-
Notifications
You must be signed in to change notification settings - Fork 511
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gost客户端报错:x509: certificate signed by unknown authority #295
Comments
|
嗯,还是要加上的,避免证书被伪造或篡改。但是因为客户端没有根证书,所以报那个错误了,执行不下去。除了去除 |
可以手动指定CA证书文件
|
这样指定了还是不行。
问题是出在哪儿呢? |
如果客户端绑定ca成功,终端输出会有提示吗?我的是没有的,我如果不要
|
可以试试chain.pem或fullchain.pem。命令行中如果有
|
破案了!用了双引号就行,我忘了
gost -L socks5://:port -F "socks5+tls://usr:pwd@ip:port?secure=true&ca=lets-encrypt-dst-x3-root.pem" |
@ginuerzh 还有个现象,首次启动gost会比较慢,CPU占用率飙升。我在一处文档中好像说是会生成证书文件,是这样吗?这一步是否可跳过? |
@ginuerzh anyway,先感谢! |
可以提供自定义证书就不会再自动生成了。 |
现象
./gost -L socks5://:port -F socks5+tls://usr:pwd@ip:port?secure=true
时提示:secure=true
参数去掉时,则可正常连接。原因
主要是客户端所在的系统不支持
dpkg-reconfigure ca-certificates
命令,从而没有根证书文件进行校验。这种情况下,应该如何解决?指定CA路径还是?应该怎么写呢?我看文档里的
caFile
参数是对于服务端的。The text was updated successfully, but these errors were encountered: