mirrors/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-05-01 01:44:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Verify peer cert function for better man in the middle prevention (#746)

Browse source 
* verify peer cert function for better man in the middle prevention

* publish cert chain hash generation algorithm

* added calculation of certificate hash as separate command and tlsping, use base64 to represent fingerprint to align with jsonPb

* apply coding style

* added test case for pinned certificates

* refactored cert pin

* pinned cert test

* added json loading of the PinnedPeerCertificateChainSha256

* removed tool to prepare for v5

* Add server cert pinning for Xtls

Change command "xray tls certChainHash" to xray style

Co-authored-by: Shelikhoo <xiaokangwang@outlook.com>
This commit is contained in:
yuhan6665 2021-10-22 00:04:06 -04:00 committed by 世界
parent 6a60332700
commit acb81ebe3d
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
13 changed files with 447 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

7
transport/internet/tls/config.proto
View file

@ -69,4 +69,11 @@ message Config {
string fingerprint = 11;
bool reject_unknown_sni = 12;
/* @Document A pinned certificate chain sha256 hash.
@Document If the server's hash does not match this value, the connection will be aborted.
@Document This value replace allow_insecure.
@Critical
*/
repeated bytes pinned_peer_certificate_chain_sha256 = 13;
}