From 0afc869158093f4cc0d7971e2d3131acd9a38702 Mon Sep 17 00:00:00 2001 From: gitea-action Date: Fri, 18 Apr 2025 13:00:24 +0800 Subject: [PATCH] luci-app-passwall: sync upstream last commit: https://github.com/xiaorouji/openwrt-passwall/commit/a42da69dee48400516d0a2f682460db3ed83d6a5 --- .../luasrc/model/cbi/passwall/client/global.lua | 11 ++++++++--- luci-app-passwall/po/zh-cn/passwall.po | 6 ++++++ luci-app-passwall/root/usr/share/passwall/app.sh | 2 +- .../root/usr/share/passwall/helper_chinadns_add.lua | 5 +++++ patch-luci-app-passwall.patch | 6 +++--- 5 files changed, 23 insertions(+), 7 deletions(-) diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index f36e6c368..7e1353c2e 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -521,9 +521,9 @@ o:depends({singbox_dns_mode = "tcp"}) ---- DoT o = s:taboption("DNS", Value, "remote_dns_dot", translate("Remote DNS DoT")) -o.default = "tls://dns.google@8.8.4.4" -o:value("tls://1dot1dot1dot1.cloudflare-dns.com@1.0.0.1", "1.0.0.1 (CloudFlare)") -o:value("tls://1dot1dot1dot1.cloudflare-dns.com@1.1.1.1", "1.1.1.1 (CloudFlare)") +o.default = "tls://one.one.one.one@1.1.1.1" +o:value("tls://one.one.one.one@1.0.0.1", "1.0.0.1 (CloudFlare)") +o:value("tls://one.one.one.one@1.1.1.1", "1.1.1.1 (CloudFlare)") o:value("tls://dns.google@8.8.4.4", "8.8.4.4 (Google)") o:value("tls://dns.google@8.8.8.8", "8.8.8.8 (Google)") o:value("tls://dns.quad9.net@9.9.9.9", "9.9.9.9 (Quad9)") @@ -610,6 +610,11 @@ if api.is_finded("smartdns") then o:depends({dns_shunt = "smartdns", tcp_proxy_mode = "proxy", chn_list = "direct"}) end +o = s:taboption("DNS", Flag, "chinadns_ng_cert_verify", translate("DoT Cert verify"), translate("Verify DoT SSL cert. (May fail on some platforms!)")) +o.default = "0" +o:depends({dns_shunt = "chinadns-ng", direct_dns_mode = "dot"}) +o:depends({dns_shunt = "chinadns-ng", dns_mode = "dot"}) + o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices.")) o.default = "0" o.rmempty = false diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index a93efa444..c28a4e6ca 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -232,6 +232,12 @@ msgstr "清空 IPSET" msgid "Clear NFTSET" msgstr "清空 NFTSET" +msgid "DoT Cert verify" +msgstr "DoT 证书验证" + +msgid "Verify DoT SSL cert. (May fail on some platforms!)" +msgstr "验证 DoT SSL 证书。(在某些平台可能无法验证,谨慎开启!)" + msgid "Try this feature if the rule modification does not take effect." msgstr "如果修改规则后没有生效,请尝试此功能。" diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index e7306ddeb..e5e0f9831 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -1542,7 +1542,7 @@ start_dns() { TCP_PROXY_DNS=1 if [ "$chinadns_tls" != "nil" ]; then local china_ng_listen_port=${NEXT_DNS_LISTEN_PORT} - local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://dns.google@8.8.4.4") + local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://one.one.one.one@1.1.1.1") local tmp_dot_ip=$(echo "$china_ng_trust_dns" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p') local tmp_dot_port=$(echo "$china_ng_trust_dns" | sed -n 's/.*#\([0-9]\+\).*/\1/p') REMOTE_DNS="$tmp_dot_ip#${tmp_dot_port:-853}" diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua index 58a1cc575..b4d2d1ca8 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua @@ -502,6 +502,11 @@ end table.insert(config_lines, "hosts") +local cert_verify = uci:get(appname, "@global[0]", "chinadns_ng_cert_verify") or 0 +if tonumber(cert_verify) == 1 then + table.insert(config_lines, "cert-verify") +end + if DEFAULT_TAG == "chn" then log(string.format(" - 默认 DNS :%s", DNS_LOCAL)) elseif DEFAULT_TAG == "gfw" then diff --git a/patch-luci-app-passwall.patch b/patch-luci-app-passwall.patch index 6edcf2fe1..68058411e 100644 --- a/patch-luci-app-passwall.patch +++ b/patch-luci-app-passwall.patch @@ -20,7 +20,7 @@ index 485b59c..6d2ddf4 100644 define Package/$(PKG_NAME)/postrm diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua -index 06be506..f36e6c3 100644 +index 7aae40f..7e1353c 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -506,6 +506,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9)") @@ -36,8 +36,8 @@ index 06be506..f36e6c3 100644 o:depends({dns_mode = "dns2socks"}) o:depends({dns_mode = "tcp"}) o:depends({dns_mode = "udp"}) -@@ -605,7 +611,7 @@ if api.is_finded("smartdns") then - end +@@ -610,7 +616,7 @@ o:depends({dns_shunt = "chinadns-ng", direct_dns_mode = "dot"}) + o:depends({dns_shunt = "chinadns-ng", dns_mode = "dot"}) o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices.")) -o.default = "1"