Commands: Print CA cert's SHA256 in tls ping (#5644)

And https://github.com/XTLS/Xray-core/issues/5642#issuecomment-3840806246 --------- Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
2026-05-08 14:13:22 +00:00 · 2026-02-04 05:03:48 +08:00
parent d14767d4f3
commit 74c726ff62
7 changed files with 80 additions and 25 deletions
--- a/transport/internet/tls/config.go
+++ b/transport/internet/tls/config.go
@@ -384,6 +384,7 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 		PinnedPeerCertSha256: c.PinnedPeerCertSha256,
 	}
 	config := &tls.Config{
+		InsecureSkipVerify:     c.AllowInsecure,
 		Rand:                   randCarrier,
 		ClientSessionCache:     globalSessionCache,
 		RootCAs:                root,
--- a/transport/internet/tls/config.pb.go
+++ b/transport/internet/tls/config.pb.go
@@ -177,7 +177,8 @@ func (x *Certificate) GetBuildChain() bool {
 }

 type Config struct {
-	state protoimpl.MessageState `protogen:"open.v1"`
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	AllowInsecure bool                   `protobuf:"varint,1,opt,name=allow_insecure,json=allowInsecure,proto3" json:"allow_insecure,omitempty"`
 	// List of certificates to be served on server.
 	Certificate []*Certificate `protobuf:"bytes,2,rep,name=certificate,proto3" json:"certificate,omitempty"`
 	// Override server name.
@@ -241,6 +242,13 @@ func (*Config) Descriptor() ([]byte, []int) {
 	return file_transport_internet_tls_config_proto_rawDescGZIP(), []int{1}
 }

+func (x *Config) GetAllowInsecure() bool {
+	if x != nil {
+		return x.AllowInsecure
+	}
+	return false
+}
+
 func (x *Config) GetCertificate() []*Certificate {
 	if x != nil {
 		return x.Certificate
@@ -385,8 +393,9 @@ const file_transport_internet_tls_config_proto_rawDesc = "" +
 	"\x05Usage\x12\x10\n" +
 	"\fENCIPHERMENT\x10\x00\x12\x14\n" +
 	"\x10AUTHORITY_VERIFY\x10\x01\x12\x13\n" +
-	"\x0fAUTHORITY_ISSUE\x10\x02\"\xce\x06\n" +
-	"\x06Config\x12J\n" +
+	"\x0fAUTHORITY_ISSUE\x10\x02\"\xf5\x06\n" +
+	"\x06Config\x12%\n" +
+	"\x0eallow_insecure\x18\x01 \x01(\bR\rallowInsecure\x12J\n" +
 	"\vcertificate\x18\x02 \x03(\v2(.xray.transport.internet.tls.CertificateR\vcertificate\x12\x1f\n" +
 	"\vserver_name\x18\x03 \x01(\tR\n" +
 	"serverName\x12#\n" +
--- a/transport/internet/tls/config.proto
+++ b/transport/internet/tls/config.proto
@@ -38,6 +38,8 @@ message Certificate {
 }

 message Config {
+  bool allow_insecure = 1;
+
  // List of certificates to be served on server.
  repeated Certificate certificate = 2;

--- a/transport/internet/tls/tls.go
+++ b/transport/internet/tls/tls.go
@@ -126,6 +126,10 @@ func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) ne
 	return &UConn{UConn: utlsConn}
 }

+func GeneraticUClient(c net.Conn, config *tls.Config) *utls.UConn {
+	return utls.UClient(c, copyConfig(config), utls.HelloChrome_Auto)
+}
+
 func copyConfig(c *tls.Config) *utls.Config {
 	return &utls.Config{
 		Rand:                           c.Rand,