fix(tls): ping the inbound's own port for remote cert pinning

The pin-from-remote button passed only the SNI to 'xray tls ping', which defaults to :443 — so it never reached a self-hosted inbound on another port and failed with a vague 'no certificate hash found'. Append the inbound's port when the SNI carries none, and surface the underlying ping failure (dial refused, timeout) in the error.
This commit is contained in:
MHSanaei
2026-06-21 19:27:37 +02:00
parent 39774a6a38
commit 03e89683dd
2 changed files with 15 additions and 1 deletions
@@ -143,9 +143,14 @@ export function useSecurityActions({ form, setSaving, messageApi, nodeId }: UseS
messageApi.warning(t('pages.inbounds.form.pinFromRemoteNoSni'));
return;
}
// `xray tls ping` defaults to :443, but a self-hosted inbound rarely
// listens there. Append the inbound's own port (unless the SNI already
// carries one) so the ping reaches the actual TLS endpoint.
const port = form.getFieldValue('port') as number | undefined;
const target = /:\d+$/.test(server) || !port ? server : `${server}:${port}`;
setSaving(true);
try {
const msg = await HttpUtil.post('/panel/api/server/getRemoteCertHash', { server });
const msg = await HttpUtil.post('/panel/api/server/getRemoteCertHash', { server: target });
if (!msg?.success) {
messageApi.warning(msg?.msg || t('pages.inbounds.form.pinFromRemoteFailed'));
return;