search

URenko / Accesser

🌏一个解决SNI RST导致维基百科、Pixiv等站点无法访问的工具 | A tool for solving SNI RST
GNU General Public License v3.0
895 stars 77 forks source link

安卓上用,发生什么事了? #126

Open daiaji opened 1 year ago

daiaji commented 1 year ago 
Accesser v0.8.1  Copyright (C) 2018-2023  URenkoServing on ('127.0.0.1', 7654)                  2023-05-20 14:04:23 DEBUG    Accesser: 127.0.0.1:41430 say: CONNECT www.pixiv.net:443 HTTP/1.1  2023-05-20 14:04:23 DEBUG    Accesser: [41430] DNS: www.pixiv.net -> 210.140.131.219            2023-05-20 14:04:23 ERROR    asyncio: Task exception was never retrieved
future: <Task finished name='Task-6' coro=<handle() done, defined at /data/data/com.termux/files/usr/lib/python3.11/site-packages/accesser/__init__.py:93> exception=SSLError(1, '[SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:1002)')>
Traceback (most recent call last):                File "/data/data/com.termux/files/usr/lib/python3.11/site-packages/accesser/__init__.py", line 122, in handle                                     await writer.start_tls(context)               File "/data/data/com.termux/files/usr/lib/python3.11/asyncio/streams.py", line 387, in start_tls                                                  new_transport = await self._loop.start_tls(  # type: ignore
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                   File "/data/data/com.termux/files/usr/lib/python3.11/asyncio/base_events.py", line 1267, in start_tls
    await waiter                                  File "/data/data/com.termux/files/usr/lib/python3.11/asyncio/sslproto.py", line 574, in _on_handshake_complete                                    raise handshake_exc
  File "/data/data/com.termux/files/usr/lib/python3.11/asyncio/sslproto.py", line 556, in _do_handshake                                             self._sslobj.do_handshake()                   File "/data/data/com.termux/files/usr/lib/python3.11/ssl.py", line 979, in do_handshake           self._sslobj.do_handshake()                 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:1002)

ca我通过root塞到系统证书里了。 Firefox里无论是否使用第三方ca。 似乎都用不了。

UjuiUjuMandan commented 1 year ago

Firefox啊,去about:config里把security.enterprise_roots.enabled设为true试试。

daiaji commented 1 year ago

已经true了 自签CA不管是塞系统存储里还是用户储存里都不行。

https://github.com/URenko/Accesser 启用了被称为 HTTP 严格传输安全(HSTS)的安全策略,Iceraven 只能与其建立安全连接。您无法为此网站添加例外,以访问此网站。

RaySibay commented 6 months ago

firefox系的证书比较特殊,可以参考这个 https://adguard.com/kb/zh-CN/adguard-for-android/solving-problems/firefox-certificates/