From f3d47ebb3fbc65fc25a39d4ef0d4561407acc941 Mon Sep 17 00:00:00 2001 From: MHSanaei Date: Sun, 1 Feb 2026 14:03:46 +0100 Subject: Refactor TLS peer cert verification settings Removed verifyPeerCertByNames and pinnedPeerCertSha256 from inbound TLS settings and UI. Added verifyPeerCertByName and pinnedPeerCertSha256 to outbound TLS settings and updated the outbound form to support these fields. This change streamlines and clarifies certificate verification configuration between inbound and outbound settings. --- web/assets/js/model/outbound.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'web/assets/js/model/outbound.js') diff --git a/web/assets/js/model/outbound.js b/web/assets/js/model/outbound.js index 21d6c393..3e0dd0d4 100644 --- a/web/assets/js/model/outbound.js +++ b/web/assets/js/model/outbound.js @@ -347,6 +347,8 @@ class TlsStreamSettings extends CommonClass { fingerprint = '', allowInsecure = false, echConfigList = '', + verifyPeerCertByName = 'cloudflare-dns.com', + pinnedPeerCertSha256 = '', ) { super(); this.serverName = serverName; @@ -354,6 +356,8 @@ class TlsStreamSettings extends CommonClass { this.fingerprint = fingerprint; this.allowInsecure = allowInsecure; this.echConfigList = echConfigList; + this.verifyPeerCertByName = verifyPeerCertByName; + this.pinnedPeerCertSha256 = pinnedPeerCertSha256; } static fromJson(json = {}) { @@ -363,6 +367,8 @@ class TlsStreamSettings extends CommonClass { json.fingerprint, json.allowInsecure, json.echConfigList, + json.verifyPeerCertByName, + json.pinnedPeerCertSha256, ); } @@ -372,7 +378,9 @@ class TlsStreamSettings extends CommonClass { alpn: this.alpn, fingerprint: this.fingerprint, allowInsecure: this.allowInsecure, - echConfigList: this.echConfigList + echConfigList: this.echConfigList, + verifyPeerCertByName: this.verifyPeerCertByName, + pinnedPeerCertSha256: this.pinnedPeerCertSha256 }; } } -- cgit v1.2.3