feat: websocket support self-signed TLS (#504)

* feat: websocket support self-signed TLS * chore: update release notes * chore: remove unused comments
2025-12-16 19:47:43 +01:00 · 2025-05-14 10:07:49 +08:00
parent 73ac29ef3b
commit c31a4aa52a
4 changed files with 35 additions and 68 deletions
--- a/docs/content.en/docs/release-notes/_index.md
+++ b/docs/content.en/docs/release-notes/_index.md
@@ -22,6 +22,7 @@ Information about release notes of Coco Server is provided here.
 - feat: add `~/Applications` to the search path #493
 - feat: the chat content has added a button to return to the bottom #495
 - feat: the search input box supports multi-line input #501
+- feat: websocket support self-signed TLS #504

 ### 🐛 Bug fix
 - fix: several issues around search #502
--- a/src-tauri/Cargo.lock
+++ b/src-tauri/Cargo.lock
@@ -2613,10 +2613,10 @@ dependencies = [
 "http 1.3.1",
 "hyper 1.6.0",
 "hyper-util",
- "rustls 0.23.27",
+ "rustls",
 "rustls-pki-types",
 "tokio",
- "tokio-rustls 0.26.2",
+ "tokio-rustls",
 "tower-service",
 "webpki-roots 0.26.11",
 ]
@@ -4663,7 +4663,7 @@ dependencies = [
 "quinn-proto",
 "quinn-udp",
 "rustc-hash",
- "rustls 0.23.27",
+ "rustls",
 "socket2",
 "thiserror 2.0.12",
 "tokio",
@@ -4682,7 +4682,7 @@ dependencies = [
 "rand 0.9.1",
 "ring",
 "rustc-hash",
- "rustls 0.23.27",
+ "rustls",
 "rustls-pki-types",
 "slab",
 "thiserror 2.0.12",
@@ -5012,7 +5012,7 @@ dependencies = [
 "percent-encoding",
 "pin-project-lite",
 "quinn",
- "rustls 0.23.27",
+ "rustls",
 "rustls-pemfile",
 "rustls-pki-types",
 "serde",
@@ -5022,7 +5022,7 @@ dependencies = [
 "system-configuration",
 "tokio",
 "tokio-native-tls",
- "tokio-rustls 0.26.2",
+ "tokio-rustls",
 "tokio-util",
 "tower",
 "tower-service",
@@ -5183,18 +5183,6 @@ dependencies = [
 "windows-sys 0.59.0",
 ]

-[[package]]
-name = "rustls"
-version = "0.21.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
-dependencies = [
- "log",
- "ring",
- "rustls-webpki 0.101.7",
- "sct",
-]
-
 [[package]]
 name = "rustls"
 version = "0.23.27"
@@ -5204,7 +5192,7 @@ dependencies = [
 "once_cell",
 "ring",
 "rustls-pki-types",
- "rustls-webpki 0.103.2",
+ "rustls-webpki",
 "subtle",
 "zeroize",
 ]
@@ -5228,16 +5216,6 @@ dependencies = [
 "zeroize",
 ]

-[[package]]
-name = "rustls-webpki"
-version = "0.101.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "rustls-webpki"
 version = "0.103.2"
@@ -5312,16 +5290,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"

-[[package]]
-name = "sct"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "seahash"
 version = "4.1.0"
@@ -6724,23 +6692,13 @@ dependencies = [
 "tokio",
 ]

-[[package]]
-name = "tokio-rustls"
-version = "0.24.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
-dependencies = [
- "rustls 0.21.12",
- "tokio",
-]
-
 [[package]]
 name = "tokio-rustls"
 version = "0.26.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b"
 dependencies = [
- "rustls 0.23.27",
+ "rustls",
 "tokio",
 ]

@@ -6752,11 +6710,10 @@ checksum = "212d5dcb2a1ce06d81107c3d0ffa3121fe974b73f068c8282cb1c32328113b6c"
 dependencies = [
 "futures-util",
 "log",
- "rustls 0.21.12",
+ "native-tls",
 "tokio",
- "tokio-rustls 0.24.1",
+ "tokio-native-tls",
 "tungstenite 0.20.1",
- "webpki-roots 0.25.4",
 ]

