Remove certificate_public_key_sha256 for naive

2026-04-14 04:38:28 +10:00 · 2025-12-19 17:32:55 +08:00
parent dda91d50bd
commit d8a15ecddf
7 changed files with 94 additions and 194 deletions
--- a/.github/CRONET_GO_VERSION
+++ b/.github/CRONET_GO_VERSION
@@ -1 +1 @@
-446096b34fb07e86541d927be26f8e5c42d41b4a
+5e61220bb2d22453eb6d105077c88c8ab1e1c3b2
--- a/docs/configuration/outbound/naive.md
+++ b/docs/configuration/outbound/naive.md
@@ -105,7 +105,9 @@ QUIC congestion control algorithm.

 TLS configuration, see [TLS](/configuration/shared/tls/#outbound).

-Only `server_name`, `certificate`, `certificate_path`, `certificate_public_key_sha256` and `ech` are supported.
+Only `server_name`, `certificate`, `certificate_path` and `ech` are supported.
+
+Self-signed certificates change traffic behavior significantly, which defeats the purpose of NaiveProxy's design to resist traffic analysis, and should not be used in production.

 ### Dial Fields

--- a/docs/configuration/outbound/naive.zh.md
+++ b/docs/configuration/outbound/naive.zh.md
@@ -105,7 +105,9 @@ QUIC 拥塞控制算法。

 TLS 配置, 参阅 [TLS](/zh/configuration/shared/tls/#outbound)。

-只有 `server_name`、`certificate`、`certificate_path`、`certificate_public_key_sha256` 和 `ech` 是被支持的。
+只有 `server_name`、`certificate`、`certificate_path` 和 `ech` 是被支持的。
+
+自签名证书会显著改变流量行为，违背了 NaiveProxy 旨在抵抗流量分析的设计初衷，不应该在生产环境中使用。

