Misc Refinement

* Update CMakeLists option help
* Update CONTRIBUTORS.md
* Refine docs
* Remove OpenSSL 1.1.0 check

CMakeLists.txt

@@ -52,7 +52,7 @@ if(OPENSSL_VERSION VERSION_GREATER_EQUAL 1.1.1)
         add_definitions(-DENABLE_SSL_KEYLOG)
     endif()
 
-    option(ENABLE_TLS13_CIPHERSUITES "Build with TLS1.3 Ciphersuites" ON)
+    option(ENABLE_TLS13_CIPHERSUITES "Build with TLS1.3 ciphersuites support" ON)
     if(ENABLE_TLS13_CIPHERSUITES)
         add_definitions(-DENABLE_TLS13_CIPHERSUITES)
     endif()
@@ -77,7 +77,7 @@ if(CMAKE_SYSTEM_NAME STREQUAL Linux)
         add_definitions(-DENABLE_NAT)
     endif()
 
-    option(ENABLE_REUSE_PORT "Build with REUSE_PORT support" ON)
+    option(ENABLE_REUSE_PORT "Build with SO_REUSEPORT support" ON)
     if(ENABLE_REUSE_PORT)
         add_definitions(-DENABLE_REUSE_PORT)
     endif()

CONTRIBUTORS.md

@@ -27,8 +27,9 @@
     - Cancel async tasks when stopping the service.
     - Fix fd leak.
     - Print OpenSSL compile-time version and build flags.
+    - Optimize APIs and other clean-ups.
 - [xsm1997](https://github.com/xsm1997)
-    - Add `TCP_REUSEPORT` support.
+    - Add `SO_REUSEPORT` support.
     - Add TLS1.3 ciphersuites support.
 - [zhangsan946](https://github.com/zhangsan946)
     - Add macOS keychain support.

docs/build.md

@@ -49,17 +49,17 @@ The `cmake ..` command can be extended with the following options:
     - `-DENABLE_NAT=ON`: build with NAT support (default).
     - `-DENABLE_NAT=OFF`: build without NAT support.
 - `ENABLE_REUSE_PORT` (Only on Linux)
-    - `-DENABLE_REUSE_PORT=ON`: build with TCP_REUSEPORT support (default).
-    - `-DENABLE_REUSE_PORT=OFF`: build without TCP_REUSEPORT support.
+    - `-DENABLE_REUSE_PORT=ON`: build with `SO_REUSEPORT` support (default).
+    - `-DENABLE_REUSE_PORT=OFF`: build without `SO_REUSEPORT` support.
 - `ENABLE_SSL_KEYLOG` (OpenSSL >= 1.1.1)
     - `-DENABLE_SSL_KEYLOG=ON`: build with SSL KeyLog support (default).
     - `-DENABLE_SSL_KEYLOG=OFF`: build without SSL KeyLog support.
 - `ENABLE_TLS13_CIPHERSUITES` (OpenSSL >= 1.1.1)
-    - `-DENABLE_TLS13_CIPHERSUITES=ON`: build with TLS1.3 ciphersuites customize support (default).
-    - `-DENABLE_TLS13_CIPHERSUITES=OFF`: build without TLS1.3 ciphersuites customize support.
+    - `-DENABLE_TLS13_CIPHERSUITES=ON`: build with TLS1.3 ciphersuites support (default).
+    - `-DENABLE_TLS13_CIPHERSUITES=OFF`: build without TLS1.3 ciphersuites support.
 - `FORCE_TCP_FASTOPEN`
-    - `-DFORCE_TCP_FASTOPEN=ON`: force build with TCP_FASTOPEN support.
-    - `-DFORCE_TCP_FASTOPEN=OFF`: build with TCP_FASTOPEN support based on system capabilities (default).
+    - `-DFORCE_TCP_FASTOPEN=ON`: force build with `TCP_FASTOPEN` support.
+    - `-DFORCE_TCP_FASTOPEN=OFF`: build with `TCP_FASTOPEN` support based on system capabilities (default).
 - `SYSTEMD_SERVICE`
     - `-DSYSTEMD_SERVICE=AUTO`: detect systemd automatically and decide whether to install service (default).
     - `-DSYSTEMD_SERVICE=ON`: install systemd service unconditionally.

