There's still some interesting oddities depending on remote server and
what fingerprint is chosen, but I can watch videos online with the
chosen settings and the TBB Azure bridge.
Note: Despite what people are claiming in the Tor Browser bug tracker
it isn't all that hard to use the built in http client with utls. And
yes, the `transport.go` code does negotiate correctly in a standalone
test case (apart from compatibility related oddities).
This commit changes the upstream repo location to:
https://gitlab.com/yawning/obfs4.git
Additionally all the non-`main` sub-packages now have an import
comment annotation. As a matter of courtesy, I will continue to
push to both the existing github.com and git.torproject.org repos
for the foreseeable future, though I reserve the right to stop
doing so at any time.
The biggest win is that we now declare what versions of each dependency
we require to build. This way, building a certain version of obfs4 will
always use the same source code, independent of the master branch of
each dependency.
This is necessary for reproducible builds. On top of that, go.sum
contains checksums of all the transitive dependencies and their modules,
so the build system will also recognise when the source code has been
changed.
Updated the build instructions accordingly. We don't drop support for
earlier Go versions, but those won't get the benefit of reproducible
builds unless we start vendoring the dependencies too.