You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When allowInsecure is false, tls error tls: failed to verify certificate: x509: certificate signed by unknown authority] > common/retry: all retry attempts failed happens before pinned_peer_certificate_chain_sha256 is checked.
Technically, even with pinned_peer_certificate_chain_sha256 it's still insecure, so is indeed allowInsecure = True.
Moreover, allowInsecure should be a feature, there should be no need to block users from using that. If one is indeed concerned about users' welfare, the logic should be requiring both allowInsecure and a correct pinned_peer_certificate_chain_sha256 in the config.
Pending pull request will simply reenable allowInsecure, for now.
The text was updated successfully, but these errors were encountered:
v5 config pinned_peer_certificate_chain_sha256 not working unless allowInsecure is true, which is impossible because
v2ray-core/transport/internet/tls/config.proto
Line 37 in 8191faa
When
allowInsecureis false, tls errortls: failed to verify certificate: x509: certificate signed by unknown authority] > common/retry: all retry attempts failedhappens before pinned_peer_certificate_chain_sha256 is checked.Technically, even with
pinned_peer_certificate_chain_sha256it's still insecure, so is indeedallowInsecure = True.Moreover,
allowInsecureshould be a feature, there should be no need to block users from using that. If one is indeed concerned about users' welfare, the logic should be requiring bothallowInsecureand a correctpinned_peer_certificate_chain_sha256in the config.Pending pull request will simply reenable allowInsecure, for now.
The text was updated successfully, but these errors were encountered: