使用自签名证书时无法验证连接

你正在使用哪个版本？

1.6.17 服务器版本4.19.1

使用最新版本是否还遇到同样的问题？

是

你的手机型号和手机操作系统版本是多少？

米9 MIUI 10.2.29

你遇到了什么问题？

当使用自签名证书并设置"allowInsecure": false时无法连接。以验证PC端V2ray无问题，同样配置下在安卓端kisunebi上当设置"allowInsecure": true时可连接。但安卓端kisunebi上设置"allowInsecure": false时无法连接。已将主证书和服务器端证书导入手机凭据（证书）。

你遇到的问题可以用固定步骤重现吗？

安卓端kisunebi上设置"allowInsecure": false时无法连接。以下为日志

--------- beginning of main 07-16 17:33:58.541 17356 17433 I GoLog : new proxy connection for target: tcp:192.99.71.152:22067 07-16 17:34:00.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:00.487 17315 17315 I System.out: pong received 07-16 17:34:00.897 17356 17951 I GoLog : 2019/07/16 09:34:00 [Warning] [2058184255] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [x509: certificate signed by unknown authority] > v2ray.com/core/common/retry: all retry attempts failed 07-16 17:34:01.846 17356 17356 I System.out: Stopping VPN tunnel... 07-16 17:34:01.969 17356 17430 I GoLog : failed to read from tun: read : file already closed 07-16 17:34:01.970 17356 17356 I GoLog : Stop session stater. 07-16 17:34:01.970 17356 17356 I System.out: V2Ray stopped. 07-16 17:34:01.979 17356 17356 I System.out: Remove foreground notification. 07-16 17:34:01.984 17356 17356 I System.out: Self stop service. 07-16 17:34:01.985 17356 17356 I System.out: VPN tunnel stopped. 07-16 17:34:01.986 17356 17356 I System.out: VPN service onDestroy. 07-16 17:34:02.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:04.459 17315 17330 I System.out: send ping from tile service. --------- beginning of system 07-16 17:34:05.236 17315 17315 I Timeline: Timeline: Activity_launch_request time:1009787 07-16 17:34:05.268 17315 17315 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@415903a 07-16 17:34:05.270 17315 17346 D ViewContentFactory: initViewContentFetcherClass 07-16 17:34:05.270 17315 17346 I ContentCatcher: ViewContentFetcher : ViewContentFetcher 07-16 17:34:05.270 17315 17346 D ViewContentFactory: createInterceptor took 0ms 07-16 17:34:05.271 17315 17346 I ContentCatcher: Interceptor : Catcher list invalid for fun.kitsunebi.kitsunebi4android@fun.kitsunebi.kitsunebi4android.ui.analysis.AnalysisActivity@165168327 07-16 17:34:05.271 17315 17346 I ContentCatcher: Interceptor : Get featureInfo from config pick_mode 07-16 17:34:05.563 17315 17349 D OpenGLRenderer: endAllActiveAnimators on 0x7f060b6c00 (MenuPopupWindow$MenuDropDownListView) with handle 0x7f0618bb60 07-16 17:34:06.458 17315 17330 I System.out: send ping from tile service. 07-16 17:34:06.466 17315 17315 I Timeline: Timeline: Activity_launch_request time:1011018 07-16 17:34:06.485 17315 17315 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@1439087 07-16 17:34:06.487 17315 17346 D ViewContentFactory: initViewContentFetcherClass 07-16 17:34:06.487 17315 17346 I ContentCatcher: ViewContentFetcher : ViewContentFetcher 07-16 17:34:06.487 17315 17346 D ViewContentFactory: createInterceptor took 0ms 07-16 17:34:06.488 17315 17346 I ContentCatcher: Interceptor : Catcher list invalid for fun.kitsunebi.kitsunebi4android@fun.kitsunebi.kitsunebi4android.ui.LogcatActivity@223412000 07-16 17:34:06.488 17315 17346 I ContentCatcher: Interceptor : Get featureInfo from config pick_mode 07-16 17:34:08.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:10.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:11.552 17315 17315 W Choreographer: OPTS_INPUT: First frame was drawed before optimized, so skip! 07-16 17:34:12.458 17315 17330 I System.out: send ping from tile service. 07-16 17:34:12.462 17315 17315 W Choreographer: OPTS_INPUT: First frame was drawed before optimized, so skip! 07-16 17:34:14.283 17315 17315 W Choreographer: OPTS_INPUT: First frame was drawed before optimized, so skip! 07-16 17:34:14.458 17315 17330 I System.out: send ping from tile service. 07-16 17:34:16.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:18.458 17315 17330 I System.out: send ping from tile service. 07-16 17:34:20.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:22.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:24.460 17315 17330 I System.out: send ping from tile service. 07-16 17:34:26.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:28.458 17315 17330 I System.out: send ping from tile service. 07-16 17:34:30.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:32.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:34.458 17315 17330 I System.out: send ping from tile service. 