You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 3, 2023. It is now read-only.
Describe the bug
When importing a profile hosted on a HTTPS server using non full-chain certification, it may fail with this error: "error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer;"
To Reproduce
Steps to reproduce the behavior:
Issue certification by acme.sh, with issuer from either Let's Encrypt or ZeroSSL (does not matter)
Host a HTTPS site by nginx, with SSL enabled and specify its cert (using the one without intermediate CA, but not the full-chain one) and private key
Open anything of the site in browser, confirm no error / warning about SSL
Try to import the profile in Clash Verge
Expected behavior
The profile should be imported if it's a valid profile, or report some other error about the profile itself.
However it's saying the peer certification issue and refusing to download the profile.
Only by changing the certification configuration in nginx to use full-chain certification, this profile can be imported then.
Screenshots
N/A
Information
OS: Windows 11
Clash Verge Version: 1.3.8
Clash Core: N/A
Additional context
What I can confirm is that using the certification w/o intermediate CA is definitely valid - it would rely on OS or browser provided root CA. Browser and Clash for Windows both accepts such certification well.
I guess this is somehow related to reqwest, but I'm not familiar with that.
The text was updated successfully, but these errors were encountered:
Describe the bug
When importing a profile hosted on a HTTPS server using non full-chain certification, it may fail with this error: "error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer;"
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The profile should be imported if it's a valid profile, or report some other error about the profile itself.
However it's saying the peer certification issue and refusing to download the profile.
Only by changing the certification configuration in nginx to use full-chain certification, this profile can be imported then.
Screenshots
N/A
Information
Additional context
What I can confirm is that using the certification w/o intermediate CA is definitely valid - it would rely on OS or browser provided root CA. Browser and Clash for Windows both accepts such certification well.
I guess this is somehow related to reqwest, but I'm not familiar with that.
The text was updated successfully, but these errors were encountered: