mirror of
https://github.com/seriyps/mtproto_proxy.git
synced 2026-05-13 08:46:46 +00:00
dfe8ebf034
Scanners probe for fake-TLS proxies by sending structurally malformed
ClientHellos (e.g. ExtensionsLen=0 with trailing extension bytes). A
real TLS server responds with a fatal decode_error alert; previously
the proxy crashed the handler process silently, making it detectable.
Changes:
- mtp_fake_tls: add TLS_REC_ALERT, TLS_ALERT_FATAL, TLS_ALERT_DECODE_ERROR
macros; export tls_decode_error_alert/0 which builds the 7-byte alert
frame from macros
- mtp_fake_tls: add second clause to parse_client_hello/1 that throws
{protocol_error, tls_bad_client_hello, bad_client_hello} instead of
letting a bare function_clause propagate
- mtp_fake_tls: tighten parse_sni/1 catch to match the specific tagged
error rather than a catch-all error:_
- mtp_handler: add attempt_fronting clauses for tls_bad_client_hello and
tls_no_sni — both send the decode_error alert before closing
- mtp_handler: effective_secret/2 now raises tls_bad_client_hello (not
tls_invalid_digest) when per_sni_secrets=on and the ClientHello has
no SNI, so it also gets the alert treatment
- single_dc_SUITE: new malformed_tls_hello_decode_error_case/1 verifies
the alert bytes are sent and the metric is incremented
- AGENTS.md: document test organisation, process architecture diagram,
and upstream/downstream naming note
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
||
|---|---|---|
| .. | ||
| bench_codec_decode.erl | ||
| bench_codec_encode.erl | ||
| mtp_prop_gen.erl | ||
| mtp_test_client.erl | ||
| mtp_test_cmd_rpc.erl | ||
| mtp_test_datacenter.erl | ||
| mtp_test_echo_rpc.erl | ||
| mtp_test_metric.erl | ||
| mtp_test_middle_server.erl | ||
| prop_mtp_abridged.erl | ||
| prop_mtp_aes_cbc.erl | ||
| prop_mtp_codec.erl | ||
| prop_mtp_fake_tls.erl | ||
| prop_mtp_full.erl | ||
| prop_mtp_intermediate.erl | ||
| prop_mtp_obfuscated.erl | ||
| prop_mtp_rpc.erl | ||
| prop_mtp_statefull.erl | ||
| single_dc_SUITE.erl | ||
| test-sys.config | ||