Fix "Validate TLS Certificates" option for WS and GRPC (#218)

2026-04-23 09:08:32 +02:00 · 2025-05-29 10:02:27 -04:00
parent 085b640b3c
commit bd1986f31f
17 changed files with 124 additions and 66 deletions
--- a/src-tauri/yaak-ws/Cargo.toml
+++ b/src-tauri/yaak-ws/Cargo.toml
@@ -9,8 +9,6 @@ publish = false
 futures-util = "0.3.31"
 log = "0.4.20"
 md5 = "0.7.0"
-rustls = { version = "0.23.25", default-features = false, features = ["custom-provider", "ring"] }
-rustls-platform-verifier = "0.5.1"
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 tauri = { workspace = true }
--- a/src-tauri/yaak-ws/src/commands.rs
+++ b/src-tauri/yaak-ws/src/commands.rs
@@ -196,6 +196,7 @@ pub(crate) async fn connect<R: Runtime>(
    };
    let base_environment =
        app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
+    let workspace = app_handle.db().get_workspace(&unrendered_request.workspace_id)?;
    let resolved_request = resolve_websocket_request(&window, &unrendered_request)?;
    let request = render_websocket_request(
        &resolved_request,
@@ -298,7 +299,13 @@ pub(crate) async fn connect<R: Runtime>(
        }
    }

-    let response = match ws_manager.connect(&connection.id, url.as_str(), headers, receive_tx).await
+    let response = match ws_manager.connect(
+        &connection.id,
+        url.as_str(),
+        headers,
+        receive_tx,
+        workspace.setting_validate_certificates,
+    ).await
    {
        Ok(r) => r,
        Err(e) => {
--- a/src-tauri/yaak-ws/src/connect.rs
+++ b/src-tauri/yaak-ws/src/connect.rs
@@ -1,7 +1,4 @@
 use log::info;
-use rustls::crypto::ring;
-use rustls::ClientConfig;
-use rustls_platform_verifier::BuilderVerifierExt;
 use std::sync::Arc;
 use tauri::http::HeaderMap;
 use tokio::net::TcpStream;
@@ -16,14 +13,10 @@ use tokio_tungstenite::{
 pub(crate) async fn ws_connect(
    url: &str,
    headers: HeaderMap<HeaderValue>,
+    validate_certificates: bool,
 ) -> crate::error::Result<(WebSocketStream<MaybeTlsStream<TcpStream>>, Response)> {
    info!("Connecting to WS {url}");
-    let arc_crypto_provider = Arc::new(ring::default_provider());
-    let config = ClientConfig::builder_with_provider(arc_crypto_provider)
-        .with_safe_default_protocol_versions()
-        .unwrap()
-        .with_platform_verifier()
-        .with_no_client_auth();
+    let tls_config = yaak_http::tls::get_config(validate_certificates);

    let mut req = url.into_client_request()?;
    let req_headers = req.headers_mut();
@@ -37,7 +30,7 @@ pub(crate) async fn ws_connect(
        req,
        Some(WebSocketConfig::default()),
        false,
-        Some(Connector::Rustls(Arc::new(config))),
+        Some(Connector::Rustls(Arc::new(tls_config))),
    )
    .await?;
    Ok((stream, response))
--- a/src-tauri/yaak-ws/src/manager.rs
+++ b/src-tauri/yaak-ws/src/manager.rs
@@ -31,12 +31,13 @@ impl WebsocketManager {
        url: &str,
        headers: HeaderMap<HeaderValue>,
        receive_tx: mpsc::Sender<Message>,
+        validate_certificates: bool,
    ) -> Result<Response> {
        let connections = self.connections.clone();
        let connection_id = id.to_string();
        let tx = receive_tx.clone();

-        let (stream, response) = ws_connect(url, headers).await?;
+        let (stream, response) = ws_connect(url, headers, validate_certificates).await?;
        let (write, mut read) = stream.split();

        connections.lock().await.insert(id.to_string(), write);