Closed chushuai closed 9 months ago
does not load system default certificate
The zcrypto code
https://github.com/zmap/zcrypto/blob/master/x509/verify.go#L283
if opts.Roots == nil {
err = SystemRootsError{}
return
}
the golang crypto/tls
if opts.Roots == nil {
opts.Roots = systemRootsPool()
if opts.Roots == nil {
return nil, SystemRootsError{systemRootsErr}
}
}
I believe this is by design, to provide flexibility
If you desire the same behavior as the upstream golang tls, you should set opt.roots = systemRootsPool() when calling that function
Yes, this is intentional. You must provide your own roots when using ZCrypto.
https://new-proxy.shunwang.com/
the cert browser is trusted, but zcrypto Invalid display certificate