diff --git a/FastGithub.ReverseProxy/HttpClientHanlder.cs b/FastGithub.ReverseProxy/HttpClientHanlder.cs
index 2e2c18a..455ac3f 100644
--- a/FastGithub.ReverseProxy/HttpClientHanlder.cs
+++ b/FastGithub.ReverseProxy/HttpClientHanlder.cs
@@ -2,6 +2,7 @@
 using System.Net.Http;
 using System.Net.Security;
 using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
 using System.Threading;
 using System.Threading.Tasks;
 
@@ -51,9 +52,15 @@ namespace FastGithub.ReverseProxy
                     await sslStream.AuthenticateAsClientAsync(new SslClientAuthenticationOptions
                     {
                         TargetHost = tlsSniContext.TlsSniPattern.Value,
-                        RemoteCertificateValidationCallback = delegate { return true; }
+                        RemoteCertificateValidationCallback = ValidateServerCertificate
                     }, cancellationToken);
                     return sslStream;
+
+                    // 这里最好需要验证证书的使用者和所有使用者可选名称
+                    static bool ValidateServerCertificate(object sender, X509Certificate? cert, X509Chain? chain, SslPolicyErrors errors)
+                    {
+                        return errors == SslPolicyErrors.None || errors == SslPolicyErrors.RemoteCertificateNameMismatch;
+                    }
                 }
             };
         }