07-16 17:34:35.585 17315 17315 W Choreographer: OPTS_INPUT: First frame was drawed before optimized, so skip! 07-16 17:34:36.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:36.682 17315 17315 W Choreographer: OPTS_INPUT: First frame was drawed before optimized, so skip! 07-16 17:34:38.458 17315 17330 I System.out: send ping from tile service. 07-16 17:34:40.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:42.460 17315 17330 I System.out: send ping from tile service. 07-16 17:34:44.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:46.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:48.458 17315 17330 I System.out: send ping from tile service. 07-16 17:34:50.460 17315 17330 I System.out: send ping from tile service. 07-16 17:34:52.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:54.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:56.459 17315 17330 I System.out: send ping from tile service. 07-16 17:34:58.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:00.461 17315 17330 I System.out: send ping from tile service. 07-16 17:35:02.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:04.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:06.458 17315 17330 I System.out: send ping from tile service. 07-16 17:35:08.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:10.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:12.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:14.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:16.148 17315 17315 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@80969f3 07-16 17:35:16.150 17315 17346 D ViewContentFactory: initViewContentFetcherClass 07-16 17:35:16.150 17315 17346 I ContentCatcher: ViewContentFetcher : ViewContentFetcher 07-16 17:35:16.150 17315 17346 D ViewContentFactory: createInterceptor took 0ms 07-16 17:35:16.151 17315 17346 I ContentCatcher: Interceptor : Catcher list invalid for fun.kitsunebi.kitsunebi4android@fun.kitsunebi.kitsunebi4android.ui.analysis.AnalysisActivity@4633167 07-16 17:35:16.151 17315 17346 I ContentCatcher: Interceptor : Get featureInfo from config pick_mode 07-16 17:35:16.458 17315 17330 I System.out: send ping from tile service. 07-16 17:35:18.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:18.499 17315 17315 I Timeline: Timeline: Activity_launch_request time:1083051 07-16 17:35:20.084 17315 17315 I Timeline: Timeline: Activity_launch_request time:1084636 07-16 17:35:20.100 17315 17315 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@c8d169c 07-16 17:35:20.102 17315 17346 D ViewContentFactory: initViewContentFetcherClass 07-16 17:35:20.102 17315 17346 I ContentCatcher: ViewContentFetcher : ViewContentFetcher 07-16 17:35:20.102 17315 17346 D ViewContentFactory: createInterceptor took 1ms 07-16 17:35:20.103 17315 17346 I ContentCatcher: Interceptor : Catcher list invalid for fun.kitsunebi.kitsunebi4android@fun.kitsunebi.kitsunebi4android.ui.proxylog.ProxyLogActivity@96524833 07-16 17:35:20.103 17315 17346 I ContentCatcher: Interceptor : Get featureInfo from config pick_mode 07-16 17:35:20.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:20.503 17315 17349 D OpenGLRenderer: endAllActiveAnimators on 0x7f04d7d100 (RippleDrawable) with handle 0x7f057664c0 07-16 17:35:21.417 17315 17315 W Choreographer: OPTS_INPUT: First frame was drawed before optimized, so skip! 07-16 17:35:22.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:24.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:25.595 17315 17315 W Choreographer: OPTS_INPUT: First frame was drawed before optimized, so skip! 07-16 17:35:26.459 17315 17330 I System.out: send ping from tile service. 07-16 17:35:28.458 17315 17330 I System.out: send ping from tile service. 07-16 17:35:28.935 17315 17315 I Timeline: Timeline: Activity_launch_request time:1093487 07-16 17:35:28.950 17315 17315 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@42eebec 07-16 17:35:28.952 17315 17346 D ViewContentFactory: initViewContentFetcherClass 07-16 17:35:28.952 17315 17346 I ContentCatcher: ViewContentFetcher : ViewContentFetcher 07-16 17:35:28.952 17315 17346 D ViewContentFactory: createInterceptor took 0ms 07-16 17:35:28.952 17315 17346 I ContentCatcher: Interceptor : Catcher list invalid for fun.kitsunebi.kitsunebi4android@fun.kitsunebi.kitsunebi4android.ui.LogcatActivity@68475608 07-16 17:35:28.952 17315 17346 I ContentCatcher: Interceptor : Get featureInfo from config pick_mode 07-16 17:35:29.335 17315 17349 D OpenGLRenderer: endAllActiveAnimators on 0x7f04d7d600 (RippleDrawable) with handle 0x7f04d41e00

