Fix "Validate TLS Certificates" option for WS and GRPC (#218)

2026-03-25 02:41:07 +01:00 · 2025-05-29 10:02:27 -04:00
parent 085b640b3c
commit bd1986f31f
17 changed files with 124 additions and 66 deletions
--- a/src-tauri/src/http_request.rs
+++ b/src-tauri/src/http_request.rs
@@ -9,9 +9,6 @@ use mime_guess::Mime;
 use reqwest::redirect::Policy;
 use reqwest::{Method, Response};
 use reqwest::{Proxy, Url, multipart};
-use rustls::ClientConfig;
-use rustls::crypto::ring;
-use rustls_platform_verifier::BuilderVerifierExt;
 use serde_json::Value;
 use std::collections::BTreeMap;
 use std::path::PathBuf;
@@ -112,22 +109,8 @@ pub async fn send_http_request<R: Runtime>(
        .referer(false)
        .tls_info(true);

-    if workspace.setting_validate_certificates {
-        // Use platform-native verifier to validate certificates
-        let arc_crypto_provider = Arc::new(ring::default_provider());
-        let config = ClientConfig::builder_with_provider(arc_crypto_provider)
-            .with_safe_default_protocol_versions()
-            .unwrap()
-            .with_platform_verifier()
-            .with_no_client_auth();
-        client_builder = client_builder.use_preconfigured_tls(config)
-    } else {
-        // Use rustls to skip validation because rustls_platform_verifier does not have this ability
-        client_builder = client_builder
-            .use_rustls_tls()
-            .danger_accept_invalid_hostnames(true)
-            .danger_accept_invalid_certs(true);
-    }
+    let tls_config = yaak_http::tls::get_config(workspace.setting_validate_certificates);
+    client_builder = client_builder.use_preconfigured_tls(tls_config);

    match settings.proxy {
        Some(ProxySetting::Disabled) => client_builder = client_builder.no_proxy(),
--- a/src-tauri/src/lib.rs
+++ b/src-tauri/src/lib.rs
@@ -155,6 +155,7 @@ async fn cmd_grpc_reflect<R: Runtime>(

    let base_environment =
        app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
+    let workspace = app_handle.db().get_workspace(&unrendered_request.workspace_id)?;

    let req = render_grpc_request(
        &resolved_request,
@@ -179,6 +180,7 @@ async fn cmd_grpc_reflect<R: Runtime>(
            &uri,
            &proto_files.iter().map(|p| PathBuf::from_str(p).unwrap()).collect(),
            &metadata,
+            workspace.setting_validate_certificates,
        )
        .await
        .map_err(|e| GenericError(e.to_string()))?)
@@ -201,6 +203,7 @@ async fn cmd_grpc_go<R: Runtime>(
    let resolved_request = resolve_grpc_request(&window, &unrendered_request)?;
    let base_environment =
        app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
+    let workspace = app_handle.db().get_workspace(&unrendered_request.workspace_id)?;

    let request = render_grpc_request(
        &resolved_request,
@@ -263,6 +266,7 @@ async fn cmd_grpc_go<R: Runtime>(
            uri.as_str(),
            &proto_files.iter().map(|p| PathBuf::from_str(p).unwrap()).collect(),
            &metadata,
+            workspace.setting_validate_certificates,
        )
        .await;

@@ -296,7 +300,7 @@ async fn cmd_grpc_go<R: Runtime>(
        let cancelled_rx = cancelled_rx.clone();
        let app_handle = app_handle.clone();
        let window = window.clone();
-        let workspace = base_environment.clone();
+        let base_environment = base_environment.clone();
        let environment = environment.clone();
        let base_msg = base_msg.clone();
        let method_desc = method_desc.clone();
@@ -326,7 +330,7 @@ async fn cmd_grpc_go<R: Runtime>(
                        tauri::async_runtime::block_on(async {
                            render_template(
                                msg.as_str(),
-                                &workspace,
+                                &base_environment,
                                environment.as_ref(),
                                &PluginTemplateCallback::new(
                                    &app_handle,