From 65d50cc6382db3cc2eb03ad121ddeb29513686ed Mon Sep 17 00:00:00 2001 From: Fangliding Date: Wed, 17 Jun 2026 21:53:44 +0800 Subject: [PATCH] Fix AUTHORITY_VERIFY --- transport/internet/tls/config.go | 3 +++ transport/internet/tls/config_other.go | 3 +++ 2 files changed, 6 insertions(+) diff --git a/transport/internet/tls/config.go b/transport/internet/tls/config.go index 1a635f993..2dc317c55 100644 --- a/transport/internet/tls/config.go +++ b/transport/internet/tls/config.go @@ -38,6 +38,9 @@ func ParseCertificate(c *cert.Certificate) *Certificate { func (c *Config) loadSelfCertPool() (*x509.CertPool, error) { root := x509.NewCertPool() for _, cert := range c.Certificate { + if cert.Usage != Certificate_AUTHORITY_VERIFY { + continue + } if !root.AppendCertsFromPEM(cert.Certificate) { return nil, errors.New("failed to append cert").AtWarning() } diff --git a/transport/internet/tls/config_other.go b/transport/internet/tls/config_other.go index efd18c933..4e62d6d14 100644 --- a/transport/internet/tls/config_other.go +++ b/transport/internet/tls/config_other.go @@ -47,6 +47,9 @@ func (c *Config) getCertPool() (*x509.CertPool, error) { return nil, errors.New("system root").AtWarning().Base(err) } for _, cert := range c.Certificate { + if cert.Usage != Certificate_AUTHORITY_VERIFY { + continue + } if !pool.AppendCertsFromPEM(cert.Certificate) { return nil, errors.New("append cert to root").AtWarning().Base(err) }