TLS config: allowInsecure->pinnedPeerCertSha256; verifyPeerCertInNames->verifyPeerCertByName

And use `,` as the separator instead of `~`/array

https://github.com/XTLS/Xray-core/pull/5567#issuecomment-3766081805
https://t.me/projectXtls/1464
https://t.me/projectXtls/1465
https://t.me/projectXtls/1466
https://github.com/XTLS/Xray-core/pull/5625#issuecomment-3824855736
This commit is contained in:
RPRX
2026-01-30 22:15:46 +00:00
parent 9c46a2d55a
commit 2c92339f95
13 changed files with 177 additions and 226 deletions
+12 -8
View File
@@ -97,7 +97,7 @@ func TestVless(t *testing.T) {
Vnext: &protocol.ServerEndpoint{
Address: net.NewIPOrDomain(net.LocalHostIP),
Port: uint32(serverPort),
User: &protocol.User{
User: &protocol.User{
Account: serial.ToTypedMessage(&vless.Account{
Id: userID.String(),
}),
@@ -129,6 +129,8 @@ func TestVlessTls(t *testing.T) {
common.Must(err)
defer tcpServer.Close()
ct, ctHash := cert.MustGenerate(nil, cert.CommonName("localhost"))
userID := protocol.NewID(uuid.New())
serverPort := tcp.PickPort()
serverConfig := &core.Config{
@@ -148,7 +150,7 @@ func TestVlessTls(t *testing.T) {
SecurityType: serial.GetMessageType(&tls.Config{}),
SecuritySettings: []*serial.TypedMessage{
serial.ToTypedMessage(&tls.Config{
Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))},
Certificate: []*tls.Certificate{tls.ParseCertificate(ct)},
}),
},
},
@@ -198,7 +200,7 @@ func TestVlessTls(t *testing.T) {
Vnext: &protocol.ServerEndpoint{
Address: net.NewIPOrDomain(net.LocalHostIP),
Port: uint32(serverPort),
User: &protocol.User{
User: &protocol.User{
Account: serial.ToTypedMessage(&vless.Account{
Id: userID.String(),
}),
@@ -217,7 +219,7 @@ func TestVlessTls(t *testing.T) {
SecurityType: serial.GetMessageType(&tls.Config{}),
SecuritySettings: []*serial.TypedMessage{
serial.ToTypedMessage(&tls.Config{
AllowInsecure: true,
PinnedPeerCertSha256: [][]byte{ctHash[:]},
}),
},
},
@@ -247,6 +249,8 @@ func TestVlessXtlsVision(t *testing.T) {
common.Must(err)
defer tcpServer.Close()
ct, ctHash := cert.MustGenerate(nil, cert.CommonName("localhost"))
userID := protocol.NewID(uuid.New())
serverPort := tcp.PickPort()
serverConfig := &core.Config{
@@ -266,7 +270,7 @@ func TestVlessXtlsVision(t *testing.T) {
SecurityType: serial.GetMessageType(&tls.Config{}),
SecuritySettings: []*serial.TypedMessage{
serial.ToTypedMessage(&tls.Config{
Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))},
Certificate: []*tls.Certificate{tls.ParseCertificate(ct)},
}),
},
},
@@ -317,7 +321,7 @@ func TestVlessXtlsVision(t *testing.T) {
Vnext: &protocol.ServerEndpoint{
Address: net.NewIPOrDomain(net.LocalHostIP),
Port: uint32(serverPort),
User: &protocol.User{
User: &protocol.User{
Account: serial.ToTypedMessage(&vless.Account{
Id: userID.String(),
Flow: vless.XRV,
@@ -337,7 +341,7 @@ func TestVlessXtlsVision(t *testing.T) {
SecurityType: serial.GetMessageType(&tls.Config{}),
SecuritySettings: []*serial.TypedMessage{
serial.ToTypedMessage(&tls.Config{
AllowInsecure: true,
PinnedPeerCertSha256: [][]byte{ctHash[:]},
}),
},
},
@@ -447,7 +451,7 @@ func TestVlessXtlsVisionReality(t *testing.T) {
Vnext: &protocol.ServerEndpoint{
Address: net.NewIPOrDomain(net.LocalHostIP),
Port: uint32(serverPort),
User: &protocol.User{
User: &protocol.User{
Account: serial.ToTypedMessage(&vless.Account{
Id: userID.String(),
Flow: vless.XRV,