From 40f0a541bf8de347b00f6ca980279d7b0d5e6af4 Mon Sep 17 00:00:00 2001
From: RPRX <63339210+RPRX@users.noreply.github.com>
Date: Tue, 14 Oct 2025 19:12:14 +0000
Subject: [PATCH] transport/internet/reality/reality.go: Safely get negotiated
 CurveID in VerifyPeerCertificate()

Requires github.com/refraction-networking/utls v1.8.1+
---
 transport/internet/reality/reality.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go
index 20f13ba5..8cb59342 100644
--- a/transport/internet/reality/reality.go
+++ b/transport/internet/reality/reality.go
@@ -75,8 +75,7 @@ func (c *UConn) HandshakeAddress() net.Address {
 func (c *UConn) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
 	if c.Config.Show {
 		localAddr := c.LocalAddr().String()
-		curveID := *(*utls.CurveID)(unsafe.Pointer(reflect.ValueOf(c).Elem().FieldByName("curveID").UnsafeAddr()))
-		fmt.Printf("REALITY localAddr: %v\tis using X25519MLKEM768 for TLS' communication: %v\n", localAddr, curveID == utls.X25519MLKEM768)
+		fmt.Printf("REALITY localAddr: %v\tis using X25519MLKEM768 for TLS' communication: %v\n", localAddr, c.HandshakeState.ServerHello.ServerShare.Group == utls.X25519MLKEM768)
 		fmt.Printf("REALITY localAddr: %v\tis using ML-DSA-65 for cert's extra verification: %v\n", localAddr, len(c.Config.Mldsa65Verify) > 0)
 	}
 	p, _ := reflect.TypeOf(c.Conn).Elem().FieldByName("peerCertificates")