TLS config: allowInsecure->pinnedPeerCertSha256; verifyPeerCertInNames->verifyPeerCertByName

And use `,` as the separator instead of `~`/array

https://github.com/XTLS/Xray-core/pull/5567#issuecomment-3766081805
https://t.me/projectXtls/1464
https://t.me/projectXtls/1465
https://t.me/projectXtls/1466
https://github.com/XTLS/Xray-core/pull/5625#issuecomment-3824855736
This commit is contained in:
RPRX
2026-01-30 22:15:46 +00:00
parent 9c46a2d55a
commit 2c92339f95
13 changed files with 177 additions and 226 deletions
@@ -132,6 +132,8 @@ func Test_ListenXHAndDial_TLS(t *testing.T) {
start := time.Now()
ct, ctHash := cert.MustGenerate(nil, cert.CommonName("localhost"))
streamSettings := &internet.MemoryStreamConfig{
ProtocolName: "splithttp",
ProtocolSettings: &Config{
@@ -139,8 +141,8 @@ func Test_ListenXHAndDial_TLS(t *testing.T) {
},
SecurityType: "tls",
SecuritySettings: &tls.Config{
AllowInsecure: true,
Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil, cert.CommonName("localhost")))},
Certificate: []*tls.Certificate{tls.ParseCertificate(ct)},
PinnedPeerCertSha256: [][]byte{ctHash[:]},
},
}
listen, err := ListenXH(context.Background(), net.LocalHostIP, listenPort, streamSettings, func(conn stat.Connection) {
@@ -228,6 +230,8 @@ func Test_ListenXHAndDial_QUIC(t *testing.T) {
start := time.Now()
ct, ctHash := cert.MustGenerate(nil, cert.CommonName("localhost"))
streamSettings := &internet.MemoryStreamConfig{
ProtocolName: "splithttp",
ProtocolSettings: &Config{
@@ -235,9 +239,9 @@ func Test_ListenXHAndDial_QUIC(t *testing.T) {
},
SecurityType: "tls",
SecuritySettings: &tls.Config{
AllowInsecure: true,
Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil, cert.CommonName("localhost")))},
NextProtocol: []string{"h3"},
Certificate: []*tls.Certificate{tls.ParseCertificate(ct)},
PinnedPeerCertSha256: [][]byte{ctHash[:]},
NextProtocol: []string{"h3"},
},
}