tls: support certificate verify.

etc/smartdns/smartdns.conf

@@ -112,6 +112,14 @@ log-level info
 # audit-size 128k
 # audit-num 2
 
+# certificate file
+# ca-file [file]
+# ca-file /etc/ssl/certs/ca-certificates.crt
+
+# certificate path
+# ca-path [path]
+# ca-path /etc/ss/certs
+
 # remote udp dns server list
 # server [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-check-edns] [-group [group] ...] [-exclude-default-group]
 # default port is 53
@@ -130,8 +138,9 @@ log-level info
 # remote tls dns server list
 # server-tls [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
 #   -spki-pin: TLS spki pin to verify.
-#   -tls-host-check: cert hostname to verify.
+#   -tls-host-verify: cert hostname to verify.
 #   -host-name: TLS sni hostname.
+#   -no-check-certificate: no check certificate.
 # Get SPKI with this command:
 #    echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
 # default port is 853
@@ -141,9 +150,10 @@ log-level info
 # remote https dns server list
 # server-https https://[host]:[port]/path [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
 #   -spki-pin: TLS spki pin to verify.
-#   -tls-host-check: cert hostname to verify.
+#   -tls-host-verify: cert hostname to verify.
 #   -host-name: TLS sni hostname.
 #   -http-host: http host.
+#   -no-check-certificate: no check certificate.
 # default port is 443
 # server-https https://cloudflare-dns.com/dns-query