 [[package]]
@@ -6767,10 +6724,10 @@ checksum = "7a9daff607c6d2bf6c16fd681ccb7eecc83e4e2cdc1ca067ffaadfca5de7f084"
 dependencies = [
 "futures-util",
 "log",
- "rustls 0.23.27",
+ "rustls",
 "rustls-pki-types",
 "tokio",
- "tokio-rustls 0.26.2",
+ "tokio-rustls",
 "tungstenite 0.26.2",
 "webpki-roots 0.26.11",
 ]
@@ -6955,8 +6912,8 @@ dependencies = [
 "http 0.2.12",
 "httparse",
 "log",
+ "native-tls",
 "rand 0.8.5",
- "rustls 0.21.12",
 "sha1",
 "thiserror 1.0.69",
 "url",
@@ -6993,7 +6950,7 @@ dependencies = [
 "httparse",
 "log",
 "rand 0.9.1",
- "rustls 0.23.27",
+ "rustls",
 "rustls-pki-types",
 "sha1",
 "thiserror 2.0.12",
@@ -7383,12 +7340,6 @@ dependencies = [
 "system-deps 6.2.2",
 ]

-[[package]]
-name = "webpki-roots"
-version = "0.25.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1"
-
 [[package]]
 name = "webpki-roots"
 version = "0.26.11"
--- a/src-tauri/Cargo.toml
+++ b/src-tauri/Cargo.toml
@@ -63,10 +63,9 @@ tauri-plugin-macos-permissions = "2"
 tauri-plugin-fs-pro = "2"
 tauri-plugin-screenshots = "2"
 applications = { git = "https://github.com/infinilabs/applications-rs", rev = "7bb507e6b12f73c96f3a52f0578d0246a689f381" }
-
 tokio-native-tls = "0.3"  # For wss connections
 tokio = { version = "1", features = ["full"] }
-tokio-tungstenite = { version = "0.20", features = ["rustls-tls-webpki-roots"] }
+tokio-tungstenite = { version = "0.20", features = ["native-tls"] }
 hyper = { version = "0.14", features = ["client"] }
 reqwest = { version = "0.12", features = ["json", "multipart"] }
 futures = "0.3.31"
--- a/src-tauri/src/server/websocket.rs
+++ b/src-tauri/src/server/websocket.rs
@@ -5,11 +5,12 @@ use std::sync::Arc;
 use tauri::{AppHandle, Emitter};
 use tokio::net::TcpStream;
 use tokio::sync::{mpsc, Mutex};
+use tokio_tungstenite::tungstenite::client::IntoClientRequest;
 use tokio_tungstenite::tungstenite::handshake::client::generate_key;
 use tokio_tungstenite::tungstenite::Message;
+use tokio_tungstenite::MaybeTlsStream;
 use tokio_tungstenite::WebSocketStream;
-use tokio_tungstenite::{connect_async, MaybeTlsStream};
-
+use tokio_tungstenite::{connect_async_tls_with_config, Connector};
 #[derive(Default)]
 pub struct WebSocketManager {
    connections: Arc<Mutex<HashMap<String, Arc<WebSocketInstance>>>>,
@@ -63,7 +64,22 @@ pub async fn connect_to_server(
        request.headers_mut().insert("X-API-TOKEN", token.parse().unwrap());
    }

-    let (ws_stream, _) = connect_async(request).await.map_err(|e| format!("WebSocket error: {:?}", e))?;
+    let tls_connector = tokio_native_tls::native_tls::TlsConnector::builder()
+        .danger_accept_invalid_certs(true) // 🔥 THIS IGNORES CERT VALIDATION
+        .build()
+        .map_err(|e| format!("TLS build error: {:?}", e))?;
+
+    let connector = Connector::NativeTls(tls_connector.into());
+
+    let (ws_stream, _) = connect_async_tls_with_config(
+        request,
+        None,             // WebSocketConfig
+        true,             // disable_nagle
+        Some(connector),  // Connector
+    )
+        .await
+        .map_err(|e| format!("WebSocket TLS error: {:?}", e))?;
+
    let (cancel_tx, mut cancel_rx) = mpsc::channel(1);

    let instance = Arc::new(WebSocketInstance {