fix(stream): 添加 SSL 证书验证禁用的安全警告

当 verify=false 跳过证书验证时，打印警告日志提醒中间人攻击风险 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 16:20:20 +08:00 · 2026-04-13 16:20:20 +08:00 · d0396a3854
commit d0396a3854
parent 1bf9e7ad5d
1 changed files with 2 additions and 0 deletions
--- a/internal/stream/ssl.go
+++ b/internal/stream/ssl.go
@ -16,6 +16,7 @@ import (
 	"sync"

 	"rua.plus/lolly/internal/config"
+	"rua.plus/lolly/internal/logging"
 	"rua.plus/lolly/internal/sslutil"
 )

@ -190,6 +191,7 @@ func (m *ProxySSLManager) GetClientTLSConfig(serverName string) *tls.Config {
 		tlsConfig.RootCAs = m.rootCAPool
 	} else if !m.config.Verify {
 		// 跳过证书验证
+		logging.Warn().Msg("SSL证书验证已禁用，连接可能遭受中间人攻击")
 		tlsConfig.InsecureSkipVerify = true
 	}