From 3572209cbd60d223e3e47aa17a0ccc17362fffcd Mon Sep 17 00:00:00 2001
From: ari-ahm <154451491+ari-ahm@users.noreply.github.com>
Date: Tue, 23 Dec 2025 12:28:43 +0330
Subject: [PATCH] REALITY client: Clearer log when receiving real certificate
 (#5427)

Co-authored-by: RPRX <63339210+RPRX@users.noreply.github.com>
---
 transport/internet/reality/reality.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/transport/internet/reality/reality.go b/transport/internet/reality/reality.go
index 8cb59342..21b185ea 100644
--- a/transport/internet/reality/reality.go
+++ b/transport/internet/reality/reality.go
@@ -180,11 +180,14 @@ func UClient(c net.Conn, config *Config, ctx context.Context, dest net.Destinati
 		fmt.Printf("REALITY localAddr: %v\tuConn.Verified: %v\n", localAddr, uConn.Verified)
 	}
 	if !uConn.Verified {
+		errors.LogError(ctx, "REALITY: received real certificate (potential MITM or redirection)")
 		go func() {
 			client := &http.Client{
 				Transport: &http2.Transport{
 					DialTLSContext: func(ctx context.Context, network, addr string, cfg *gotls.Config) (net.Conn, error) {
-						fmt.Printf("REALITY localAddr: %v\tDialTLSContext\n", localAddr)
+						if config.Show {
+							fmt.Printf("REALITY localAddr: %v\tDialTLSContext\n", localAddr)
+						}
 						return uConn, nil
 					},
 				},