import { BinaryReader, BinaryWriter } from "@bufbuild/protobuf/wire"; import { SocketConfig } from "../config"; export declare const protobufPackage = "xray.transport.internet.tls"; export interface Certificate { $type: "xray.transport.internet.tls.Certificate"; /** TLS certificate in x509 format. */ certificate: Uint8Array; /** TLS key in x509 format. */ key: Uint8Array; usage: Certificate_Usage; ocspStapling: number; /** TLS certificate path */ certificatePath: string; /** TLS Key path */ keyPath: string; /** If true, one-Time Loading */ OneTimeLoading: boolean; buildChain: boolean; } export declare enum Certificate_Usage { ENCIPHERMENT = 0, AUTHORITY_VERIFY = 1, AUTHORITY_ISSUE = 2, UNRECOGNIZED = -1 } export declare function certificate_UsageFromJSON(object: any): Certificate_Usage; export declare function certificate_UsageToJSON(object: Certificate_Usage): string; export interface Config { $type: "xray.transport.internet.tls.Config"; /** Whether or not to allow self-signed certificates. */ allowInsecure: boolean; /** List of certificates to be served on server. */ certificate: Certificate[]; /** Override server name. */ serverName: string; /** Lists of string as ALPN values. */ nextProtocol: string[]; /** Whether or not to enable session (ticket) resumption. */ enableSessionResumption: boolean; /** * If true, root certificates on the system will not be loaded for * verification. */ disableSystemRoot: boolean; /** The minimum TLS version. */ minVersion: string; /** The maximum TLS version. */ maxVersion: string; /** Specify cipher suites, except for TLS 1.3. */ cipherSuites: string; /** TLS Client Hello fingerprint (uTLS). */ fingerprint: string; rejectUnknownSni: boolean; /** * @Document Some certificate chain sha256 hashes. * @Document After normal validation or allow_insecure, if the server's cert chain hash does not match any of these values, the connection will be aborted. * @Critical */ pinnedPeerCertificateChainSha256: Uint8Array[]; /** * @Document Some certificate public key sha256 hashes. * @Document After normal validation (required), if one of certs in verified chain matches one of these values, the connection will be eventually accepted. * @Critical */ pinnedPeerCertificatePublicKeySha256: Uint8Array[]; masterKeyLog: string; /** Lists of string as CurvePreferences values. */ curvePreferences: string[]; /** * @Document Replaces server_name to verify the peer cert. * @Document After allow_insecure (automatically), if the server's cert can't be verified by any of these names, pinned_peer_certificate_chain_sha256 will be tried. * @Critical */ verifyPeerCertInNames: string[]; echServerKeys: Uint8Array; echConfigList: string; echForceQuery: string; echSocketSettings: SocketConfig | undefined; } export declare const Certificate: MessageFns; export declare const Config: MessageFns; type Builtin = Date | Function | Uint8Array | string | number | boolean | undefined; export type DeepPartial = T extends Builtin ? T : T extends globalThis.Array ? globalThis.Array> : T extends ReadonlyArray ? ReadonlyArray> : T extends {} ? { [K in Exclude]?: DeepPartial; } : Partial; export interface MessageFns { readonly $type: V; encode(message: T, writer?: BinaryWriter): BinaryWriter; decode(input: BinaryReader | Uint8Array, length?: number): T; fromJSON(object: any): T; toJSON(message: T): unknown; create(base?: DeepPartial): T; fromPartial(object: DeepPartial): T; } export {};