xinyin025/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-28 00:24:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(tls): ping the inbound's own port for remote cert pinning

Browse Source 
The pin-from-remote button passed only the SNI to 'xray tls ping', which defaults to :443 — so it never reached a self-hosted inbound on another port and failed with a vague 'no certificate hash found'. Append the inbound's port when the SNI carries none, and surface the underlying ping failure (dial refused, timeout) in the error.
This commit is contained in:
MHSanaei
2026-06-21 19:27:37 +02:00
parent 39774a6a38
commit 03e89683dd
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/src/pages/inbounds/form/useSecurityActions.ts
+6 -1
View File
@@ -143,9 +143,14 @@ export function useSecurityActions({ form, setSaving, messageApi, nodeId }: UseS
messageApi.warning(t('pages.inbounds.form.pinFromRemoteNoSni'));
return;
}
// `xray tls ping` defaults to :443, but a self-hosted inbound rarely
// listens there. Append the inbound's own port (unless the SNI already
// carries one) so the ping reaches the actual TLS endpoint.
const port = form.getFieldValue('port') as number | undefined;
const target = /:\d+$/.test(server) || !port ? server : `${server}:${port}`;
setSaving(true);
try {
const msg = await HttpUtil.post('/panel/api/server/getRemoteCertHash', { server });
const msg = await HttpUtil.post('/panel/api/server/getRemoteCertHash', { server: target });
if (!msg?.success) {
messageApi.warning(msg?.msg || t('pages.inbounds.form.pinFromRemoteFailed'));
return;
internal/web/service/server.go
+9
View File
@@ -1896,6 +1896,15 @@ func (s *ServerService) GetRemoteCertHash(server string) ([]string, error) {
}
}
if len(leaves) == 0 {
// Surface why the ping produced no cert (dial refused, timeout, …)
// instead of the bare "not found" — the inbound is usually just not
// listening for TLS on the pinged port.
for _, line := range strings.Split(out.String(), "\n") {
line = strings.TrimSpace(line)
if strings.Contains(line, "Failed") || strings.Contains(line, "error") {
return nil, common.NewError("no certificate hash for ", server, ": ", line)
}
}
return nil, common.NewError("no certificate hash found for ", server)
}
return leaves, nil