sideload ca.pem

2025-12-18 22:20:06 +08:00 · 2023-06-03 10:37:23 +09:00 · 2023-06-03 10:37:23 +09:00 · 9b055391ee
commit 9b055391ee
parent 2349b381f4
5 changed files with 32 additions and 2 deletions
--- a/app/src/main/assets/yacd.version.txt
+++ b/app/src/main/assets/yacd.version.txt
@ -1 +1 @@
-1
+2
--- a/app/src/main/assets/yacd.zip
+++ b/app/src/main/assets/yacd.zip
--- a/buildScript/lib/core/get_source_env.sh
+++ b/buildScript/lib/core/get_source_env.sh
@ -1,5 +1,5 @@
 if [ ! -z $ENV_NB4A ]; then
-  export COMMIT_SING_BOX_EXTRA="c61e8ae9d227a918e85fcd22fb36d89a0ad9a661"
+  export COMMIT_SING_BOX_EXTRA="1ea593f166ddb44e12ba9c7b41bcc6e73b66b550"
 fi

 if [ ! -z $ENV_SING_BOX_EXTRA ]; then
--- a/libcore/certs.go
+++ b/libcore/certs.go
@ -0,0 +1,24 @@
+package libcore
+
+import (
+	"crypto/x509"
+	"log"
+	_ "unsafe" // for go:linkname
+)
+
+//go:linkname systemRoots crypto/x509.systemRoots
+var systemRoots *x509.CertPool
+
+func updateRootCACerts(pem []byte) {
+	x509.SystemCertPool()
+	roots := x509.NewCertPool()
+	if !roots.AppendCertsFromPEM(pem) {
+		log.Println("failed to append certificates from pem")
+		return
+	}
+	systemRoots = roots
+	log.Println("external ca.pem was loaded")
+}
+
+//go:linkname initSystemRoots crypto/x509.initSystemRoots
+func initSystemRoots()
--- a/libcore/nb4a.go
+++ b/libcore/nb4a.go
@ -78,6 +78,12 @@ func InitCore(process, cachePath, internalAssets, externalAssets string,
 			outdated = "Your version is too old! Please update!! 版本太旧，请升级！"
 		}

+		// certs
+		pem, err := os.ReadFile(externalAssetsPath + "ca.pem")
+		if err == nil {
+			updateRootCACerts(pem)
+		}
+
 		// bg
 		if isBgProcess {
 			extractAssets()