docs/config.md

@@ -54,7 +54,7 @@ In this page, we will look at the config file of trojan. Trojan uses [`JSON`](ht
     - `verify_hostname`: whether to verify `SSL` hostname (specified in the `sni` field) **STRONGLY RECOMMENDED**
     - `cert`: if `verify` is set to `true`, the same certificate used by the server or a collection of `CA` certificates could be provided. If you leave this field blank, `OpenSSL` will try to look for a system `CA` store and will be likely to fail.
     - `cipher`: a cipher list to send and use
-    - `cipher_tls13`: a cipher list for tls 1.3 to send and use
+    - `cipher_tls13`: a cipher list for TLS 1.3 to use
     - `sni`: the Server Name Indication field in the `SSL` handshake. If left blank, it will be set to `remote_addr`.
     - `alpn`: a list of `ALPN` protocols to send
     - `reuse_session`: whether to reuse `SSL` session
@@ -63,7 +63,7 @@ In this page, we will look at the config file of trojan. Trojan uses [`JSON`](ht
 - `tcp`: `TCP` specific configurations
     - `no_delay`: whether to disable Nagle's algorithm
     - `keep_alive`: whether to enable TCP Keep Alive
-    - `reuse_port`: whether to enable TCP Reuse Port (kernel support required)
+    - `reuse_port`: whether to enable TCP port reuse (kernel support required)
     - `fast_open`: whether to enable TCP Fast Open (kernel support required)
     - `fast_open_qlen`: the server's limit on the size of the queue of TFO requests that have not yet completed the three-way handshake
 
@@ -212,7 +212,7 @@ The NAT config is for transparent proxy. You'll need to [setup iptables rules](h
     - `key`: private key file for encryption
     - `key_password`: password of the private key file
     - `cipher`: a cipher list to use
-    - `cipher_tls13`: a cipher list for tls 1.3 to send and use
+    - `cipher_tls13`: a cipher list for TLS 1.3 to use
     - `prefer_server_cipher`: whether to prefer server cipher list in a connection
     - `alpn`: a list of `ALPN` protocols to reply
     - `reuse_session`: whether to reuse `SSL` session
@@ -225,7 +225,7 @@ The NAT config is for transparent proxy. You'll need to [setup iptables rules](h
     - `prefer_ipv4`: whether to connect to the IPv4 address when there are both IPv6 and IPv4 addresses for a domain
     - `no_delay`: whether to disable Nagle's algorithm
     - `keep_alive`: whether to enable TCP Keep Alive
-    - `reuse_port`: whether to enable TCP Reuse Port (kernel support required)
+    - `reuse_port`: whether to enable TCP port reuse (kernel support required)
     - `fast_open`: whether to enable TCP Fast Open (kernel support required)
     - `fast_open_qlen`: the server's limit on the size of the queue of TFO requests that have not yet completed the three-way handshake
 - `mysql`: see [Authenticator](authenticator)

src/core/service.cpp

@@ -65,7 +65,7 @@ Service::Service(Config &config, bool test) :
 #ifdef ENABLE_REUSE_PORT
             socket_acceptor.set_option(reuse_port(true));
 #else  // ENABLE_REUSE_PORT
-            Log::log_with_date_time("TCP_REUSEPORT is not supported", Log::WARN);
+            Log::log_with_date_time("SO_REUSEPORT is not supported", Log::WARN);
 #endif // ENABLE_REUSE_PORT
         }
 
@@ -121,9 +121,6 @@ Service::Service(Config &config, bool test) :
         } else {
             ssl_context.use_tmp_dh_file(config.ssl.dhparam);
         }
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-        SSL_CTX_set_ecdh_auto(native_context, 1);
-#endif
         if (config.mysql.enabled) {
 #ifdef ENABLE_MYSQL
             auth = new Authenticator(config);
@@ -249,22 +246,18 @@ Service::Service(Config &config, bool test) :
         if (config.tcp.keep_alive) {
             socket_acceptor.set_option(boost::asio::socket_base::keep_alive(true));
         }
-#ifdef TCP_FASTOPEN
         if (config.tcp.fast_open) {
+#ifdef TCP_FASTOPEN
             using fastopen = boost::asio::detail::socket_option::integer<IPPROTO_TCP, TCP_FASTOPEN>;
             boost::system::error_code ec;
             socket_acceptor.set_option(fastopen(config.tcp.fast_open_qlen), ec);
-        }
 #else // TCP_FASTOPEN
-        if (config.tcp.fast_open) {
             Log::log_with_date_time("TCP_FASTOPEN is not supported", Log::WARN);
-        }
 #endif // TCP_FASTOPEN
 #ifndef TCP_FASTOPEN_CONNECT
-        if (config.tcp.fast_open) {
             Log::log_with_date_time("TCP_FASTOPEN_CONNECT is not supported", Log::WARN);
-        }
 #endif // TCP_FASTOPEN_CONNECT
+        }
     }
     if (Log::keylog) {
 #ifdef ENABLE_SSL_KEYLOG