Alex-Devera/v2rayN
1
0
Fork 0
mirror of https://github.com/2dust/v2rayN.git synced 2026-04-14 19:45:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge ddc45ed443 into 53041906b3

Browse source
This commit is contained in:
DHR60 2026-04-07 10:31:39 +00:00 committed by GitHub
commit 443989c4ae
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 130 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
v2rayN/ServiceLib/Manager/CertPemManager.cs
View file

@ -203,7 +203,7 @@ public class CertPemManager
/// <summary> /// <summary>
/// Get certificate in PEM format from a server with CA pinning validation /// Get certificate in PEM format from a server with CA pinning validation
/// </summary> /// </summary>
public async Task<(string?, string?)> GetCertPemAsync(string target, string serverName, int timeout = 4) public async Task<(string?, string?)> GetCertPemAsync(string target, string serverName, int timeout = 4, bool allowInsecure = false)
{ {
try try
{ {
@ -215,12 +215,14 @@ public class CertPemManager
using var client = new TcpClient(); using var client = new TcpClient();
await client.ConnectAsync(domain, port > 0 ? port : 443, cts.Token); await client.ConnectAsync(domain, port > 0 ? port : 443, cts.Token);
await using var ssl = new SslStream(client.GetStream(), false, ValidateServerCertificate); var callback = new RemoteCertificateValidationCallback((sender, certificate, chain, sslPolicyErrors) =>
ValidateServerCertificate(sender, certificate, chain, sslPolicyErrors, allowInsecure));
await using var ssl = new SslStream(client.GetStream(), false, callback);
var sslOptions = new SslClientAuthenticationOptions var sslOptions = new SslClientAuthenticationOptions
{ {
TargetHost = serverName, TargetHost = serverName,
RemoteCertificateValidationCallback = ValidateServerCertificate RemoteCertificateValidationCallback = callback
}; };
await ssl.AuthenticateAsClientAsync(sslOptions, cts.Token); await ssl.AuthenticateAsClientAsync(sslOptions, cts.Token);
@ -249,7 +251,7 @@ public class CertPemManager
/// <summary> /// <summary>
/// Get certificate chain in PEM format from a server with CA pinning validation /// Get certificate chain in PEM format from a server with CA pinning validation
/// </summary> /// </summary>
public async Task<(List<string>, string?)> GetCertChainPemAsync(string target, string serverName, int timeout = 4) public async Task<(List<string>, string?)> GetCertChainPemAsync(string target, string serverName, int timeout = 4, bool allowInsecure = false)
{ {
var pemList = new List<string>(); var pemList = new List<string>();
try try
@ -262,12 +264,14 @@ public class CertPemManager
using var client = new TcpClient(); using var client = new TcpClient();
await client.ConnectAsync(domain, port > 0 ? port : 443, cts.Token); await client.ConnectAsync(domain, port > 0 ? port : 443, cts.Token);
await using var ssl = new SslStream(client.GetStream(), false, ValidateServerCertificate); var callback = new RemoteCertificateValidationCallback((sender, certificate, chain, sslPolicyErrors) =>
ValidateServerCertificate(sender, certificate, chain, sslPolicyErrors, allowInsecure));
await using var ssl = new SslStream(client.GetStream(), false, callback);
var sslOptions = new SslClientAuthenticationOptions var sslOptions = new SslClientAuthenticationOptions
{ {
TargetHost = serverName, TargetHost = serverName,
RemoteCertificateValidationCallback = ValidateServerCertificate RemoteCertificateValidationCallback = callback
}; };
await ssl.AuthenticateAsClientAsync(sslOptions, cts.Token); await ssl.AuthenticateAsClientAsync(sslOptions, cts.Token);
@ -300,16 +304,23 @@ public class CertPemManager
/// Validate server certificate with CA pinning /// Validate server certificate with CA pinning
/// </summary> /// </summary>
private bool ValidateServerCertificate( private bool ValidateServerCertificate(
object sender, object _,
X509Certificate? certificate, X509Certificate? certificate,
X509Chain? chain, X509Chain? chain,
SslPolicyErrors sslPolicyErrors) SslPolicyErrors sslPolicyErrors,
bool allowInsecure)
{ {
if (certificate == null) if (certificate == null)
{ {
return false; return false;
} }
// In insecure mode, accept any certificate so self-signed certs can be fetched.
if (allowInsecure)
{
return true;
}
// Check certificate name mismatch // Check certificate name mismatch
if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNameMismatch)) if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNameMismatch))
{ {

