增加TlsIgnoreNameMismatch配置

FastGithub.Core/DomainConfig.cs

@@ -17,6 +17,12 @@ namespace FastGithub
         /// </summary>
         public string? TlsSniPattern { get; init; }
 
+        /// <summary>
+        /// 是否忽略服务器证书域名不匹配
+        /// 当不发送SNI时服务器可能发回域名不匹配的证书
+        /// </summary>
+        public bool TlsIgnoreNameMismatch { get; init; }
+
         /// <summary>
         /// 请求超时时长
         /// </summary>

FastGithub.ReverseProxy/HttpClient.cs

@@ -11,6 +11,7 @@ namespace FastGithub.ReverseProxy
     class HttpClient : HttpMessageInvoker
     {
         private readonly TlsSniPattern tlsSniPattern;
+        private readonly bool tlsIgnoreNameMismatch;
 
         /// <summary>
         /// YARP的HttpClient
@@ -18,10 +19,14 @@ namespace FastGithub.ReverseProxy
         /// <param name="handler"></param>
         /// <param name="tlsSniPattern"></param>
         /// <param name="disposeHandler"></param>
-        public HttpClient(HttpMessageHandler handler, TlsSniPattern tlsSniPattern, bool disposeHandler = false) :
-            base(handler, disposeHandler)
+        public HttpClient(
+            HttpMessageHandler handler,
+            TlsSniPattern tlsSniPattern,
+            bool tlsIgnoreNameMismatch,
+            bool disposeHandler = false) : base(handler, disposeHandler)
         {
             this.tlsSniPattern = tlsSniPattern;
+            this.tlsIgnoreNameMismatch = tlsIgnoreNameMismatch;
         }
 
         /// <summary>
@@ -37,6 +42,7 @@ namespace FastGithub.ReverseProxy
                 Host = request.RequestUri?.Host,
                 IsHttps = request.RequestUri?.Scheme == Uri.UriSchemeHttps,
                 TlsSniPattern = this.tlsSniPattern,
+                TlsIgnoreNameMismatch = this.tlsIgnoreNameMismatch
             });
             return base.SendAsync(request, cancellationToken);
         }

FastGithub.ReverseProxy/HttpClientHanlder.cs

@@ -64,6 +64,11 @@ namespace FastGithub.ReverseProxy
                     {
                         if (errors == SslPolicyErrors.RemoteCertificateNameMismatch)
                         {
+                            if (requestContext.TlsIgnoreNameMismatch == true)
+                            {
+                                return true;
+                            }
+
                             var host = requestContext.Host;
                             var dnsNames = ReadDnsNames(cert);
                             return dnsNames.Any(dns => IsMatch(dns, host));
@@ -97,7 +102,7 @@ namespace FastGithub.ReverseProxy
                     if (list.Count >= 2 && list[0] is int nameType && nameType == 2)
                     {
                         var dnsName = list[1]?.ToString();
-                        if(dnsName!=null)
+                        if (dnsName != null)
                         {
                             yield return dnsName;
                         }

FastGithub.ReverseProxy/RequestContext.cs

@@ -19,5 +19,10 @@
         /// 获取或设置Sni值的表达式 
         /// </summary>
         public TlsSniPattern TlsSniPattern { get; set; }
+
+        /// <summary>
+        /// 是否忽略服务器证书域名不匹配
+        /// </summary>
+        public bool TlsIgnoreNameMismatch { get; set; }
     }
 }

FastGithub.ReverseProxy/ReverseProxyMiddleware.cs

@@ -57,7 +57,7 @@ namespace FastGithub.ReverseProxy
                 var requestConfig = new ForwarderRequestConfig { Timeout = domainConfig.Timeout };
 
                 var tlsSniPattern = domainConfig.GetTlsSniPattern();
-                using var httpClient = new HttpClient(this.httpClientHanlder, tlsSniPattern);
+                using var httpClient = new HttpClient(this.httpClientHanlder, tlsSniPattern, domainConfig.TlsIgnoreNameMismatch);
 
                 var error = await httpForwarder.SendAsync(context, destinationPrefix, httpClient, requestConfig);
                 await HandleErrorAsync(context, error);

FastGithub/appsettings.json

@@ -8,12 +8,18 @@
       "IPAddress": "114.114.114.114",
       "Port": 53
     },
-    "DomainConfigs": { // 域名的*表示0到多个任意字符
+    "DomainConfigs": { // 域名的*表示0到多个任意字符    
       "github.com": {
         "TlsSni": false, // 指示tls握手时是否发送SNI
         "TlsSniPattern": null, // SNI表达式，@domain变量表示取域名值 @ipadress变量表示取ip @random变量表示取随机值，其它字符保留不替换
+        "TlsIgnoreNameMismatch": false, // 是否忽略服务器证书域名不匹配，当不发送SNI时服务器可能发回域名不匹配的证书，默认为false
         "Timeout": null, // 请求超时时长，格式为"00:02:00"，默认为null
         "Destination": null // 请求目的地，格式为绝对或相对Uri，默认null
+        //"Response": { // 阻断请求直接响应，设置了Response其它配置都不起作用了
+        //  "StatusCode": 404,
+        //  "ContentType": "text/plain;charset=utf-8",
+        //  "ContentValue": "阻断的请求"
+        //}
       },
       "githubstatus.com": {
         "TlsSni": false
@@ -61,10 +67,8 @@
         "Destination": "https://fdn.geekzu.org/"
       },
       "i.stack.imgur.com": {
-        "Response": { // 直接响应
-          "StatusCode": 404,
-          "ContentType": "text/plain;charset=utf-8",
-          "ContentValue": "阻断的请求"
+        "Response": {
+          "StatusCode": 404
         }
       },
       "lh*.googleusercontent.com": {