你正使用的配置

{
"log": {
    "loglevel": "warning"
},
"dns": {
    "tag": "dns_inbound",
    "hosts": {
        "localhost": "127.0.0.1",
        "服务器域名": "服务器IP地址",
        "www.服务器域名": "服务器IP地址",
        "services.googleapis.cn": "216.58.200.42"
    },
    "servers": [
    {
        "address": "127.0.0.1",
        "port": 5354,
        "domains": [
            "domain:xxx",
            "domain:jp",
            "domain:googleapis.cn",
            "geosite:facebook",
            "geosite:google",
            "geosite:geolocation-!cn"
        ]
    },
    {
        "address": "119.29.29.29",
        "port": 53,
        "domains": [
            "domain:gov.cn",
            "geosite:category-ads-all",
            "geosite:speedtest",
            "geosite:cn"
        ]
    }
    ],
    "clientIp": "IP"
},
"reverse": {
    "bridges": [
    {
        "tag": "bridge",
        "domain": "域名" 
    }
    ]
},
"inbound": {
    "tag": "socksPort",
    "port": 1090,
    "listen": "127.0.0.1",
    "protocol": "socks",
    "sniffing": {
        "enabled": true,
        "destOverride": ["http","tls"]
    },
    "settings": {
        "auth": "noauth",
        "udp": true,
        "userLevel": 1
    }
},
"inboundDetour": [
    {
        "tag": "httpPort",
        "port": 1091,
        "listen": "127.0.0.1",
        "protocol": "http",
        "sniffing": {
            "enabled": true,
            "destOverride": ["http","tls"]
        },
        "settings": {
            "allowTransparent": false,
            "userLevel": 1
        }
    },
    {
        "tag": "dnsPort",
        "port": 5354,
        "listen": "127.0.0.1",
        "protocol": "dokodemo-door",
        "sniffing": {
            "enabled": true,
            "destOverride": ["http","tls"]
        },
        "settings": {
            "address": "服务器IP地址",
            "port": 服务器私密DNS端口,
            "network": "udp",
            "userLevel": 1
            }
    }
],
"outbound": {
    "tag": "proxy",
    "protocol": "vmess",
    "streamSettings": {
        "network": "quic",
        "security": "tls",
        "tlsSettings": {
            "serverName": "www.服务器域名",
            "allowInsecure": false,
            "alpn": ["http/1.1"],
            "certificate": [
                "-----BEGIN CERTIFICATE-----",
                "客户端",

                "-----END CERTIFICATE-----"
                ],
            "key": [
                "-----BEGIN EC PARAMETERS-----",
                "",
                "-----END EC PARAMETERS-----",
                "-----BEGIN EC PRIVATE KEY-----",
                "客户端密钥",

