MatsuriDayo / nekoray

Qt based cross-platform GUI proxy configuration manager (backend: sing-box)
https://matsuridayo.github.io/
GNU General Public License v3.0
13.5k stars 1.26k forks source link

vless/encoding: failed to read response version > x509: certificate signed by unknown authority #231

Closed heygo1345678 closed 1 year ago

heygo1345678 commented 1 year ago

描述问题 自带的 证书对话框粘贴自签CA没有用,这个功能是个摆设,

预期行为:预期和v2ray/xray的 "certificates": [ { "certificateFile": "D:\rootCA.crt", "usage": "verify" } ], "disableSystemRoot": true 功能一样起到使用自签证书保证安全和证书固定的效果, 目前使用自定义xray核心使用上面自定义json暂时解决,只是gui的这个功能不能和Matsuri的证书链一样起效果 实际行为: 会出现错误:vless/encoding: failed to read response version > x509: certificate signed by unknown authority 但是自签CA证书导入Windows的受信任根证书颁发机构却可以正常使用,个人认为不是最高安全级别,顶多和公共CA一样的安全等级, 一旦有公共CA被入侵或者被NSA这样的政府机构要挟, 还是可以实施中间人攻击的, 如何复现 使用自签ca签发的自签证书的tls节点连接就可以复现 提供有帮助的截图,录像,文字说明,订阅链接等。

日志 vless/encoding: failed to read response version > x509: certificate signed by unknown authority 如果有日志,请上传。请在文档内查看导出日志的详细步骤。

arm64v8a commented 1 year ago

这个功能需要填写证书内容而不是路径,如果还有问题,请提供导出的配置文件。

heygo1345678 commented 1 year ago

这个功能需要填写证书内容而不是路径,如果还有问题,请提供导出的配置文件。

路径或者证书内容两种方式都试过了,都是相同错误,用xray官方文档的加一大堆引号也是一样,三种尝试错误都一样 "--BEGIN CERTIFICATE--", "MIICwDCCAaigAwIBAgIRAO16JMdESAuHidFYJAR/7kAwDQYJKoZIhvcNAQELBQAw", "ADAeFw0xODA0MTAxMzU1MTdaFw0xODA0MTAxNTU1MTdaMAAwggEiMA0GCSqGSIb3", "DQEBAQUAA4IBDwAwggEKAoIBAQCs2PX0fFSCjOemmdm9UbOvcLctF94Ox4BpSfJ+", "3lJHwZbvnOFuo56WhQJWrclKoImp/c9veL1J4Bbtam3sW3APkZVEK9UxRQ57HQuw", "OzhV0FD20/0YELou85TwnkTw5l9GVCXT02NG+pGlYsFrxesUHpojdl8tIcn113M5", "pypgDPVmPeeORRf7nseMC6GhvXYM4txJPyenohwegl8DZ6OE5FkSVR5wFQtAhbON", "OAkIVVmw002K2J6pitPuJGOka9PxcCVWhko/W+JCGapcC7O74palwBUuXE1iH+Jp", "noPjGp4qE2ognW3WH/sgQ+rvo20eXb9Um1steaYY8xlxgBsXAgMBAAGjNTAzMA4G", "A1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAA", "MA0GCSqGSIb3DQEBCwUAA4IBAQBUd9sGKYemzwPnxtw/vzkV8Q32NILEMlPVqeJU", "7UxVgIODBV6A1b3tOUoktuhmgSSaQxjhYbFAVTD+LUglMUCxNbj56luBRlLLQWo+", "9BUhC/ow393tLmqKcB59qNcwbZER6XT5POYwcaKM75QVqhCJVHJNb1zSEE7Co7iO", "6wIan3lFyjBfYlBEz5vyRWQNIwKfdh5cK1yAu13xGENwmtlSTHiwbjBLXfk+0A/8", "r/2s+sCYUkGZHhj8xY7bJ1zg0FRalP5LrqY+r6BckT1QPDIQKYy615j1LpOtwZe/", "d4q7MD/dkzRDsch7t2cIjM/PYeMuzh87admSyL6hdtK0Nm/Q", "--END CERTIFICATE--"

