TLS config: allowInsecure->pinnedPeerCertSha256; verifyPeerCertInNames->verifyPeerCertByName

And use `,` as the separator instead of `~`/array https://github.com/XTLS/Xray-core/pull/5567#issuecomment-3766081805 https://t.me/projectXtls/1464 https://t.me/projectXtls/1465 https://t.me/projectXtls/1466 https://github.com/XTLS/Xray-core/pull/5625#issuecomment-3824855736
2026-05-08 14:13:22 +00:00 · 2026-01-30 22:15:46 +00:00
parent 9c46a2d55a
commit 2c92339f95
13 changed files with 177 additions and 226 deletions
--- a/common/protocol/tls/cert/cert.go
+++ b/common/protocol/tls/cert/cert.go
@@ -6,6 +6,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/asn1"
 	"encoding/pem"
@@ -87,10 +88,10 @@ func Organization(org string) Option {
 	}
 }

-func MustGenerate(parent *Certificate, opts ...Option) *Certificate {
+func MustGenerate(parent *Certificate, opts ...Option) (*Certificate, [32]byte) {
 	cert, err := Generate(parent, opts...)
 	common.Must(err)
-	return cert
+	return cert, sha256.Sum256(cert.Certificate)
 }

 func publicKey(priv interface{}) interface{} {