mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-06 04:44:21 +00:00
d2dc589f14
FetchCertFingerprint read the leaf certificate from a bare insecure TLS handshake, which CodeQL flagged as go/disabled-certificate-check. The function intentionally accepts any cert (trust-on-first-use, so the admin can pin a not-yet-trusted node), so verification cannot be enabled. Capture the leaf cert inside a VerifyConnection callback instead, matching the existing pattern in nodeHTTPClientFor that already clears the same query. Behavior is unchanged.