18
v2rayN/ServiceLib/Resx/ResUI.Designer.cs generated
View file

@ -2571,6 +2571,24 @@ namespace ServiceLib.Resx {
} }
} }
/// <summary>
/// 查找类似 Allow insecure cert fetch (self-signed) 的本地化字符串。
/// </summary>
public static string TbAllowInsecureCertFetch {
get {
return ResourceManager.GetString("TbAllowInsecureCertFetch", resourceCulture);
}
}
/// <summary>
/// 查找类似 Only for fetching self-signed certificates. This may expose you to MITM risks. 的本地化字符串。
/// </summary>
public static string TbAllowInsecureCertFetchTips {
get {
return ResourceManager.GetString("TbAllowInsecureCertFetchTips", resourceCulture);
}
}
/// <summary> /// <summary>
/// 查找类似 ALPN 的本地化字符串。 /// 查找类似 ALPN 的本地化字符串。
/// </summary> /// </summary>

6
v2rayN/ServiceLib/Resx/ResUI.fa-Ir.resx
View file

@ -1698,4 +1698,10 @@ The "Get Certificate" action may fail if a self-signed certificate is used or if
<data name="TbLegacyProtect" xml:space="preserve"> <data name="TbLegacyProtect" xml:space="preserve">
<value>Legacy TUN Protect</value> <value>Legacy TUN Protect</value>
</data> </data>
<data name="TbAllowInsecureCertFetch" xml:space="preserve">
<value>Allow insecure cert fetch (self-signed)</value>
</data>
<data name="TbAllowInsecureCertFetchTips" xml:space="preserve">
<value>Only for fetching self-signed certificates. This may expose you to MITM risks.</value>
</data>
</root> </root>

6
v2rayN/ServiceLib/Resx/ResUI.fr.resx
View file

@ -1695,4 +1695,10 @@ The "Get Certificate" action may fail if a self-signed certificate is used or if
<data name="TbLegacyProtect" xml:space="preserve"> <data name="TbLegacyProtect" xml:space="preserve">
<value>Legacy TUN Protect</value> <value>Legacy TUN Protect</value>
</data> </data>
<data name="TbAllowInsecureCertFetch" xml:space="preserve">
<value>Allow insecure cert fetch (self-signed)</value>
</data>
<data name="TbAllowInsecureCertFetchTips" xml:space="preserve">
<value>Only for fetching self-signed certificates. This may expose you to MITM risks.</value>
</data>
</root> </root>

6
v2rayN/ServiceLib/Resx/ResUI.hu.resx
View file

@ -1698,4 +1698,10 @@ The "Get Certificate" action may fail if a self-signed certificate is used or if
<data name="TbLegacyProtect" xml:space="preserve"> <data name="TbLegacyProtect" xml:space="preserve">
<value>Legacy TUN Protect</value> <value>Legacy TUN Protect</value>
</data> </data>
<data name="TbAllowInsecureCertFetch" xml:space="preserve">
<value>Allow insecure cert fetch (self-signed)</value>
</data>
<data name="TbAllowInsecureCertFetchTips" xml:space="preserve">
<value>Only for fetching self-signed certificates. This may expose you to MITM risks.</value>
</data>
</root> </root>

6
v2rayN/ServiceLib/Resx/ResUI.resx
View file

@ -1698,4 +1698,10 @@ The "Get Certificate" action may fail if a self-signed certificate is used or if
<data name="TbLegacyProtect" xml:space="preserve"> <data name="TbLegacyProtect" xml:space="preserve">
<value>Legacy TUN Protect</value> <value>Legacy TUN Protect</value>
</data> </data>
<data name="TbAllowInsecureCertFetch" xml:space="preserve">
<value>Allow insecure cert fetch (self-signed)</value>
</data>
<data name="TbAllowInsecureCertFetchTips" xml:space="preserve">
<value>Only for fetching self-signed certificates. This may expose you to MITM risks.</value>
</data>
</root> </root>

6
v2rayN/ServiceLib/Resx/ResUI.ru.resx
View file

@ -1698,4 +1698,10 @@
<data name="TbLegacyProtect" xml:space="preserve"> <data name="TbLegacyProtect" xml:space="preserve">
<value>Устаревшая защита TUN (Legacy Protect)</value> <value>Устаревшая защита TUN (Legacy Protect)</value>
</data> </data>
<data name="TbAllowInsecureCertFetch" xml:space="preserve">
<value>Allow insecure cert fetch (self-signed)</value>
</data>
<data name="TbAllowInsecureCertFetchTips" xml:space="preserve">
<value>Only for fetching self-signed certificates. This may expose you to MITM risks.</value>
</data>
</root> </root>

