xfy/lolly
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(stream): 添加 SSL 证书验证禁用的安全警告

Browse Source 
当 verify=false 跳过证书验证时,打印警告日志提醒中间人攻击风险

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
xfy 2026-04-13 16:20:20 +08:00
parent 1bf9e7ad5d
commit d0396a3854
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/stream/ssl.go
View File

@ -16,6 +16,7 @@ import (
"sync" "sync"
"rua.plus/lolly/internal/config" "rua.plus/lolly/internal/config"
"rua.plus/lolly/internal/logging"
"rua.plus/lolly/internal/sslutil" "rua.plus/lolly/internal/sslutil"
) )
@ -190,6 +191,7 @@ func (m *ProxySSLManager) GetClientTLSConfig(serverName string) *tls.Config {
tlsConfig.RootCAs = m.rootCAPool tlsConfig.RootCAs = m.rootCAPool
} else if !m.config.Verify { } else if !m.config.Verify {
// 跳过证书验证 // 跳过证书验证
logging.Warn().Msg("SSL证书验证已禁用连接可能遭受中间人攻击")
tlsConfig.InsecureSkipVerify = true tlsConfig.InsecureSkipVerify = true
} }