Merge e28dfd58fa into f3d47ebb3f

Removed verifyPeerCertByNames and pinnedPeerCertSha256 from inbound TLS settings and UI. Added verifyPeerCertByName and pinnedPeerCertSha256 to outbound TLS settings and updated the outbound form to support these fields. This change streamlines and clarifies certificate verification configuration between inbound and outbound settings.

.github/workflows/release.yml

@@ -151,96 +151,6 @@ jobs:
           overwrite: true
           prerelease: true
 
-  # =================================
-  #  macOS Build (darwin)
-  # =================================
-  build-macos:
-    name: Build for macOS
-    permissions:
-      contents: write
-    strategy:
-      matrix:
-        include:
-          - arch: amd64
-            runner: macos-13
-          - arch: arm64
-            runner: macos-14
-    runs-on: ${{ matrix.runner }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-
-      - name: Setup Go
-        uses: actions/setup-go@v6
-        with:
-          go-version-file: go.mod
-          check-latest: true
-
-      - name: Build 3X-UI for macOS (CGO)
-        shell: bash
-        run: |
-          set -euo pipefail
-          export CGO_ENABLED=1
-          export GOOS=darwin
-          export GOARCH=${{ matrix.arch }}
-
-          go version
-          go env GOOS GOARCH CGO_ENABLED
-
-          go build -ldflags "-w -s" -o xui-release -v main.go
-          file xui-release
-
-          mkdir -p x-ui/bin
-          cp xui-release x-ui/x-ui
-          cp x-ui.sh x-ui/
-
-          # Download dependencies
-          cd x-ui/bin
-          Xray_URL="https://github.com/XTLS/Xray-core/releases/download/v26.1.18/"
-          if [ "${{ matrix.arch }}" = "amd64" ]; then
-            curl -fsSL -o Xray-macos-64.zip "${Xray_URL}Xray-macos-64.zip"
-            unzip -q Xray-macos-64.zip
-            rm -f Xray-macos-64.zip
-          elif [ "${{ matrix.arch }}" = "arm64" ]; then
-            curl -fsSL -o Xray-macos-arm64-v8a.zip "${Xray_URL}Xray-macos-arm64-v8a.zip"
-            unzip -q Xray-macos-arm64-v8a.zip
-            rm -f Xray-macos-arm64-v8a.zip
-          fi
-
-          rm -f geoip.dat geosite.dat
-          curl -fsSL -o geoip.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
-          curl -fsSL -o geosite.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
-          curl -fsSL -o geoip_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geoip.dat
-          curl -fsSL -o geosite_IR.dat https://github.com/chocolate4u/Iran-v2ray-rules/releases/latest/download/geosite.dat
-          curl -fsSL -o geoip_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geoip.dat
-          curl -fsSL -o geosite_RU.dat https://github.com/runetfreedom/russia-v2ray-rules-dat/releases/latest/download/geosite.dat
-
-          mv xray xray-macos-${{ matrix.arch }}
-          cd ../..
-
-      - name: Package
-        shell: bash
-        run: tar -zcvf x-ui-darwin-${{ matrix.arch }}.tar.gz x-ui
-
-      - name: Upload files to Artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: x-ui-darwin-${{ matrix.arch }}
-          path: ./x-ui-darwin-${{ matrix.arch }}.tar.gz
-
-      - name: Upload files to GH release
-        uses: svenstaro/upload-release-action@v2
-        if: |
-          (github.event_name == 'release' && github.event.action == 'published') ||
-          (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/'))
-        with:
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          tag: ${{ github.ref }}
-          file: x-ui-darwin-${{ matrix.arch }}.tar.gz
-          asset_name: x-ui-darwin-${{ matrix.arch }}.tar.gz
-          overwrite: true
-          prerelease: true
-
   # =================================
   #  Windows Build
   # =================================
@@ -289,11 +199,11 @@ jobs:
 
           go build -ldflags "-w -s" -o xui-release.exe -v main.go
 
-      - name: Build 3X-UI for Windows
+      - name: Copy and download resources
         shell: pwsh
-        run: |          
+        run: |
           mkdir x-ui
-          Copy-Item xui-release.exe x-ui\
+          Copy-Item xui-release.exe x-ui\x-ui.exe
           mkdir x-ui\bin
           cd x-ui\bin
           