heygo1345678 commented 1 year ago

这个功能需要填写证书内容而不是路径,如果还有问题,请提供导出的配置文件。

{ "bean": { "_v": 0, "addr": "example.com", "name": "test", "pass": "sdfsdfd-sdfsdfgvs-sdfsdfsd-sdfsdf", "port": 443, "stream": { "cert": "-----BEGIN CERTIFICATE-----\nMIICwDCCAaigAwIBAgIRAO16JMdESAuHidFYJAR/7kAwDQYJKoZIhvcNAQELBQAw\nADAeFw0xODA0MTAxMzU1MTdaFw0xODA0MTAxNTU1MTdaMAAwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQCs2PX0fFSCjOemmdm9UbOvcLctF94Ox4BpSfJ+\n3lJHwZbvnOFuo56WhQJWrclKoImp/c9veL1J4Bbtam3sW3APkZVEK9UxRQ57HQuw\nOzhV0FD20/0YELou85TwnkTw5l9GVCXT02NG+pGlYsFrxesUHpojdl8tIcn113M5\npypgDPVmPeeORRf7nseMC6GhvXYM4txJPyenohwegl8DZ6OE5FkSVR5wFQtAhbON\nOAkIVVmw002K2J6pitPuJGOka9PxcCVWhko/W+JCGapcC7O74palwBUuXE1iH+Jp\nnoPjGp4qE2ognW3WH/sgQ+rvo20eXb9Um1steaYY8xlxgBsXAgMBAAGjNTAzMA4G\nA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAA\nMA0GCSqGSIb3DQEBCwUAA4IBAQBUd9sGKYemzwPnxtw/vzkV8Q32NILEMlPVqeJU\n7UxVgIODBV6A1b3tOUoktuhmgSSaQxjhYbFAVTD+LUglMUCxNbj56luBRlLLQWo+\n9BUhC/ow393tLmqKcB59qNcwbZER6XT5POYwcaKM75QVqhCJVHJNb1zSEE7Co7iO\n6wIan3lFyjBfYlBEz5vyRWQNIwKfdh5cK1yAu13xGENwmtlSTHiwbjBLXfk+0A/8\nr/2s+sCYUkGZHhj8xY7bJ1zg0FRalP5LrqY+r6BckT1QPDIQKYy615j1LpOtwZe/\nd4q7MD/dkzRDsch7t2cIjM/PYeMuzh87admSyL6hdtK0Nm/Q\n-----END CERTIFICATE-----", "ed_len": 0, "insecure": false, "net": "tcp", "sec": "tls" } }, "gid": 0, "id": 2, "traffic": { "dl": 0, "ul": 0 }, "type": "vless", "yc": 0 }

我认为问题是ui生成的json是有问题的,缺少了"disableSystemRoot": true参数,看sagernet使用证书链后,日志看到生成的配置是有"disableSystemRoot": true参数的

heygo1345678 commented 1 year ago

没有用过v2fly v5不清楚这个锅是不是v5 core背,可能v5就没有这个function吧

arm64v8a commented 1 year ago

添加了 disableSystemRoot 参数,可以下载测试 https://github.com/MatsuriDayo/nekoray/suites/9921485389/artifacts/479960869

heygo1345678 commented 1 year ago

添加了 disableSystemRoot 参数,可以下载测试 https://github.com/MatsuriDayo/nekoray/suites/9921485389/artifacts/479960869

测试Windows版本可以正常使用了,多谢大佬

sunlewuyou commented 8 months ago

添加了 disableSystemRoot 参数,可以下载测试 https://github.com/MatsuriDayo/nekoray/suites/9921485389/artifacts/479960869

测试Windows版本可以正常使用了,多谢大佬

@arm64v8a 同样的问题,使用自签名CA出现同样的错误,json文件里也没有 disableSystemRoot 参数,自签CA证书导入Windows的受信任根证书颁发机构可以正常使用。