Merge 19f9eb36ac into 14674bd4e6

2026-06-19 09:21:10 +03:00 · 2026-04-06 21:40:25 +03:00
5 changed files with 13 additions and 55 deletions
@@ -150,7 +150,7 @@ systemctl daemon-reload

 **7.** To get the link(s), enter:
 ```bash
-curl -s http://127.0.0.1:9091/v1/users | jq -r '.data[] | "User: \(.username)\n\(.links.tls[0] // empty)"'
+curl -s http://127.0.0.1:9091/v1/users | jq
 ```

 > Any number of people can use one link.
@@ -150,7 +150,7 @@ systemctl daemon-reload

 **7.** Для получения ссылки/ссылок введите 
 ```bash
-curl -s http://127.0.0.1:9091/v1/users | jq -r '.data[] | "User: \(.username)\n\(.links.tls[0] // empty)"'
+curl -s http://127.0.0.1:9091/v1/users | jq
 ```
 > Одной ссылкой может пользоваться сколько угодно человек.

@@ -1,6 +1,5 @@
 #![allow(clippy::too_many_arguments)]

-use crc32fast::Hasher;
 use crate::crypto::{SecureRandom, sha256_hmac};
 use crate::protocol::constants::{
    MAX_TLS_CIPHERTEXT_SIZE, TLS_RECORD_APPLICATION, TLS_RECORD_CHANGE_CIPHER,
@@ -99,31 +98,6 @@ fn build_compact_cert_info_payload(cert_info: &ParsedCertificateInfo) -> Option<
    Some(payload)
 }

-fn hash_compact_cert_info_payload(cert_payload: Vec<u8>) -> Option<Vec<u8>> {
-    if cert_payload.is_empty() {
-        return None;
-    }
-
-    let mut hashed = Vec::with_capacity(cert_payload.len());
-    let mut seed_hasher = Hasher::new();
-    seed_hasher.update(&cert_payload);
-    let mut state = seed_hasher.finalize();
-
-    while hashed.len() < cert_payload.len() {
-        let mut hasher = Hasher::new();
-        hasher.update(&state.to_le_bytes());
-        hasher.update(&cert_payload);
-        state = hasher.finalize();
-
-        let block = state.to_le_bytes();
-        let remaining = cert_payload.len() - hashed.len();
-        let copy_len = remaining.min(block.len());
-        hashed.extend_from_slice(&block[..copy_len]);
-    }
-
-    Some(hashed)
-}
-
 /// Build a ServerHello + CCS + ApplicationData sequence using cached TLS metadata.
 pub fn build_emulated_server_hello(
    secret: &[u8],
@@ -216,8 +190,7 @@ pub fn build_emulated_server_hello(
    let compact_payload = cached
        .cert_info
        .as_ref()
-        .and_then(build_compact_cert_info_payload)
-        .and_then(hash_compact_cert_info_payload);
+        .and_then(build_compact_cert_info_payload);
    let selected_payload: Option<&[u8]> = if use_full_cert_payload {
        cached
            .cert_payload
@@ -248,6 +221,7 @@ pub fn build_emulated_server_hello(
            marker.extend_from_slice(proto);
            marker
        });
+    let mut payload_offset = 0usize;
    for (idx, size) in sizes.into_iter().enumerate() {
        let mut rec = Vec::with_capacity(5 + size);
        rec.push(TLS_RECORD_APPLICATION);
@@ -257,10 +231,11 @@ pub fn build_emulated_server_hello(
        if let Some(payload) = selected_payload {
            if size > 17 {
                let body_len = size - 17;
-                let remaining = payload.len();
+                let remaining = payload.len().saturating_sub(payload_offset);
                let copy_len = remaining.min(body_len);
                if copy_len > 0 {
-                    rec.extend_from_slice(&payload[..copy_len]);
+                    rec.extend_from_slice(&payload[payload_offset..payload_offset + copy_len]);
+                    payload_offset += copy_len;
                }
                if body_len > copy_len {
                    rec.extend_from_slice(&rng.bytes(body_len - copy_len));
@@ -342,9 +317,7 @@ mod tests {
        CachedTlsData, ParsedServerHello, TlsBehaviorProfile, TlsCertPayload, TlsProfileSource,
    };

-    use super::{
-        build_compact_cert_info_payload, build_emulated_server_hello, hash_compact_cert_info_payload,
-    };
+    use super::build_emulated_server_hello;
    use crate::crypto::SecureRandom;
    use crate::protocol::constants::{
        TLS_RECORD_APPLICATION, TLS_RECORD_CHANGE_CIPHER, TLS_RECORD_HANDSHAKE,
@@ -459,21 +432,7 @@ mod tests {
        );

        let payload = first_app_data_payload(&response);
-        let expected_hashed_payload = build_compact_cert_info_payload(
-            cached
-                .cert_info
-                .as_ref()
-                .expect("test fixture must provide certificate info"),
-        )
-        .and_then(hash_compact_cert_info_payload)
-        .expect("compact certificate info payload must be present for this test");
-        let copied_prefix_len = expected_hashed_payload
-            .len()
-            .min(payload.len().saturating_sub(17));
-        assert_eq!(
-            &payload[..copied_prefix_len],
-            &expected_hashed_payload[..copied_prefix_len]
-        );
+        assert!(payload.starts_with(b"CN=example.com"));
    }

    #[test]
@@ -383,7 +383,8 @@ async fn check_family(
    let reconnect_budget = health_reconnect_budget(pool, dc_endpoints.len());
    let reconnect_sem = Arc::new(Semaphore::new(reconnect_budget));

-    if pool.floor_mode() == MeFloorMode::Static {}
+    if pool.floor_mode() == MeFloorMode::Static {
+    }

    let mut live_addr_counts = HashMap::<(i32, SocketAddr), usize>::new();
    let mut live_writer_ids_by_addr = HashMap::<(i32, SocketAddr), Vec<u64>>::new();
@@ -616,8 +617,7 @@ async fn check_family(
                        continue;
                    }

-                    let base_req = pool_for_reconnect
-                        .required_writers_for_dc_with_floor_mode(endpoints_for_dc.len(), false);
+                    let base_req = pool_for_reconnect.required_writers_for_dc_with_floor_mode(endpoints_for_dc.len(), false);
                    if alive + restored >= base_req {
                        pool_for_reconnect
                            .stats
@@ -1670,8 +1670,7 @@ impl MePool {
                }

                if endpoints_len > 0 {
-                    let base_req =
-                        self.required_writers_for_dc_with_floor_mode(endpoints_len, false);
+                    let base_req = self.required_writers_for_dc_with_floor_mode(endpoints_len, false);
                    let active_for_dc = {
                        let ws = self.writers.read().await;
                        ws.iter()