From 9ad8fe3138fc428b763231a4140533c661254dd1 Mon Sep 17 00:00:00 2001
From: ivulit <ivulit@users.noreply.github.com>
Date: Sat, 21 Feb 2026 10:22:51 +0300
Subject: [PATCH] Use mask_host for TLS emulation fetcher

---
 src/main.rs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 0e635de..8118a60 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -461,10 +461,12 @@ match crate::transport::middle_proxy::fetch_proxy_secret(proxy_secret_path).awai
         cache.load_from_disk().await;
 
         let port = config.censorship.mask_port;
+        let mask_host = config.censorship.mask_host.clone()
+            .unwrap_or_else(|| config.censorship.tls_domain.clone());
         // Initial synchronous fetch to warm cache before serving clients.
         for domain in tls_domains.clone() {
             match crate::tls_front::fetcher::fetch_real_tls(
-                &domain,
+                &mask_host,
                 port,
                 &domain,
                 Duration::from_secs(5),
@@ -488,7 +490,7 @@ match crate::transport::middle_proxy::fetch_proxy_secret(proxy_secret_path).awai
                 tokio::time::sleep(Duration::from_secs(base_secs + jitter_secs)).await;
                 for domain in &domains {
                     match crate::tls_front::fetcher::fetch_real_tls(
-                        domain,
+                        &mask_host,
                         port,
                         domain,
                         Duration::from_secs(5),