 ### 拨号字段

--- a/go.mod
+++ b/go.mod
@@ -26,8 +26,8 @@ require (
 	github.com/sagernet/asc-go v0.0.0-20241217030726-d563060fe4e1
 	github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a
 	github.com/sagernet/cors v1.2.1
-	github.com/sagernet/cronet-go v0.0.0-20251218041957-eeb28f1dba2f
-	github.com/sagernet/cronet-go/all v0.0.0-20251218041957-eeb28f1dba2f
+	github.com/sagernet/cronet-go v0.0.0-20251219080614-460b6a5fb79d
+	github.com/sagernet/cronet-go/all v0.0.0-20251219080614-460b6a5fb79d
 	github.com/sagernet/fswatch v0.1.1
 	github.com/sagernet/gomobile v0.1.10
 	github.com/sagernet/gvisor v0.0.0-20250811.0-sing-box-mod.1
@@ -108,28 +108,28 @@ require (
 	github.com/prometheus-community/pro-bing v0.4.0 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/safchain/ethtool v0.3.0 // indirect
-	github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
-	github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251218041530-c2a431c5f1f7 // indirect
+	github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251219080137-fbc9bf07b76b // indirect
+	github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251219080137-fbc9bf07b76b // indirect
 	github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a // indirect
 	github.com/sagernet/nftables v0.3.0-beta.4 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
--- a/go.sum
+++ b/go.sum
@@ -154,54 +154,54 @@ github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a h1:+NkI2670SQpQWvkk
 github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a/go.mod h1:63s7jpZqcDAIpj8oI/1v4Izok+npJOHACFCU6+huCkM=
 github.com/sagernet/cors v1.2.1 h1:Cv5Z8y9YSD6Gm+qSpNrL3LO4lD3eQVvbFYJSG7JCMHQ=
 github.com/sagernet/cors v1.2.1/go.mod h1:O64VyOjjhrkLmQIjF4KGRrJO/5dVXFdpEmCW/eISRAI=
-github.com/sagernet/cronet-go v0.0.0-20251218041957-eeb28f1dba2f h1:WTHyVtd9nNZ4VB20aja31e0ZXXGrVlssAanJJBMc5BU=
-github.com/sagernet/cronet-go v0.0.0-20251218041957-eeb28f1dba2f/go.mod h1:hwFHBEjjthyEquDULbr4c4ucMedp8Drb6Jvm2kt/0Bw=
-github.com/sagernet/cronet-go/all v0.0.0-20251218041957-eeb28f1dba2f h1:qupezSQEMraq2yajI4HrWf9h9rY7RESUYbYHRRd49FY=
-github.com/sagernet/cronet-go/all v0.0.0-20251218041957-eeb28f1dba2f/go.mod h1:onaFo5hJh1KsvuxkYTFLokh0Yx2oBh9J3yvFTnFB1Fc=
-github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251218041530-c2a431c5f1f7 h1:jmDdDxVFN/W+pX/QRHYR6jFu5gosRPNSSPemGmchHpM=
-github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:XXDwdjX/T8xftoeJxQmbBoYXZp8MAPFR2CwbFuTpEtw=
-github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251218041530-c2a431c5f1f7 h1:zQeDQJg2YZSlmR5+mYV4KyqIWwe+SH5hnxTO4EalDwA=
-github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:iNiUGoLtnr8/JTuVNj7XJbmpOAp2C6+B81KDrPxwaZM=
-github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251218041530-c2a431c5f1f7 h1:85ck9+7Ftj+J3RO1uusn1Y3EXRLX9Dy0WIK/ZjRlQok=
-github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:19ILNUOGIzRdOqa2mq+iY0JoHxuieB7/lnjYeaA2vEc=
-github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:D//nc8RxHp7tTKcIYYQZ80wQBwxlCJv6HpkrCkqIVRo=
-github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:JxzGyQf94Cr6sBShKqODGDyRUlESfJK/Njcz9Lz6qMQ=
-github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251218041530-c2a431c5f1f7 h1:wwrQCcrwnHSY/Y4cy8JCiZLzuWXM8tENphhJtFplh0c=
-github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:KN+9T9TBycGOLzmKU4QdcHAJEj6Nlx48ifnlTvvHMvs=
-github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:Q52ojQVXk9f6Z+EWHWv+SJajNF56bVvgMyQP/7WV2TI=
-github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:kojvtUc29KKnk8hs2QIANynVR59921SnGWA9kXohHc0=
-github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7 h1:UzXQ09sZQZDlsZvWd4SAhtaF0RMxAVg4TEYsRNMutjU=
-github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:hkQzRE5GDbaH1/ioqYh0Taho4L6i0yLRCVEZ5xHz5M0=
-github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:sjSknfRi3fMJqwHW4pNL64SGq7Y5XIm4pz5Ds21hvKw=
