diff --git a/adapter/outbound/hysteria.go b/adapter/outbound/hysteria.go index 24ea565b..10876c68 100644 --- a/adapter/outbound/hysteria.go +++ b/adapter/outbound/hysteria.go @@ -126,8 +126,6 @@ type HysteriaOption struct { SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"` Fingerprint string `proxy:"fingerprint,omitempty"` ALPN []string `proxy:"alpn,omitempty"` - CustomCA string `proxy:"ca,omitempty"` - CustomCAString string `proxy:"ca-str,omitempty"` ReceiveWindowConn int `proxy:"recv-window-conn,omitempty"` ReceiveWindow int `proxy:"recv-window,omitempty"` DisableMTUDiscovery bool `proxy:"disable-mtu-discovery,omitempty"` @@ -166,9 +164,7 @@ func NewHysteria(option HysteriaOption) (*Hysteria, error) { InsecureSkipVerify: option.SkipCertVerify, MinVersion: tls.VersionTLS13, }, - Fingerprint: option.Fingerprint, - CustomCA: option.CustomCA, - CustomCAString: option.CustomCAString, + Fingerprint: option.Fingerprint, }) if err != nil { return nil, err diff --git a/adapter/outbound/hysteria2.go b/adapter/outbound/hysteria2.go index 1ab66837..90c97e54 100644 --- a/adapter/outbound/hysteria2.go +++ b/adapter/outbound/hysteria2.go @@ -56,8 +56,6 @@ type Hysteria2Option struct { SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"` Fingerprint string `proxy:"fingerprint,omitempty"` ALPN []string `proxy:"alpn,omitempty"` - CustomCA string `proxy:"ca,omitempty"` - CustomCAString string `proxy:"ca-str,omitempty"` CWND int `proxy:"cwnd,omitempty"` UdpMTU int `proxy:"udp-mtu,omitempty"` @@ -147,9 +145,7 @@ func NewHysteria2(option Hysteria2Option) (*Hysteria2, error) { InsecureSkipVerify: option.SkipCertVerify, MinVersion: tls.VersionTLS13, }, - Fingerprint: option.Fingerprint, - CustomCA: option.CustomCA, - CustomCAString: option.CustomCAString, + Fingerprint: option.Fingerprint, }) if err != nil { return nil, err diff --git a/adapter/outbound/tuic.go b/adapter/outbound/tuic.go index 5b97b990..d538dbd2 100644 --- a/adapter/outbound/tuic.go +++ b/adapter/outbound/tuic.go @@ -55,8 +55,6 @@ type TuicOption struct { CWND int `proxy:"cwnd,omitempty"` SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"` Fingerprint string `proxy:"fingerprint,omitempty"` - CustomCA string `proxy:"ca,omitempty"` - CustomCAString string `proxy:"ca-str,omitempty"` ReceiveWindowConn int `proxy:"recv-window-conn,omitempty"` ReceiveWindow int `proxy:"recv-window,omitempty"` DisableMTUDiscovery bool `proxy:"disable-mtu-discovery,omitempty"` @@ -171,9 +169,7 @@ func NewTuic(option TuicOption) (*Tuic, error) { InsecureSkipVerify: option.SkipCertVerify, MinVersion: tls.VersionTLS13, }, - Fingerprint: option.Fingerprint, - CustomCA: option.CustomCA, - CustomCAString: option.CustomCAString, + Fingerprint: option.Fingerprint, }) if err != nil { return nil, err diff --git a/component/ca/config.go b/component/ca/config.go index 5b988e1e..0de92ae8 100644 --- a/component/ca/config.go +++ b/component/ca/config.go @@ -11,7 +11,6 @@ import ( "sync" "github.com/metacubex/mihomo/common/once" - C "github.com/metacubex/mihomo/constant" "github.com/metacubex/mihomo/ntp" ) @@ -67,43 +66,19 @@ func ResetCertificate() { initializeCertPool() } -func GetCertPool(customCA string, customCAString string) (*x509.CertPool, error) { - var certificate []byte - var err error - if len(customCA) > 0 { - path := C.Path.Resolve(customCA) - if !C.Path.IsSafePath(path) { - return nil, C.Path.ErrNotSafePath(path) - } - certificate, err = os.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("load ca error: %w", err) - } - } else if customCAString != "" { - certificate = []byte(customCAString) - } - if len(certificate) > 0 { - certPool := x509.NewCertPool() - if !certPool.AppendCertsFromPEM(certificate) { - return nil, fmt.Errorf("failed to parse certificate:\n\n %s", certificate) - } - return certPool, nil - } else { - mutex.Lock() - defer mutex.Unlock() - if globalCertPool == nil { - initializeCertPool() - } - return globalCertPool, nil +func GetCertPool() *x509.CertPool { + mutex.Lock() + defer mutex.Unlock() + if globalCertPool == nil { + initializeCertPool() } + return globalCertPool } type Option struct { - TLSConfig *tls.Config - Fingerprint string - CustomCA string - CustomCAString string - ZeroTrust bool + TLSConfig *tls.Config + Fingerprint string + ZeroTrust bool } func GetTLSConfig(opt Option) (tlsConfig *tls.Config, err error) { @@ -116,10 +91,7 @@ func GetTLSConfig(opt Option) (tlsConfig *tls.Config, err error) { if opt.ZeroTrust { tlsConfig.RootCAs = zeroTrustCertPool() } else { - tlsConfig.RootCAs, err = GetCertPool(opt.CustomCA, opt.CustomCAString) - if err != nil { - return nil, err - } + tlsConfig.RootCAs = GetCertPool() } if len(opt.Fingerprint) > 0 { diff --git a/docs/config.yaml b/docs/config.yaml index acf98d4f..7a9d484f 100644 --- a/docs/config.yaml +++ b/docs/config.yaml @@ -789,8 +789,6 @@ proxies: # socks5 # skip-cert-verify: false # recv-window-conn: 12582912 # recv-window: 52428800 - # ca: "./my.ca" - # ca-str: "xyz" # disable-mtu-discovery: false # fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取 # fast-open: true # 支持 TCP 快速打开,默认为 false @@ -817,8 +815,6 @@ proxies: # socks5 # fingerprint: xxxx # 配置指纹将实现 SSL Pining 效果, 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取 # alpn: # - h3 - # ca: "./my.ca" - # ca-str: "xyz" ###quic-go特殊配置项,不要随意修改除非你知道你在干什么### # initial-stream-receive-window: 8388608 # max-stream-receive-window: 8388608