Open free-znet opened 2 years ago
Linux也有同样的问题
[master1 root /opt/trojan]# ./trojan
Welcome to trojan 1.15.1
[2022-02-21 21:44:55] [WARN] trojan service (client) started at 127.0.0.1:1080
[2022-02-21 21:45:01] [INFO] 127.0.0.1:52962 requested connection to cip.cc:80
[2022-02-21 21:45:01] [ERROR] 127.0.0.1:52962 SSL handshake failed with xxx.com:443: certificate verify failed
[2022-02-21 21:45:01] [INFO] 127.0.0.1:52962 disconnected, 0 bytes received, 70 bytes sent, lasted for 0 seconds
[2022-02-21 21:45:09] [INFO] 127.0.0.1:52994 requested connection to cip.cc:80
@omaidb @GreaterFire Not working properly on centos7.9
[ERROR] 127.0.0.1:36572 SSL handshake failed with de1-1.nigirocloud.com:443: certificate verify failed
Is there any solution thanks
@marksugar @omaidb
你们客户端有没有指定 cafile 路径?
首先获取你的系统的 cafile 路径:
curl -v https://www.qq.com |& grep CAfile
然后把这个路径填入客户端的配置里面, 比如 archlinux 上是这个路径 :
"cert": "/etc/ssl/certs/ca-certificates.crt",
macOS 是 /etc/ssl/cert.pem
trojan 的文档里面有提到
cert: if verify is set to true, the same certificate used by the server or a collection of CA certificates could be provided. If you leave this field blank, OpenSSL will try to look for a system CA store and will be likely to fail.
意思是这个如果留空, 那么就会依赖 openssl 去获取这个路径, 大概率会失败... 所以建议手动指定
按照你说的办法做,仍旧有问题。
Hi, you can try this: sudo apt install ca-certificates
Hi, you can try this:
sudo apt install ca-certificates
It work for me, thanks!
Trojan Version
1.60.0
Describe the bug
我在ios上面使用 trojan,由于 部分代码在 ios 上面无效,所以被我屏蔽了。 当我把 verify 配置成 false,可以正常使用,配置成 true,就会提示 :
我屏蔽掉的代码是:
代码具体对应 service.cpp line 156 to line 203.
因为这些api只在mac 上面有效,iOS 上面提示找不到符号。
我服务端配置没有问题,证书也没有问题,使用浏览器访问网页显示 https 证书是正常的。
openssl 版本 : 1.1.1d