-github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:tzVJFTOm66UxLxy6K0ZN5Ic2PC79e+sKKnt+V9puEa4=
-github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7 h1:uxb8pqzB4KH7ai6MocOWQPu3/+BAYISSIMPHWs0wtrQ=
-github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:M/pN6m3j0HFU6/y83n0HU6GLYys3tYdr/xTE8hVEGMo=
-github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251218041530-c2a431c5f1f7 h1:uV78fIQ2XdVQUzowiafKP2fs+rGlkI+9u7l1cBMlQlc=
-github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:cGh5hO6eljCo6KMQ/Cel8Xgq4+etL0awZLRBDVG1EZQ=
-github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251218041530-c2a431c5f1f7 h1:6d87Pvio5dpWakic3SNBVTwTlt8ZnvL1GWPPeY2xSLs=
-github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:JFE0/cxaKkx0wqPMZU7MgaplQlU0zudv82dROJjClKU=
-github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251218041530-c2a431c5f1f7 h1:tc3GdN9pAfZqdfb55DmtUSXEuKuecWNYSD/+4jclXmo=
-github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:vU8VftFeSt7fURCa3JXD6+k6ss1YAX+idQjPvHmJ2tI=
-github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251218041530-c2a431c5f1f7 h1:W5fN1B1wYgnh7Y5Nw+MgcDjsvdPvEPAGe27iemq2LJs=
-github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:vCe4OUuL+XOUge9v3MyTD45BnuAXiH+DkjN9quDXJzQ=
-github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251218041530-c2a431c5f1f7 h1:xfNH8CO8p2W8rtVFgyv8kiAkzoSArW6+h2s/p5ZNvP8=
-github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:w9amBWrvjtohQzBGCKJ7LCh22LhTIJs4sE7cYaKQzM0=
-github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:1mkhgxLOh1pPjBLgC/GK3Rhhinz0254OjGJRrivVhQ8=
-github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:TqlsFtcYS/etTeck46kHBeT8Le0Igw1Q/AV88UnMS3s=
-github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251218041530-c2a431c5f1f7 h1:zf252WwVhJYduTDBXvkBKdwSU+Ce0OToQzvy5SwPS3c=
-github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:B6Qd0vys8sv9OKVRN6J9RqDzYRGE938Fb2zrYdBDyTQ=
-github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251218041530-c2a431c5f1f7 h1:Nhkn2M2UsGe0hr6qOgNKvGKgAbo6EfWQto+YjlNWGqg=
-github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:3tXMMFY7AHugOVBZ5Al7cL7JKsnFOe5bMVr0hZPk3ow=
-github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7 h1:HSvWFyBDLC7grFuSwBSIaxLI/MVpe/w4qJJAWAZsBxc=
-github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:aaX0YGl8nhGmfRWI8bc3BtDjY8Vzx6O0cS/e1uqxDq4=
-github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:PJa1fhmbXWXCYk07DZhqzjP2u9rM/cnS0A1aaPU56pY=
-github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:EdzMKA96xITc42QEI+ct4SwqX8Dn3ltKK8wzdkLWpSc=
-github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7 h1:Tpskq8p8boYHkBya18ythhgWTMv8gFsseGk55MFW+/k=
-github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:qix4kv1TTAJ5tY4lJ9vjhe9EY4mM+B7H5giOhbxDVcc=
-github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251218041530-c2a431c5f1f7 h1:qjB64lzTP0ROuk9GCCwsNQ9ca37nIr75iOyc2vuGFQg=
-github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:lm9w/oCCRyBiUa3G8lDQTT8x/ONUvgVR2iV9fVzUZB8=
-github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251218041530-c2a431c5f1f7 h1:GDJjygR/HLWOzwAs0RjhvqN6d1rUm7WiDAmHNe8gRAM=
-github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251218041530-c2a431c5f1f7/go.mod h1:n34YyLgapgjWdKa0IoeczjAFCwD3/dxbsH5sucKw0bw=
+github.com/sagernet/cronet-go v0.0.0-20251219080614-460b6a5fb79d h1:Wfs4UEnHE3d0hHHG1NedCCwU2lUVlsgKblBGuOps8k4=
+github.com/sagernet/cronet-go v0.0.0-20251219080614-460b6a5fb79d/go.mod h1:hwFHBEjjthyEquDULbr4c4ucMedp8Drb6Jvm2kt/0Bw=
+github.com/sagernet/cronet-go/all v0.0.0-20251219080614-460b6a5fb79d h1:DZy1I3zKP5bRaFGDYStZWAXrtlxn3W4ONbFUD027sw8=
+github.com/sagernet/cronet-go/all v0.0.0-20251219080614-460b6a5fb79d/go.mod h1:eKeQLIddaQGZD2/jc0t+AdTnHve3Yo+uMujwgNOCfz0=
+github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251219080137-fbc9bf07b76b h1:+WRqXRiHEom7+lZUEA4qPVfNQB7Rx4++6JEN8cd5CgQ=
+github.com/sagernet/cronet-go/lib/android_386 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:XXDwdjX/T8xftoeJxQmbBoYXZp8MAPFR2CwbFuTpEtw=
+github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251219080137-fbc9bf07b76b h1:ofD/ZwijuG5ccz0afLcvbfssIG+q/Bp8A2sziYYlJ28=
+github.com/sagernet/cronet-go/lib/android_amd64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:iNiUGoLtnr8/JTuVNj7XJbmpOAp2C6+B81KDrPxwaZM=
+github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251219080137-fbc9bf07b76b h1:m3Hv8Hs6x6JdFNe93nzh1XhdZ7DmkfOKheloDmQmGQo=
+github.com/sagernet/cronet-go/lib/android_arm v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:19ILNUOGIzRdOqa2mq+iY0JoHxuieB7/lnjYeaA2vEc=
+github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:gA8bzjowa5Lmih+hBjjh6xsjghmGTIojKNtPzVDG93A=
+github.com/sagernet/cronet-go/lib/android_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:JxzGyQf94Cr6sBShKqODGDyRUlESfJK/Njcz9Lz6qMQ=
+github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251219080137-fbc9bf07b76b h1:0ASeUCDj66dAHaCU/HkgbuSm/1co+yHbrq13BokW/us=
+github.com/sagernet/cronet-go/lib/darwin_amd64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:KN+9T9TBycGOLzmKU4QdcHAJEj6Nlx48ifnlTvvHMvs=
+github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:NsbDT3L2pLS0Qsh0MPEn+IPkL33XoL7eFs56EA0jBeo=
+github.com/sagernet/cronet-go/lib/darwin_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:kojvtUc29KKnk8hs2QIANynVR59921SnGWA9kXohHc0=
+github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b h1:hIMIG2AuF3n9yelPvfUB3jyW2vWJnPiJfhE3hGUGJDk=
+github.com/sagernet/cronet-go/lib/ios_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:hkQzRE5GDbaH1/ioqYh0Taho4L6i0yLRCVEZ5xHz5M0=
+github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:/l1dS38ijnn0IHtAdFH3Y8cahAGw6ii0TYow0jUNBGM=
+github.com/sagernet/cronet-go/lib/ios_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:tzVJFTOm66UxLxy6K0ZN5Ic2PC79e+sKKnt+V9puEa4=
+github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b h1:m29qbSNfdNuTYEgTkph9TQUIyu7wIrY3PAvbgl23OjA=
+github.com/sagernet/cronet-go/lib/ios_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:M/pN6m3j0HFU6/y83n0HU6GLYys3tYdr/xTE8hVEGMo=
+github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251219080137-fbc9bf07b76b h1:mmOPED30mKTr0DucTYQeJBHtjAgvBO7huwdG3gL6Gyw=
+github.com/sagernet/cronet-go/lib/linux_386 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:cGh5hO6eljCo6KMQ/Cel8Xgq4+etL0awZLRBDVG1EZQ=
+github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251219080137-fbc9bf07b76b h1:y7V2c5QwMY07ME/M+cI/W1ZNw2QFT2oMw99GaPtK0MY=
+github.com/sagernet/cronet-go/lib/linux_386_musl v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:JFE0/cxaKkx0wqPMZU7MgaplQlU0zudv82dROJjClKU=
+github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251219080137-fbc9bf07b76b h1:txNHLfT1miemCZgCrtrA+eTbGfsfN46wHIpOShALNzI=
+github.com/sagernet/cronet-go/lib/linux_amd64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:vU8VftFeSt7fURCa3JXD6+k6ss1YAX+idQjPvHmJ2tI=
+github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251219080137-fbc9bf07b76b h1:FVPZ3TKAoIeM1hTCqUn0D7gHx6rDkKqhx+E8yaYNbXI=
+github.com/sagernet/cronet-go/lib/linux_amd64_musl v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:vCe4OUuL+XOUge9v3MyTD45BnuAXiH+DkjN9quDXJzQ=
+github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251219080137-fbc9bf07b76b h1:4ei7Sz97XCFXh+FUi2cKGHrhqD0A8lxdjZxST7NzDrQ=
+github.com/sagernet/cronet-go/lib/linux_arm v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:w9amBWrvjtohQzBGCKJ7LCh22LhTIJs4sE7cYaKQzM0=
+github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:W0SrTDGPaKfcgjiZDkYeWqpICeVkwydaa228znP4q2c=
+github.com/sagernet/cronet-go/lib/linux_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:TqlsFtcYS/etTeck46kHBeT8Le0Igw1Q/AV88UnMS3s=
+github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251219080137-fbc9bf07b76b h1:WD7V83I/FDatR0zXq6gSxh8gGZCD+fUZjLb1f+OVuF0=
+github.com/sagernet/cronet-go/lib/linux_arm64_musl v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:B6Qd0vys8sv9OKVRN6J9RqDzYRGE938Fb2zrYdBDyTQ=
+github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251219080137-fbc9bf07b76b h1:M1V7j6Bke+v9aXeEK/NcWqoPwl84h97fmL3XSJJmNJw=
+github.com/sagernet/cronet-go/lib/linux_arm_musl v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:3tXMMFY7AHugOVBZ5Al7cL7JKsnFOe5bMVr0hZPk3ow=
+github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b h1:DmLB0sgGw7vNao08a7NJ0xMJbZpeL49rAphknfRRs5I=
+github.com/sagernet/cronet-go/lib/tvos_amd64_simulator v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:aaX0YGl8nhGmfRWI8bc3BtDjY8Vzx6O0cS/e1uqxDq4=
+github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:j8tKUY2VVnK/RxIvX75G/nLGu53to6LaDRH/NTzyLDw=
+github.com/sagernet/cronet-go/lib/tvos_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:EdzMKA96xITc42QEI+ct4SwqX8Dn3ltKK8wzdkLWpSc=
+github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b h1:+1hjEBE2hUGUxDKtNg+gBYYCHXPQao273PjimC67v38=
+github.com/sagernet/cronet-go/lib/tvos_arm64_simulator v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:qix4kv1TTAJ5tY4lJ9vjhe9EY4mM+B7H5giOhbxDVcc=
+github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251219080137-fbc9bf07b76b h1:22Jx/y6cz2lVeUwbN/lmNOUjhEWYpohGEYpW/zdDcBk=
+github.com/sagernet/cronet-go/lib/windows_amd64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:lm9w/oCCRyBiUa3G8lDQTT8x/ONUvgVR2iV9fVzUZB8=
+github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251219080137-fbc9bf07b76b h1:7juUKsCbreYSP8gALPf45kut0zdSpZXrk2TLIwQ2zOo=
+github.com/sagernet/cronet-go/lib/windows_arm64 v0.0.0-20251219080137-fbc9bf07b76b/go.mod h1:n34YyLgapgjWdKa0IoeczjAFCwD3/dxbsH5sucKw0bw=
 github.com/sagernet/fswatch v0.1.1 h1:YqID+93B7VRfqIH3PArW/XpJv5H4OLEVWDfProGoRQs=
 github.com/sagernet/fswatch v0.1.1/go.mod h1:nz85laH0mkQqJfaOrqPpkwtU1znMFNVTpT/5oRsVz/o=
 github.com/sagernet/gomobile v0.1.10 h1:ElqZ0OVDvyQlU91MU0C9cfU0FrILBbc65+NOKzZ1t0c=
--- a/protocol/naive/outbound.go
+++ b/protocol/naive/outbound.go
@@ -176,22 +176,21 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 		return nil, E.New("unknown quic congestion control: ", options.QUICCongestionControl)
 	}
 	client, err := cronet.NewNaiveClient(cronet.NaiveClientConfig{
-		Context:                           ctx,
-		ServerAddress:                     serverAddress,
-		ServerName:                        serverName,
-		Username:                          options.Username,
-		Password:                          options.Password,
-		InsecureConcurrency:               options.InsecureConcurrency,
-		ExtraHeaders:                      extraHeaders,
-		TrustedRootCertificates:           trustedRootCertificates,
-		TrustedCertificatePublicKeySHA256: options.TLS.CertificatePublicKeySHA256,
-		Dialer:                            outboundDialer,
-		DNSResolver:                       dnsResolver,
-		ECHEnabled:                        echEnabled,
-		ECHConfigList:                     echConfigList,
-		ECHQueryServerName:                echQueryServerName,
-		QUIC:                              options.QUIC,
-		QUICCongestionControl:             quicCongestionControl,
+		Context:                 ctx,
+		ServerAddress:           serverAddress,
+		ServerName:              serverName,
+		Username:                options.Username,
+		Password:                options.Password,
+		InsecureConcurrency:     options.InsecureConcurrency,
+		ExtraHeaders:            extraHeaders,
+		TrustedRootCertificates: trustedRootCertificates,
+		Dialer:                  outboundDialer,
+		DNSResolver:             dnsResolver,
+		ECHEnabled:              echEnabled,
+		ECHConfigList:           echConfigList,
+		ECHQueryServerName:      echQueryServerName,
+		QUIC:                    options.QUIC,
+		QUICCongestionControl:   quicCongestionControl,
 	})
 	if err != nil {
 		return nil, err
--- a/test/naive_self_test.go
+++ b/test/naive_self_test.go
@@ -1,9 +1,6 @@
 package main

