ClashForAndroid icon indicating copy to clipboard operation
ClashForAndroid copied to clipboard
verified publisher icon Kr328

[Feature Request] adding a root CA to Clash

Open ktheticdev opened this issue 3 years ago • 3 comments

Feature Description

Even though my own root CA is added to system store, Clash still won't connect. Is there a way to somehow add it to Clash without having to skip TLS verification?

Additional

No response

ktheticdev avatar Mar 19 '22 03:03 ktheticdev

Screenshot_20220320-160034_Opera Screenshot_20220320-162218_Opera Would also like to mention that other apps are able to use the certificate. (first screenshot – cert disabled, second screenshot – cert enabled)

ktheticdev avatar Mar 20 '22 12:03 ktheticdev

Screenshot_20220320-160034_Opera Screenshot_20220320-162218_Opera Would also like to mention that other apps are able to use the certificate. (first screenshot – cert disabled, second screenshot – cert enabled)

No, clash only relay TCP connection, not TLS

Kr328 avatar Mar 20 '22 13:03 Kr328

Screenshot_20220320-160034_Opera Screenshot_20220320-162218_Opera Would also like to mention that other apps are able to use the certificate. (first screenshot – cert disabled, second screenshot – cert enabled)

No, clash only relay TCP connection, not TLS

The thing is that Clash on Windows is actually able to use the same CA when imported to the system keychain. Thus, I guess that OpenSSL has a different trusted certificates location than Java apps, somehow, though, I'm not sure. Forgot to mention: certificate was hashed and moved to /system/etc/security/cacerts/.

ktheticdev avatar Mar 20 '22 14:03 ktheticdev