = true;
         if (config.getSsl() != null) {
             SslSetting ssl = config.getSsl();
             if (ssl.getCertificateFile() != null) {
@@ -42,8 +45,16 @@ public static SslHandler buildSslHandler(Channel ch, ServerConfig config) throws
             if (ssl.getServerName() != null) {
                 serverName = ssl.getServerName(); // override
             }
+            verifyHostname = ssl.isVerifyHostname();
         }
         SslContext sslContext = sslContextBuilder.build();
-        return sslContext.newHandler(ch.alloc(), serverName, config.getPort());
+        SslHandler sslHandler = sslContext.newHandler(ch.alloc(), serverName, config.getPort());
+        if (verifyHostname) {
+            SSLEngine sslEngine = sslHandler.engine();
+            SSLParameters sslParameters = sslEngine.getSSLParameters();
+            sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+            sslEngine.setSSLParameters(sslParameters);
+        }
+        return sslHandler;
     }
 }

urban-spork-common/src/com/urbanspork/common/config/SslSetting.java

@@ -6,6 +6,7 @@ public class SslSetting {
     private String keyFile;
     private String keyPassword;
     private String serverName;
+    private boolean verifyHostname = true;
 
     public String getCertificateFile() {
         return certificateFile;
@@ -38,4 +39,12 @@ public String getServerName() {
     public void setServerName(String serverName) {
         this.serverName = serverName;
     }
+
+    public boolean isVerifyHostname() {
+        return verifyHostname;
+    }
+
+    public void setVerifyHostname(boolean verifyHostname) {
+        this.verifyHostname = verifyHostname;
+    }
 }

urban-spork-test/test/com/urbanspork/client/ClientSocksInitializerTest.java

@@ -13,7 +13,9 @@ void testBuildSslHandler() {
         EmbeddedChannel channel = new EmbeddedChannel();
         ServerConfig config = ServerConfigTest.testConfig(0);
         Assertions.assertDoesNotThrow(() -> ClientSocksInitializer.buildSslHandler(channel, config));
-        config.setSsl(new SslSetting());
+        SslSetting ssl = new SslSetting();
+        ssl.setVerifyHostname(false);
+        config.setSsl(ssl);
         Assertions.assertDoesNotThrow(() -> ClientSocksInitializer.buildSslHandler(channel, config));
     }
 }

urban-spork-test/test/com/urbanspork/common/config/SslSettingTest.java

@@ -11,5 +11,6 @@ void testGetterAndSetter() {
         TestUtil.testGetterAndSetter("B", setting, SslSetting::getKeyFile, SslSetting::setKeyFile);
         TestUtil.testGetterAndSetter("C", setting, SslSetting::getKeyPassword, SslSetting::setKeyPassword);
         TestUtil.testGetterAndSetter("D", setting, SslSetting::getServerName, SslSetting::setServerName);
+        TestUtil.testGetterAndSetter(false, setting, SslSetting::isVerifyHostname, SslSetting::setVerifyHostname);
     }
 }