Fix "Validate TLS Certificates" option for WS and GRPC (#218)

This commit is contained in:
Andy Bao
2025-05-29 10:02:27 -04:00
committed by GitHub
parent 085b640b3c
commit bd1986f31f
17 changed files with 124 additions and 66 deletions

View File

@@ -9,8 +9,6 @@ publish = false
futures-util = "0.3.31"
log = "0.4.20"
md5 = "0.7.0"
rustls = { version = "0.23.25", default-features = false, features = ["custom-provider", "ring"] }
rustls-platform-verifier = "0.5.1"
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
tauri = { workspace = true }

View File

@@ -196,6 +196,7 @@ pub(crate) async fn connect<R: Runtime>(
};
let base_environment =
app_handle.db().get_base_environment(&unrendered_request.workspace_id)?;
let workspace = app_handle.db().get_workspace(&unrendered_request.workspace_id)?;
let resolved_request = resolve_websocket_request(&window, &unrendered_request)?;
let request = render_websocket_request(
&resolved_request,
@@ -298,7 +299,13 @@ pub(crate) async fn connect<R: Runtime>(
}
}
let response = match ws_manager.connect(&connection.id, url.as_str(), headers, receive_tx).await
let response = match ws_manager.connect(
&connection.id,
url.as_str(),
headers,
receive_tx,
workspace.setting_validate_certificates,
).await
{
Ok(r) => r,
Err(e) => {

View File

@@ -1,7 +1,4 @@
use log::info;
use rustls::crypto::ring;
use rustls::ClientConfig;
use rustls_platform_verifier::BuilderVerifierExt;
use std::sync::Arc;
use tauri::http::HeaderMap;
use tokio::net::TcpStream;
@@ -16,14 +13,10 @@ use tokio_tungstenite::{
pub(crate) async fn ws_connect(
url: &str,
headers: HeaderMap<HeaderValue>,
validate_certificates: bool,
) -> crate::error::Result<(WebSocketStream<MaybeTlsStream<TcpStream>>, Response)> {
info!("Connecting to WS {url}");
let arc_crypto_provider = Arc::new(ring::default_provider());
let config = ClientConfig::builder_with_provider(arc_crypto_provider)
.with_safe_default_protocol_versions()
.unwrap()
.with_platform_verifier()
.with_no_client_auth();
let tls_config = yaak_http::tls::get_config(validate_certificates);
let mut req = url.into_client_request()?;
let req_headers = req.headers_mut();
@@ -37,7 +30,7 @@ pub(crate) async fn ws_connect(
req,
Some(WebSocketConfig::default()),
false,
Some(Connector::Rustls(Arc::new(config))),
Some(Connector::Rustls(Arc::new(tls_config))),
)
.await?;
Ok((stream, response))

View File

@@ -31,12 +31,13 @@ impl WebsocketManager {
url: &str,
headers: HeaderMap<HeaderValue>,
receive_tx: mpsc::Sender<Message>,
validate_certificates: bool,
) -> Result<Response> {
let connections = self.connections.clone();
let connection_id = id.to_string();
let tx = receive_tx.clone();
let (stream, response) = ws_connect(url, headers).await?;
let (stream, response) = ws_connect(url, headers, validate_certificates).await?;
let (write, mut read) = stream.split();
connections.lock().await.insert(id.to_string(), write);