4 年之前 · 1e420cc766
--- a/conf/frpc_full.ini
+++ b/conf/frpc_full.ini
@@ -52,6 +52,10 @@ protocol = tcp
 
				 # if tls_enable is true, frpc will connect frps by tls
			
 
				 tls_enable = true
			
 
				 
			
 
				+# tls_cert_file = client.crt
			
 
				+# tls_key_file = client.key
			
 
				+# tls_trusted_ca_file = ca.crt
			
 
				+
			
 
				 # specify a dns server, so frpc will use this instead of default one
			
 
				 # dns_server = 8.8.8.8
			
 
				 
			
--- a/conf/frps_full.ini
+++ b/conf/frps_full.ini
@@ -103,6 +103,10 @@ max_ports_per_client = 0
 
				 # TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false.
			
 
				 tls_only = false
			
 
				 
			
 
				+# tls_cert_file = server.crt
			
 
				+# tls_key_file = server.key
			
 
				+# tls_trusted_ca_file = ca.crt
			
 
				+
			
 
				 # if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
			
 
				 # when subdomain is test, the host used by routing is test.frps.com
			
 
				 subdomain_host = frps.com
			
--- a/models/config/client_common.go
+++ b/models/config/client_common.go
@@ -350,17 +350,16 @@ func (cfg *ClientCommonConf) Check() (err error) {
 
				 
			
 
				 	if cfg.TLSEnable == false {
			
 
				 		if cfg.TLSCertFile != "" {
			
 
				-			fmt.Println("WARNING! Because tls_enable is not true, so tls_cert_file will not make sense")
			
 
				+			fmt.Println("WARNING! tls_cert_file is invalid when tls_enable is false")
			
 
				 		}
			
 
				 
			
 
				 		if cfg.TLSKeyFile != "" {
			
 
				-			fmt.Println("WARNING! Because tls_enable is not true, so tls_key_file will not make sense")
			
 
				+			fmt.Println("WARNING! tls_key_file is invalid when tls_enable is false")
			
 
				 		}
			
 
				 
			
 
				 		if cfg.TLSTrustedCaFile != "" {
			
 
				-			fmt.Println("WARNING! Because tls_enable is not true, so tls_trusted_ca_file will not make sense")
			
 
				+			fmt.Println("WARNING! tls_trusted_ca_file is invalid when tls_enable is false")
			
 
				 		}
			
 
				 	}
			
 
				-
			
 
				 	return
			
 
				 }
			
--- a/models/config/server_common.go
+++ b/models/config/server_common.go
@@ -448,6 +448,7 @@ func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error
 
				 
			
 
				 	if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok {
			
 
				 		cfg.TLSTrustedCaFile = tmpStr
			
 
				+		cfg.TLSOnly = true
			
 
				 	}
			
 
				 
			
 
				 	return
			
@@ -471,12 +472,6 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
 
				 	}
			
 
				 }
			
 
				 
			
 
				-func (cfg *ServerCommonConf) Check() (err error) {
			
 
				-	if cfg.TLSOnly == false {
			
 
				-		if cfg.TLSTrustedCaFile != "" {
			
 
				-			err = fmt.Errorf("Parse conf error: forbidden tls_trusted_ca_file, it only works when tls_only is true")
			
 
				-			return
			
 
				-		}
			
 
				-	}
			
 
				-	return
			
 
				+func (cfg *ServerCommonConf) Check() error {
			
 
				+	return nil
			
 
				 }