Integrity requirements
Description
Bug Report
Version: v26.4.17
OS: Ubuntu 24, Linux amd64
Problem
After upgrading from v26.3.27 to v26.4.17, xray-core fails to start with REALITY inbound.
Error:
Failed to start: main: failed to create server > pattern string does not conform to Letter-Digit-Hyphen (LDH) subset
Cause
The REALITY privateKey is in standard base64url format which may contain underscore _ and dash - characters. These are valid base64url characters but do not conform to LDH subset, which apparently is now being validated in v26.4.17.
Example privateKey that triggers the bug:
aB3_xYz9KqmN2pLvWsRtUcHdEfGhJkMnOpQrStUvWxY
Steps to reproduce
- Generate a REALITY keypair with
xray x25519 (until you get a key containing _)
- Use the privateKey in server config
- Start xray v26.4.17 → fails with LDH error
- Downgrade to v26.3.27 → works fine
Expected behavior
privateKey in base64url format should be accepted as before.
Workaround
Downgrade to v26.3.27.
Reproduction Method
Steps to reproduce
- Generate a REALITY keypair with
xray x25519 (until you get a key containing _)
- Use the privateKey in server config
- Start xray v26.4.17 → fails with LDH error
- Downgrade to v26.3.27 → works fine
Client config
Not applicable
Server config
Not applicable
Client log
Not applicable
Server log
Not applicable
Integrity requirements
Description
Bug Report
Version: v26.4.17
OS: Ubuntu 24, Linux amd64
Problem
After upgrading from v26.3.27 to v26.4.17, xray-core fails to start with REALITY inbound.
Error:
Failed to start: main: failed to create server > pattern string does not conform to Letter-Digit-Hyphen (LDH) subset
Cause
The REALITY privateKey is in standard base64url format which may contain underscore
_and dash-characters. These are valid base64url characters but do not conform to LDH subset, which apparently is now being validated in v26.4.17.Example privateKey that triggers the bug:
aB3_xYz9KqmN2pLvWsRtUcHdEfGhJkMnOpQrStUvWxY
Steps to reproduce
xray x25519(until you get a key containing_)Expected behavior
privateKey in base64url format should be accepted as before.
Workaround
Downgrade to v26.3.27.
Reproduction Method
Steps to reproduce
xray x25519(until you get a key containing_)Client config
Not applicable
Server config
Not applicable
Client log
Not applicable
Server log
Not applicable