Merge pull request #153 from Snawoot/api_hide_SNI

Hide SNI for API calls as well
2026-04-02 18:28:12 +00:00 · 2025-09-22 19:55:34 +03:00
parent 32079d234d b74e0fd35a
commit c1b059be3f
2 changed files with 24 additions and 1 deletions
--- a/holaapi.go
+++ b/holaapi.go
@@ -398,6 +398,12 @@ func UpdateHolaTLSConfig(config *tls.Config) {
 	tlsConfig = config
 }

+var hideSNI bool
+
+func SetHideSNI(hide bool) {
+	hideSNI = hide
+}
+
 // Returns default http client with a proxy override
 func httpClientWithProxy(agent *FallbackAgent) *http.Client {
 	t := &http.Transport{
@@ -428,7 +434,23 @@ func httpClientWithProxy(agent *FallbackAgent) *http.Client {
 		if tlsConfig != nil {
 			cfg = *tlsConfig
 		}
-		cfg.ServerName = host
+		if !hideSNI {
+			cfg.ServerName = host
+		} else {
+			cfg.InsecureSkipVerify = true
+			cfg.VerifyConnection = func(cs tls.ConnectionState) error {
+				opts := x509.VerifyOptions{
+					DNSName:       host,
+					Intermediates: x509.NewCertPool(),
+					Roots:         cfg.RootCAs,
+				}
+				for _, cert := range cs.PeerCertificates[1:] {
+					opts.Intermediates.AddCert(cert)
+				}
+				_, err := cs.PeerCertificates[0].Verify(opts)
+				return err
+			}
+		}
 		tlsConn := tls.UClient(conn, &cfg, tls.HelloAndroid_11_OkHttp)
 		if err := tlsConn.HandshakeContext(ctx); err != nil {
 			conn.Close()
--- a/main.go
+++ b/main.go
@@ -210,6 +210,7 @@ func run() int {
 			RootCAs: caPool,
 		})
 	}
+	SetHideSNI(args.hideSNI)

 	proxyFromURLWrapper := func(u *url.URL, next xproxy.Dialer) (xproxy.Dialer, error) {
 		cdialer, ok := next.(ContextDialer)