web/assets/js/model/inbound.js

@@ -596,8 +596,6 @@ class TlsStreamSettings extends XrayCommonClass {
         maxVersion = TLS_VERSION_OPTION.TLS13,
         cipherSuites = '',
         rejectUnknownSni = false,
-        verifyPeerCertByNames = ['dns.google', 'cloudflare-dns.com'],
-        pinnedPeerCertSha256 = [],
         disableSystemRoot = false,
         enableSessionResumption = false,
         certificates = [new TlsStreamSettings.Cert()],
@@ -612,8 +610,6 @@ class TlsStreamSettings extends XrayCommonClass {
         this.maxVersion = maxVersion;
         this.cipherSuites = cipherSuites;
         this.rejectUnknownSni = rejectUnknownSni;
-        this.verifyPeerCertByNames = Array.isArray(verifyPeerCertByNames) ? verifyPeerCertByNames.join(",") : verifyPeerCertByNames;
-        this.pinnedPeerCertSha256 = pinnedPeerCertSha256;
         this.disableSystemRoot = disableSystemRoot;
         this.enableSessionResumption = enableSessionResumption;
         this.certs = certificates;
@@ -647,8 +643,6 @@ class TlsStreamSettings extends XrayCommonClass {
             json.maxVersion,
             json.cipherSuites,
             json.rejectUnknownSni,
-            json.verifyPeerCertByNames,
-            json.pinnedPeerCertSha256 || [],
             json.disableSystemRoot,
             json.enableSessionResumption,
             certs,
@@ -666,8 +660,6 @@ class TlsStreamSettings extends XrayCommonClass {
             maxVersion: this.maxVersion,
             cipherSuites: this.cipherSuites,
             rejectUnknownSni: this.rejectUnknownSni,
-            verifyPeerCertByNames: this.verifyPeerCertByNames.split(","),
-            pinnedPeerCertSha256: this.pinnedPeerCertSha256.length > 0 ? this.pinnedPeerCertSha256 : undefined,
             disableSystemRoot: this.disableSystemRoot,
             enableSessionResumption: this.enableSessionResumption,
             certificates: TlsStreamSettings.toJsonArray(this.certs),

web/assets/js/model/outbound.js

@@ -347,6 +347,8 @@ class TlsStreamSettings extends CommonClass {
         fingerprint = '',
         allowInsecure = false,
         echConfigList = '',
+        verifyPeerCertByName = 'cloudflare-dns.com',
+        pinnedPeerCertSha256 = '',
     ) {
         super();
         this.serverName = serverName;
@@ -354,6 +356,8 @@ class TlsStreamSettings extends CommonClass {
         this.fingerprint = fingerprint;
         this.allowInsecure = allowInsecure;
         this.echConfigList = echConfigList;
+        this.verifyPeerCertByName = verifyPeerCertByName;
+        this.pinnedPeerCertSha256 = pinnedPeerCertSha256;
     }
 
     static fromJson(json = {}) {
@@ -363,6 +367,8 @@ class TlsStreamSettings extends CommonClass {
             json.fingerprint,
             json.allowInsecure,
             json.echConfigList,
+            json.verifyPeerCertByName,
+            json.pinnedPeerCertSha256,
         );
     }
 
@@ -372,7 +378,9 @@ class TlsStreamSettings extends CommonClass {
             alpn: this.alpn,
             fingerprint: this.fingerprint,
             allowInsecure: this.allowInsecure,
-            echConfigList: this.echConfigList
+            echConfigList: this.echConfigList,
+            verifyPeerCertByName: this.verifyPeerCertByName,
+            pinnedPeerCertSha256: this.pinnedPeerCertSha256
         };
     }
 }

web/html/form/outbound.html

@@ -703,6 +703,15 @@
           <a-form-item label="Allow Insecure">
             <a-switch v-model="outbound.stream.tls.allowInsecure"></a-switch>
           </a-form-item>
+          <a-form-item label="verify Peer Cert By Name">
+            <a-input
+              v-model.trim="outbound.stream.tls.verifyPeerCertByName"></a-input>
+          </a-form-item>
+          <a-form-item label="pinned Peer Cert Sha256">
+            <a-input v-model.trim="outbound.stream.tls.pinnedPeerCertSha256"
+              placeholder="Enter SHA256 fingerprints (base64)">
+            </a-input>
+          </a-form-item>
         </template>
 
         <!-- reality settings -->

web/html/form/tls_settings.html

@@ -70,15 +70,6 @@
     <a-form-item label="Session Resumption">
       <a-switch v-model="inbound.stream.tls.enableSessionResumption"></a-switch>
     </a-form-item>
-    <a-form-item label="verifyPeerCertByNames">
-      <a-input v-model.trim="inbound.stream.tls.verifyPeerCertByNames"></a-input>
-    </a-form-item>
-    <a-form-item label="pinned Peer Cert Sha256">
-      <a-select mode="tags" v-model="inbound.stream.tls.pinnedPeerCertSha256"
-        :dropdown-class-name="themeSwitcher.currentTheme"
-        placeholder="Enter SHA256 fingerprints (base64)">
-      </a-select>
-    </a-form-item>
     <a-divider :style="{ margin: '3px 0' }"></a-divider>
     <template v-for="cert,index in inbound.stream.tls.certs">
       <a-form-item label='{{ i18n "certificate" }}'>