From a611f7d8a75b7e2c9e8bb0c30fbdb09c1bf9042a Mon Sep 17 00:00:00 2001 From: Tunglies <77394545+Tunglies@users.noreply.github.com> Date: Mon, 1 Dec 2025 22:22:26 +0800 Subject: [PATCH] fix: switch reqwest client to use rustls-tls for improved security #5559 --- Changelog.md | 3 ++- src-tauri/Cargo.toml | 2 +- src-tauri/src/cmd/media_unlock_checker/bahamut.rs | 1 + src-tauri/src/cmd/media_unlock_checker/mod.rs | 1 + src-tauri/src/core/backup.rs | 1 + src-tauri/src/utils/network.rs | 1 + 6 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Changelog.md b/Changelog.md index 49055a727..7249ace27 100644 --- a/Changelog.md +++ b/Changelog.md @@ -41,7 +41,8 @@
🚀 优化改进 -- 网络请求使用系统证书,避免服务器证书链路配置缺陷无法导入订阅 +- 网络请求改为使用 rustls,提升 TLS 兼容性 +- rustls 避免因服务器证书链配置问题或较新 TLS 要求导致订阅无法导入 - 替换前端信息编辑组件,提供更好性能 - 优化后端内存和性能表现 - 防止退出时可能的禁用 TUN 失败 diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index 2c10d737d..ac1810f2a 100755 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -63,7 +63,7 @@ once_cell = { version = "1.21.3", features = ["parking_lot"] } port_scanner = "0.1.5" delay_timer = "0.11.6" percent-encoding = "2.3.2" -reqwest = { version = "0.12.24", features = ["json", "cookies", "native-tls"] } +reqwest = { version = "0.12.24", features = ["json", "cookies", "rustls-tls"] } regex = "1.12.2" sysproxy = { git = "https://github.com/clash-verge-rev/sysproxy-rs", features = [ "guard", diff --git a/src-tauri/src/cmd/media_unlock_checker/bahamut.rs b/src-tauri/src/cmd/media_unlock_checker/bahamut.rs index 7a6a83f79..7ac98dc6c 100644 --- a/src-tauri/src/cmd/media_unlock_checker/bahamut.rs +++ b/src-tauri/src/cmd/media_unlock_checker/bahamut.rs @@ -11,6 +11,7 @@ pub(super) async fn check_bahamut_anime(client: &Client) -> UnlockItem { let cookie_store = Arc::new(Jar::default()); let client_with_cookies = match Client::builder() + .use_rustls_tls() .user_agent("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36") .cookie_provider(Arc::clone(&cookie_store)) .build() { diff --git a/src-tauri/src/cmd/media_unlock_checker/mod.rs b/src-tauri/src/cmd/media_unlock_checker/mod.rs index 6cb6389a8..015078b0d 100644 --- a/src-tauri/src/cmd/media_unlock_checker/mod.rs +++ b/src-tauri/src/cmd/media_unlock_checker/mod.rs @@ -42,6 +42,7 @@ pub async fn get_unlock_items() -> Result, String> { #[command] pub async fn check_media_unlock() -> Result, String> { let client = match Client::builder() + .use_rustls_tls() .user_agent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36") .timeout(std::time::Duration::from_secs(30)) .danger_accept_invalid_certs(true) diff --git a/src-tauri/src/core/backup.rs b/src-tauri/src/core/backup.rs index 1303ff7bc..08476d5cc 100644 --- a/src-tauri/src/core/backup.rs +++ b/src-tauri/src/core/backup.rs @@ -114,6 +114,7 @@ impl WebDavClient { let client = reqwest_dav::ClientBuilder::new() .set_agent( reqwest::Client::builder() + .use_rustls_tls() .danger_accept_invalid_certs(true) .timeout(Duration::from_secs(op.timeout())) .user_agent(format!("clash-verge/{APP_VERSION} ({OS} WebDAV-Client)")) diff --git a/src-tauri/src/utils/network.rs b/src-tauri/src/utils/network.rs index d48bb2a6f..c1dbc8576 100644 --- a/src-tauri/src/utils/network.rs +++ b/src-tauri/src/utils/network.rs @@ -110,6 +110,7 @@ impl NetworkManager { timeout_secs: Option, ) -> Result { let mut builder = Client::builder() + .use_rustls_tls() .redirect(reqwest::redirect::Policy::limited(10)) .tcp_keepalive(Duration::from_secs(60)) .pool_max_idle_per_host(0)