增加证书认证开关，优化前端下载证书的错误处理

2025-09-10 12:56:19 +08:00 · 2025-08-21 18:37:33 +08:00
parent 2ca8319604
commit b9192f6cde
7 changed files with 67 additions and 32 deletions
--- a/server/conf/server-sample.toml
+++ b/server/conf/server-sample.toml
@@ -9,6 +9,16 @@ db_source = "./conf/anylink.db"
 #证书文件 使用跟nginx一样的证书即可
 cert_file = "./conf/vpn_cert.pem"
 cert_key = "./conf/vpn_cert.key"
+
+#是否启用独立证书验证,开启后客户端连接需要携带证书
+#如果不开启则使用用户名密码验证
+auth_alone_cert = false
+
+#客户端证书CA证书
+client_cert_ca_file = "./conf/client_ca.pem"
+#客户端证书CA密钥
+client_cert_ca_key_file = "./conf/client_ca.key"
+
 files_path = "./conf/files"
 profile = "./conf/profile.xml"
 #profile name(用于区分不同服务端的配置)
@@ -52,7 +62,7 @@ admin_addr = ":8800"
 proxy_protocol = false

 #开启go标准库http.Server的日志
-http_server_log=false
+http_server_log = false

 #虚拟网络类型[tun macvtap tap]
 link_mode = "tun"
--- a/server/conf/server.toml
+++ b/server/conf/server.toml
@@ -11,11 +11,6 @@ cert_file = "./conf/vpn_cert.pem"
 cert_key = "./conf/vpn_cert.key"
 files_path = "./conf/files"

-#客户端证书CA证书
-client_cert_ca_file = "./conf/client_ca.pem"
-#客户端证书CA密钥
-client_cert_ca_key_file = "./conf/client_ca.key"
-
 #日志目录,默认为空写入标准输出
 #log_path = "./log"
 log_level = "debug"