Commands: Print leaf cert's SHA256 in tls ping (#5628)

And https://github.com/XTLS/Xray-core/pull/5628#issuecomment-3828445442 --------- Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
2026-05-14 10:00:34 +00:00 · 2026-01-31 21:11:36 +08:00
parent 2c92339f95
commit afcfdbca70
2 changed files with 6 additions and 19 deletions
@@ -75,8 +75,6 @@ func executePing(cmd *base.Command, args []string) {
 			NextProtos:         []string{"h2", "http/1.1"},
 			MaxVersion:         gotls.VersionTLS13,
 			MinVersion:         gotls.VersionTLS12,
-			// Do not release tool before v5's refactor
-			// VerifyPeerCertificate: showCert(),
 		})
 		err = tlsConn.Handshake()
 		if err != nil {
@@ -101,8 +99,6 @@ func executePing(cmd *base.Command, args []string) {
 			NextProtos: []string{"h2", "http/1.1"},
 			MaxVersion: gotls.VersionTLS13,
 			MinVersion: gotls.VersionTLS12,
-			// Do not release tool before v5's refactor
-			// VerifyPeerCertificate: showCert(),
 		})
 		err = tlsConn.Handshake()
 		if err != nil {
@@ -133,6 +129,7 @@ func printCertificates(certs []*x509.Certificate) {
 		fmt.Println("Cert's signature algorithm: ", leaf.SignatureAlgorithm.String())
 		fmt.Println("Cert's publicKey algorithm: ", leaf.PublicKeyAlgorithm.String())
 		fmt.Println("Cert's allowed domains: ", leaf.DNSNames)
+		fmt.Println("Cert's leaf SHA256: ", hex.EncodeToString(GenerateCertHash(leaf)))
 	}
 }

@@ -153,17 +150,3 @@ func printTLSConnDetail(tlsConn *gotls.Conn) {
 		fmt.Println("TLS Post-Quantum key exchange:  false (RSA Exchange)")
 	}
 }
-
-func showCert() func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
-	return func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
-		var hash []byte
-		for _, asn1Data := range rawCerts {
-			cert, _ := x509.ParseCertificate(asn1Data)
-			if cert.IsCA {
-				hash = GenerateCertHash(cert)
-			}
-		}
-		fmt.Println("Certificate Leaf Hash: ", hex.EncodeToString(hash))
-		return nil
-	}
-}