dan9i10/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-05-08 14:36:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add pinnedPeerCertSha256 support to TLS settings

Browse Source 
Introduces the pinnedPeerCertSha256 field to TlsStreamSettings in the JS model and adds a corresponding input in the TLS settings form. This allows users to specify SHA256 fingerprints for peer certificate pinning, enhancing security configuration options.
This commit is contained in:
MHSanaei
2026-02-01 03:12:54 +01:00
parent a973fa6d68
commit 9d603c5ad2
2 changed files with 64 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
web/assets/js/model/inbound.js
View File

@@ -597,6 +597,7 @@ class TlsStreamSettings extends XrayCommonClass {
cipherSuites = '',
rejectUnknownSni = false,
verifyPeerCertByName = ['dns.google', 'cloudflare-dns.com'],
pinnedPeerCertSha256 = [],
disableSystemRoot = false,
enableSessionResumption = false,
certificates = [new TlsStreamSettings.Cert()],
@@ -612,6 +613,7 @@ class TlsStreamSettings extends XrayCommonClass {
this.cipherSuites = cipherSuites;
this.rejectUnknownSni = rejectUnknownSni;
this.verifyPeerCertByName = Array.isArray(verifyPeerCertByName) ? verifyPeerCertByName.join(",") : verifyPeerCertByName;
this.pinnedPeerCertSha256 = pinnedPeerCertSha256;
this.disableSystemRoot = disableSystemRoot;
this.enableSessionResumption = enableSessionResumption;
this.certs = certificates;
@@ -646,6 +648,7 @@ class TlsStreamSettings extends XrayCommonClass {
json.cipherSuites,
json.rejectUnknownSni,
json.verifyPeerCertByName,
json.pinnedPeerCertSha256 || [],
json.disableSystemRoot,
json.enableSessionResumption,
certs,
@@ -664,6 +667,7 @@ class TlsStreamSettings extends XrayCommonClass {
cipherSuites: this.cipherSuites,
rejectUnknownSni: this.rejectUnknownSni,
verifyPeerCertByName: this.verifyPeerCertByName.split(","),
pinnedPeerCertSha256: this.pinnedPeerCertSha256.length > 0 ? this.pinnedPeerCertSha256 : undefined,
disableSystemRoot: this.disableSystemRoot,
enableSessionResumption: this.enableSessionResumption,
certificates: TlsStreamSettings.toJsonArray(this.certs),