mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2026-07-15 09:06:07 +00:00
39774a6a38
Certs without an OCSP responder URL (e.g. Let's Encrypt, which dropped OCSP in 2025) made xray log 'ignoring invalid OCSP: no OCSP server specified in cert' on every refresh. Default the per-cert ocspStapling interval to 0 (disabled) so new inbounds stay quiet; the field is kept for certs that do support stapling.
35 lines
958 B
TypeScript
35 lines
958 B
TypeScript
import { TlsStreamSettingsSchema } from '@/schemas/protocols/security/tls';
|
|
|
|
function defaultCertificate(): Record<string, unknown> {
|
|
return {
|
|
useFile: true,
|
|
certificateFile: '',
|
|
keyFile: '',
|
|
certificate: [],
|
|
key: [],
|
|
ocspStapling: 0,
|
|
oneTimeLoading: false,
|
|
usage: 'encipherment',
|
|
buildChain: false,
|
|
};
|
|
}
|
|
|
|
export function createTlsSettingsWithDefaultCert(): Record<string, unknown> {
|
|
const tls = TlsStreamSettingsSchema.parse({}) as Record<string, unknown>;
|
|
tls.certificates = [defaultCertificate()];
|
|
return tls;
|
|
}
|
|
|
|
export function createHysteriaTlsSettingsWithDefaultCert(): Record<string, unknown> {
|
|
const tls = createTlsSettingsWithDefaultCert();
|
|
tls.alpn = ['h3'];
|
|
|
|
const settings = tls.settings && typeof tls.settings === 'object' && !Array.isArray(tls.settings)
|
|
? { ...(tls.settings as Record<string, unknown>) }
|
|
: {};
|
|
settings.fingerprint = '';
|
|
tls.settings = settings;
|
|
|
|
return tls;
|
|
}
|