6
v2rayN/ServiceLib/Resx/ResUI.zh-Hans.resx
View file

@ -1695,4 +1695,10 @@
<data name="TbLegacyProtect" xml:space="preserve"> <data name="TbLegacyProtect" xml:space="preserve">
<value>旧版 TUN 保护</value> <value>旧版 TUN 保护</value>
</data> </data>
<data name="TbAllowInsecureCertFetch" xml:space="preserve">
<value>允许不安全获取证书(自签名)</value>
</data>
<data name="TbAllowInsecureCertFetchTips" xml:space="preserve">
<value>仅用于抓取自签证书,存在中间人风险。</value>
</data>
</root> </root>

6
v2rayN/ServiceLib/Resx/ResUI.zh-Hant.resx
View file

@ -1695,4 +1695,10 @@
<data name="TbLegacyProtect" xml:space="preserve"> <data name="TbLegacyProtect" xml:space="preserve">
<value>Legacy TUN Protect</value> <value>Legacy TUN Protect</value>
</data> </data>
<data name="TbAllowInsecureCertFetch" xml:space="preserve">
<value>允許不安全獲取證書(自簽名)</value>
</data>
<data name="TbAllowInsecureCertFetchTips" xml:space="preserve">
<value>僅用於抓取自簽證書,存在中間人風險。</value>
</data>
</root> </root>

7
v2rayN/ServiceLib/ViewModels/AddServerViewModel.cs
View file

@ -73,6 +73,9 @@ public class AddServerViewModel : MyReactiveObject
[Reactive] [Reactive]
public bool NaiveQuic { get; set; } public bool NaiveQuic { get; set; }
[Reactive]
public bool AllowInsecureCertFetch { get; set; }
public ReactiveCommand<Unit, Unit> FetchCertCmd { get; } public ReactiveCommand<Unit, Unit> FetchCertCmd { get; }
public ReactiveCommand<Unit, Unit> FetchCertChainCmd { get; } public ReactiveCommand<Unit, Unit> FetchCertChainCmd { get; }
public ReactiveCommand<Unit, Unit> SaveCmd { get; } public ReactiveCommand<Unit, Unit> SaveCmd { get; }
@ -272,7 +275,7 @@ public class AddServerViewModel : MyReactiveObject
domain += $":{SelectedSource.Port}"; domain += $":{SelectedSource.Port}";
} }
(Cert, var certError) = await CertPemManager.Instance.GetCertPemAsync(domain, serverName); (Cert, var certError) = await CertPemManager.Instance.GetCertPemAsync(domain, serverName, allowInsecure: AllowInsecureCertFetch);
UpdateCertTip(certError); UpdateCertTip(certError);
} }
@ -297,7 +300,7 @@ public class AddServerViewModel : MyReactiveObject
domain += $":{SelectedSource.Port}"; domain += $":{SelectedSource.Port}";
} }
var (certs, certError) = await CertPemManager.Instance.GetCertChainPemAsync(domain, serverName); var (certs, certError) = await CertPemManager.Instance.GetCertChainPemAsync(domain, serverName, allowInsecure: AllowInsecureCertFetch);
Cert = CertPemManager.ConcatenatePemChain(certs); Cert = CertPemManager.ConcatenatePemChain(certs);
UpdateCertTip(certError); UpdateCertTip(certError);
} }

19
v2rayN/v2rayN.Desktop/Views/AddServerWindow.axaml
View file

@ -1008,6 +1008,25 @@
Margin="{StaticResource Margin4}" Margin="{StaticResource Margin4}"
Content="{x:Static resx:ResUI.TbFetchCertChain}" /> Content="{x:Static resx:ResUI.TbFetchCertChain}" />
</StackPanel> </StackPanel>
<StackPanel HorizontalAlignment="Left" Orientation="Horizontal">
<TextBlock
Margin="{StaticResource Margin4}"
VerticalAlignment="Center"
Text="{x:Static resx:ResUI.TbAllowInsecureCertFetch}" />
<ToggleSwitch
x:Name="togAllowInsecureCertFetch"
Margin="{StaticResource Margin4}"
HorizontalAlignment="Left" />
</StackPanel>
<TextBlock
x:Name="txtAllowInsecureCertFetchTips"
Width="400"
Margin="{StaticResource Margin4}"
VerticalAlignment="Center"
Foreground="#FFD32F2F"
IsVisible="False"
Text="{x:Static resx:ResUI.TbAllowInsecureCertFetchTips}"
TextWrapping="Wrap" />
<TextBlock <TextBlock
Width="400" Width="400"
Margin="{StaticResource Margin4}" Margin="{StaticResource Margin4}"

