fix: switch reqwest client to use rustls-tls for improved security #5559

2026-01-29 17:15:38 +08:00 · 2025-12-01 22:22:26 +08:00
parent d5f1af91f1
commit a611f7d8a7
6 changed files with 7 additions and 2 deletions
--- a/Changelog.md
+++ b/Changelog.md
@@ -41,7 +41,8 @@
 <details>
 <summary><strong> 🚀 优化改进 </strong></summary>

- 网络请求使用系统证书，避免服务器证书链路配置缺陷无法导入订阅
+- 网络请求改为使用 rustls，提升 TLS 兼容性
+- rustls 避免因服务器证书链配置问题或较新 TLS 要求导致订阅无法导入
 - 替换前端信息编辑组件，提供更好性能
 - 优化后端内存和性能表现
 - 防止退出时可能的禁用 TUN 失败
--- a/src-tauri/Cargo.toml
+++ b/src-tauri/Cargo.toml
@@ -63,7 +63,7 @@ once_cell = { version = "1.21.3", features = ["parking_lot"] }
 port_scanner = "0.1.5"
 delay_timer = "0.11.6"
 percent-encoding = "2.3.2"
-reqwest = { version = "0.12.24", features = ["json", "cookies", "native-tls"] }
+reqwest = { version = "0.12.24", features = ["json", "cookies", "rustls-tls"] }
 regex = "1.12.2"
 sysproxy = { git = "https://github.com/clash-verge-rev/sysproxy-rs", features = [
  "guard",
--- a/src-tauri/src/cmd/media_unlock_checker/bahamut.rs
+++ b/src-tauri/src/cmd/media_unlock_checker/bahamut.rs
@@ -11,6 +11,7 @@ pub(super) async fn check_bahamut_anime(client: &Client) -> UnlockItem {
    let cookie_store = Arc::new(Jar::default());

    let client_with_cookies = match Client::builder()
+        .use_rustls_tls()
        .user_agent("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36")
        .cookie_provider(Arc::clone(&cookie_store))
        .build() {
--- a/src-tauri/src/cmd/media_unlock_checker/mod.rs
+++ b/src-tauri/src/cmd/media_unlock_checker/mod.rs
@@ -42,6 +42,7 @@ pub async fn get_unlock_items() -> Result<Vec<UnlockItem>, String> {
 #[command]
 pub async fn check_media_unlock() -> Result<Vec<UnlockItem>, String> {
    let client = match Client::builder()
+        .use_rustls_tls()
        .user_agent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36")
        .timeout(std::time::Duration::from_secs(30))
        .danger_accept_invalid_certs(true)
--- a/src-tauri/src/core/backup.rs
+++ b/src-tauri/src/core/backup.rs
@@ -114,6 +114,7 @@ impl WebDavClient {
        let client = reqwest_dav::ClientBuilder::new()
            .set_agent(
                reqwest::Client::builder()
+                    .use_rustls_tls()
                    .danger_accept_invalid_certs(true)
                    .timeout(Duration::from_secs(op.timeout()))
                    .user_agent(format!("clash-verge/{APP_VERSION} ({OS} WebDAV-Client)"))
--- a/src-tauri/src/utils/network.rs
+++ b/src-tauri/src/utils/network.rs
@@ -110,6 +110,7 @@ impl NetworkManager {
        timeout_secs: Option<u64>,
    ) -> Result<Client> {
        let mut builder = Client::builder()
+            .use_rustls_tls()
            .redirect(reqwest::redirect::Policy::limited(10))
            .tcp_keepalive(Duration::from_secs(60))
            .pool_max_idle_per_host(0)