-
Notifications
You must be signed in to change notification settings - Fork 477
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
服务端配置CA后,客户端无需配置证书即可代理,存在安全风险 #497
Comments
看起来像是ca证书没有加载成功,可以用v3版本试试。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
服务端(gost 2.11.5):/usr/sbin/gost -L="tls://:443?cert=/etc/gost/fullchain.pem&key=/etc/gost/privkey.pem&ca=/etc/gost/rootCA.pem"
客户端:/usr/sbin/gost -L :8888 -F=tls://[服务器域名]:443
浏览器配置: socks5://127.0.0.1:8888
经测试可以代理成功。
期望:根据说明文档,配置CA后,要求客户端提供证书,双向认证,客户端不提供证书,拒绝连接。
The text was updated successfully, but these errors were encountered: