fix: 更新 DownloadFile 函数的 HTTP 传输配置，禁用 HTTP/2 并增强 TLS 证书验证

2025-04-10 02:13:41 +08:00 · 2025-04-10 02:13:41 +08:00 · b42b3ca4d3
commit b42b3ca4d3
parent 5b63594110
1 changed files with 12 additions and 9 deletions
--- a/util/url.go
+++ b/util/url.go
@ -74,19 +74,22 @@ func DownloadFile(urlStr string, dirPath string) (filepath string, err error) {

 	// 创建基础传输配置
 	transport := &http.Transport{
-		ForceAttemptHTTP2: true,
+		ForceAttemptHTTP2: false, // 服务器不支持HTTP/2
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: false, // 启用证书验证
+			MinVersion:         tls.VersionTLS12,
+			MaxVersion:         tls.VersionTLS12,
+			CipherSuites: []uint16{
+				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			},
+			NextProtos: []string{"http/1.1"}, // 禁用ALPN协商
+		},
 	}

 	// 如果是腾讯的特定域名，使用特殊的TLS配置
 	if strings.HasSuffix(parsedURL.Host, ".qq.com.cn") {
-		transport.TLSClientConfig = &tls.Config{
-			MinVersion: tls.VersionTLS12,
-			MaxVersion: tls.VersionTLS12,
-			CipherSuites: []uint16{
-				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			},
-		}
-		transport.ForceAttemptHTTP2 = false
+		transport.DisableCompression = true                   // 服务器不支持压缩
+		transport.TLSClientConfig.ServerName = parsedURL.Host // 确保SNI正确
 	}

 	// 创建HTTP客户端