hiddify / hiddify-app

Multi-platform auto-proxy client, supporting Sing-box, X-ray, TUIC, Hysteria, Reality, Trojan, SSH etc. It’s an open-source, secure and ad-free.
https://hiddify.com
Other
16.88k stars 1.53k forks source link

In VLESS/TLS configuration server certificate is not validated #430

Open sachako opened 8 months ago

sachako commented 8 months ago

Search first

What Happened?

I have a server with basic VLESS/TLS configuration, my own certificate (signed by internal CA). I pass that server configuration to Hiddify-Next by vless:// link. It appears that Hiddify uses the server even if I do not pass &allowInsecure=true with the link.

Reproduce the Bug

Given a VLESS/TLS server with a certificate signed by a non-recognised CA observe that Hiddify connects to it even if not explicitly instructed to establish connection when server certificate cannot be validated.

Expected Behavior

Hiddify should fail to use such server

Version

0.13.6

Platform/OS

Android

Additional Context

No response

Relevant log output

No response

Are you willing to submit a PR? If you know how to fix the bug.

ManchiSoul commented 4 months ago

I have same problem in hiddify logs i get those errors

`

+0300 2024-06-18 11:31:37 ERROR outbound/urltest[auto]: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: +0300 2024-06-18 11:31:38 ERROR outbound/urltest[auto]: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: `

I cannot connect to any v2ray vmess TLS 443 profiles because there is no option to select allowinsecure=true in hiddify client app