2
v2rayN/v2rayN.Desktop/Views/AddServerWindow.axaml.cs
View file

@ -214,6 +214,8 @@ public partial class AddServerWindow : WindowBase<AddServerViewModel>
this.Bind(ViewModel, vm => vm.CertSha, v => v.txtCertSha256Pinning.Text).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.CertSha, v => v.txtCertSha256Pinning.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.CertTip, v => v.labCertPinning.Text).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.CertTip, v => v.labCertPinning.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.Cert, v => v.txtCert.Text).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.Cert, v => v.txtCert.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.AllowInsecureCertFetch, v => v.togAllowInsecureCertFetch.IsChecked).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.AllowInsecureCertFetch, v => v.txtAllowInsecureCertFetchTips.IsVisible).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.EchConfigList, v => v.txtEchConfigList.Text).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.SelectedSource.EchConfigList, v => v.txtEchConfigList.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.EchForceQuery, v => v.cmbEchForceQuery.SelectedValue).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.SelectedSource.EchForceQuery, v => v.cmbEchForceQuery.SelectedValue).DisposeWith(disposables);

21
v2rayN/v2rayN/Views/AddServerWindow.xaml
View file

@ -1268,6 +1268,27 @@
Content="{x:Static resx:ResUI.TbFetchCertChain}" Content="{x:Static resx:ResUI.TbFetchCertChain}"
Style="{StaticResource DefButton}" /> Style="{StaticResource DefButton}" />
</StackPanel> </StackPanel>
<StackPanel HorizontalAlignment="Left" Orientation="Horizontal">
<TextBlock
Margin="{StaticResource Margin4}"
VerticalAlignment="Center"
Style="{StaticResource ToolbarTextBlock}"
Text="{x:Static resx:ResUI.TbAllowInsecureCertFetch}" />
<ToggleButton
x:Name="togAllowInsecureCertFetch"
Margin="{StaticResource Margin4}"
HorizontalAlignment="Left" />
</StackPanel>
<TextBlock
x:Name="txtAllowInsecureCertFetchTips"
Width="400"
Margin="{StaticResource Margin4}"
VerticalAlignment="Center"
Foreground="#FFD32F2F"
Style="{StaticResource ToolbarTextBlock}"
Text="{x:Static resx:ResUI.TbAllowInsecureCertFetchTips}"
TextWrapping="Wrap"
Visibility="Collapsed" />
<TextBlock <TextBlock
Width="400" Width="400"
Margin="{StaticResource Margin4}" Margin="{StaticResource Margin4}"

4
v2rayN/v2rayN/Views/AddServerWindow.xaml.cs
View file

@ -208,6 +208,10 @@ public partial class AddServerWindow
this.Bind(ViewModel, vm => vm.CertSha, v => v.txtCertSha256Pinning.Text).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.CertSha, v => v.txtCertSha256Pinning.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.CertTip, v => v.labCertPinning.Text).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.CertTip, v => v.labCertPinning.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.Cert, v => v.txtCert.Text).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.Cert, v => v.txtCert.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.AllowInsecureCertFetch, v => v.togAllowInsecureCertFetch.IsChecked).DisposeWith(disposables);
this.WhenAnyValue(x => x.ViewModel.AllowInsecureCertFetch)
.Select(b => b ? Visibility.Visible : Visibility.Collapsed)
.BindTo(this, v => v.txtAllowInsecureCertFetchTips.Visibility);
this.Bind(ViewModel, vm => vm.Cert, v => v.txtCert.Text).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.Cert, v => v.txtCert.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.EchConfigList, v => v.txtEchConfigList.Text).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.SelectedSource.EchConfigList, v => v.txtEchConfigList.Text).DisposeWith(disposables);
this.Bind(ViewModel, vm => vm.SelectedSource.EchForceQuery, v => v.cmbEchForceQuery.Text).DisposeWith(disposables); this.Bind(ViewModel, vm => vm.SelectedSource.EchForceQuery, v => v.cmbEchForceQuery.Text).DisposeWith(disposables);