andre/mihomo
1
0
Fork 0
mirror of https://github.com/MetaCubeX/mihomo.git synced 2026-02-26 16:57:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: fingerprint verifier handle non-leaf certificate will check the SNI matches the certificate's DNS name

Browse Source
This commit is contained in:
wwqgtxx
2026-02-04 22:41:33 +08:00
parent 2cfc4ba044
commit f94da9f2b3
3 changed files with 156 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
component/ca/config.go
View File

@@ -98,10 +98,13 @@ func GetTLSConfig(opt Option) (tlsConfig *tls.Config, err error) {
}
if len(opt.Fingerprint) > 0 {
tlsConfig.VerifyPeerCertificate, err = NewFingerprintVerifier(opt.Fingerprint, tlsConfig.Time)
verifier, err := NewFingerprintVerifier(opt.Fingerprint, tlsConfig.Time)
if err != nil {
return nil, err
}
tlsConfig.VerifyConnection = func(state tls.ConnectionState) error {
return verifier(state.PeerCertificates, state.ServerName)
}
tlsConfig.InsecureSkipVerify = true
}