                "-----END EC PRIVATE KEY-----"
            ]
        },
        "quicSettings": {
            "security": "aes-128-gcm",
            "key": "对称加密密钥",
            "header": {
                "type": "混淆"
            }
        }
    },
    "settings": {
        "vnext": [
        {
            "address": "服务器IP地址",
            "port": 端口,
            "users": [
                {
                "id": "客户端id",
                "email": "",
                "level": 0,
                "alterId": 32,
                "security": "none"
                }
            ]
        }
        ]
    }
},
"outboundDetour": [
    {
        "tag": "direct",
        "protocol": "freedom",
        "domainStrategy": "UseIP",
        "userLevel": 0,
        "streamSettings": {
            "sockopt": {
                "tcpFastOpen": true
            }
        }
    },
    {
        "tag": "dnsOut",
        "protocol": "dns",
        "userLevel": 1,
        "settings": {
            "address": "127.0.0.1",
            "port": 5354,
            "network": "udp"
            }
    }
],
"policy": {
    "levels": {
        "0": {
            "handshake": 20,
            "connIdle": 600,
            "uplinkOnly": 2,
            "downlinkOnly": 5,
            "bufferSize": 10240
        },
        "1": {
            "handshake": 2,
            "connIdle": 5,
            "uplinkOnly": 0,
            "downlinkOnly": 0,
            "bufferSize": 4
        }
    }
},
"routing": {
    "domainStrategy": "IPIfNotMatch",
    "rules": [
        {
            "type": "field",
            "inboundTag": [
                "bridge"
            ],
            "domain": [
                "full: "域名" 
            ],
            "outboundTag": "proxy"
            },
        {
            "type": "field",
            "inboundTag": [
                "bridge"
            ],
            "outboundTag": "direct"
        },
        {
            "type": "field",
            "inboundTag": [
                "socksPort",
                "httpPort",
                "tun2socks"
            ],
            "ip": [
                "geoip:private"
            ],
            "outboundTag": "direct"
        },
        {
            "type": "field",
            "network": "udp",
            "port": "53",
            "inboundTag": [
                "socksPort",
                "httpPort",
                "tun2socks"
            ],
            "outboundTag": "dnsOut"
        },
        {
            "type": "field",
            "inboundTag": [
                "dns_inbound"
            ],
            "ip": [
                "114.114.114.114",
                "223.5.5.5",
                "119.29.29.29",
                "geoip:private"
            ],
            "outboundTag": "direct"
        },
        {
            "type": "field",
            "inboundTag": [
                "dns_inbound"
            ],
            "ip": [
                "服务器IP地址",
                "80.80.80.80",
                "1.1.1.1",
                "1.0.0.1",
                "8.8.8.8",
                "8.8.4.4"
            ],
            "outboundTag": "proxy"
        },
        {
            "type": "field",
            "inboundTag": [
                "socksPort",
                "httpPort",
                "tun2socks"
            ],
            "domain": [
                "domain:gov.cn"
            ],
            "outboundTag": "direct"
        },
        {
            "type": "field",
            "inboundTag": [
                "socksPort",
                "httpPort",
                "tun2socks"
            ],
            "domain": [
                "domain:xxx",
                "domain:jp",
                "domain:googleapis.cn",
                "geosite:facebook",
                "geosite:google"
            ],
            "outboundTag": "proxy"
        },
        {
            "type": "field",
            "inboundTag": [
                "socksPort",
                "httpPort",
                "tun2socks"
            ],
            "domain": [
                "geosite:category-ads-all",
                "geosite:speedtest",
                "geosite:cn"
            ],
            "outboundTag": "direct"
        },
        {
            "type": "field",
            "inboundTag": [
                "socksPort",
                "httpPort",
                "tun2socks"
            ],
            "ip": [
                "geoip:cn"
            ],
            "outboundTag": "direct"
        }
    ]
}
}

eycorsican / kitsunebi-android