 import (
-	"crypto/sha256"
-	"crypto/x509"
-	"encoding/pem"
 	"net/netip"
 	"os"
 	"strings"
@@ -109,106 +106,6 @@ func TestNaiveSelf(t *testing.T) {
 	testTCP(t, clientPort, testPort)
 }

-func TestNaiveSelfPublicKeySHA256(t *testing.T) {
-	_, certPem, keyPem := createSelfSignedCertificate(t, "example.org")
-
-	// Read and parse the server certificate to get its public key SHA256
-	certPemContent, err := os.ReadFile(certPem)
-	require.NoError(t, err)
-	block, _ := pem.Decode(certPemContent)
-	require.NotNil(t, block)
-	cert, err := x509.ParseCertificate(block.Bytes)
-	require.NoError(t, err)
-
-	// Calculate SHA256 of SPKI (Subject Public Key Info)
-	spkiBytes, err := x509.MarshalPKIXPublicKey(cert.PublicKey)
-	require.NoError(t, err)
-	pinHash := sha256.Sum256(spkiBytes)
-
-	startInstance(t, option.Options{
-		Inbounds: []option.Inbound{
-			{
-				Type: C.TypeMixed,
-				Tag:  "mixed-in",
-				Options: &option.HTTPMixedInboundOptions{
-					ListenOptions: option.ListenOptions{
-						Listen:     common.Ptr(badoption.Addr(netip.IPv4Unspecified())),
-						ListenPort: clientPort,
-					},
-				},
-			},
-			{
-				Type: C.TypeNaive,
-				Tag:  "naive-in",
-				Options: &option.NaiveInboundOptions{
-					ListenOptions: option.ListenOptions{
-						Listen:     common.Ptr(badoption.Addr(netip.IPv4Unspecified())),
-						ListenPort: serverPort,
-					},
-					Users: []auth.User{
-						{
-							Username: "sekai",
-							Password: "password",
-						},
-					},
-					Network: network.NetworkTCP,
-					InboundTLSOptionsContainer: option.InboundTLSOptionsContainer{
-						TLS: &option.InboundTLSOptions{
-							Enabled:         true,
-							ServerName:      "example.org",
-							CertificatePath: certPem,
-							KeyPath:         keyPem,
-						},
-					},
-				},
-			},
-		},
-		Outbounds: []option.Outbound{
-			{
-				Type: C.TypeDirect,
-			},
-			{
-				Type: C.TypeNaive,
-				Tag:  "naive-out",
-				Options: &option.NaiveOutboundOptions{
-					ServerOptions: option.ServerOptions{
-						Server:     "127.0.0.1",
-						ServerPort: serverPort,
-					},
-					Username: "sekai",
-					Password: "password",
-					OutboundTLSOptionsContainer: option.OutboundTLSOptionsContainer{
-						TLS: &option.OutboundTLSOptions{
-							Enabled:                    true,
-							ServerName:                 "example.org",
-							CertificatePublicKeySHA256: [][]byte{pinHash[:]},
-						},
-					},
-				},
-			},
-		},
-		Route: &option.RouteOptions{
-			Rules: []option.Rule{
-				{
-					Type: C.RuleTypeDefault,
-					DefaultOptions: option.DefaultRule{
-						RawDefaultRule: option.RawDefaultRule{
-							Inbound: []string{"mixed-in"},
-						},
-						RuleAction: option.RuleAction{
-							Action: C.RuleActionTypeRoute,
-							RouteOptions: option.RouteActionOptions{
-								Outbound: "naive-out",
-							},
-						},
-					},
-				},
-			},
-		},
-	})
-	testTCP(t, clientPort, testPort)
-}
-
 func TestNaiveSelfECH(t *testing.T) {
 	caPem, certPem, keyPem := createSelfSignedCertificate(t, "example.org")
 	caPemContent, err := os.ReadFile(caPem)