daxi20/smartdns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support TLS SPKI verify

Browse Source
This commit is contained in:
Nick Peng
2019-02-22 00:40:30 +08:00
parent 4465ce798a
commit 85b0eed3a2
10 changed files with 159 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
etc/smartdns/smartdns.conf
View File

@@ -93,7 +93,10 @@ log-level info
# server-tcp 8.8.8.8
# remote tls dns server list
# server-tls [IP]:[PORT] [-blacklist-ip] [-group [group] ...] [-exclude-default-group]
# server-tls [IP]:[PORT] [-blacklist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
# -spki-pin: TLS spki pin to verify.
# Get SKPI with this command:
# echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
# default port is 853
# server-tls 8.8.8.8
# server-tls 1.0.0.1
@@ -115,4 +118,4 @@ log-level info
# specific ipset to domain
# ipset /domain/[ipset|-]
# ipset /www.example.com/block, set ipset with ipset name of block
# ipset /www.example.com/-, ignore this domain
# ipset /www.example.com/-, ignore this domain