fix(tls): correct pinned cert SHA-256 hint to hex, not base64

xray-core hex-decodes pinnedPeerCertSha256 and the panel forwards the value as-is into share links and the JSON subscription, so clients hex-decode it too. The tooltip/placeholder wrongly said base64 (copied from the retired pinnedPeerCertificateChainSha256 field), and the "generate random hash" button emitted base64 via btoa, producing an unusable pin. Tooltip/placeholder now say hex across all locales and the generator emits hex.

Closes #4793
This commit is contained in:
MHSanaei
2026-06-02 15:14:17 +02:00
parent 13d02f01fc
commit c9abda7ab8
14 changed files with 27 additions and 29 deletions
@@ -99,9 +99,7 @@ export function useSecurityActions({ form, setSaving, messageApi }: UseSecurityA
const generateRandomPinHash = () => {
const bytes = new Uint8Array(32);
crypto.getRandomValues(bytes);
let binary = '';
for (const b of bytes) binary += String.fromCharCode(b);
const hash = btoa(binary);
const hash = Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('');
const current = (form.getFieldValue(
['streamSettings', 'tlsSettings', 'settings', 'pinnedPeerCertSha256'],
) as string[] | undefined) ?? [];