✨ feat(config): config option to use operating system certificates al…

…ongside `rustls` certificates (#620) * TLS certificates * 🚨 fix: make cargo checks happy (#523) * 🚨 fix: make cargo format checks happy (#557) --------- Co-authored-by: neon_arch <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
neon-mmd · Dec 5, 2024 · 2e64fd5 · 2e64fd5
1 parent ce5c794
commit 2e64fd5
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 0 deletions.
diff --git a/src/config/parser.rs b/src/config/parser.rs
@@ -53,6 +53,8 @@ pub struct Config {
     pub proxy: Option<Proxy>,
     /// It stores the number of https connections to keep in the pool.
     pub number_of_https_connections: u8,
+    /// It stores the operating system's TLS certificates for https requests.
+    pub operating_system_tls_certificates: bool,
 }
 
 impl Config {
@@ -132,6 +134,8 @@ impl Config {
         });
 
         Ok(Config {
+            operating_system_tls_certificates: globals
+                .get::<_, bool>("operating_system_tls_certificates")?,
             port: globals.get::<_, u16>("port")?,
             binding_ip: globals.get::<_, String>("binding_ip")?,
             style: Style::new(

diff --git a/src/results/aggregator.rs b/src/results/aggregator.rs
@@ -83,6 +83,8 @@ pub async fn aggregate(
             .tcp_keepalive(Duration::from_secs(config.tcp_connection_keep_alive as u64))
             .pool_max_idle_per_host(config.number_of_https_connections as usize)
             .connect_timeout(Duration::from_secs(config.request_timeout as u64)) // Add timeout to request to avoid DDOSing the server
+            .use_rustls_tls()
+            .tls_built_in_root_certs(config.operating_system_tls_certificates)
             .https_only(true)
             .gzip(true)
             .brotli(true)

diff --git a/websurfx/config.lua b/websurfx/config.lua
@@ -19,6 +19,8 @@ rate_limiter = {
 -- Set whether the server will use an adaptive/dynamic HTTPS window size, see https://httpwg.org/specs/rfc9113.html#fc-principles
 https_adaptive_window_size = false
 
+operating_system_tls_certificates = true -- Set whether the server will use operating system's tls certificates alongside rustls certificates while fetching search results from the upstream engines.
+
 number_of_https_connections = 10 -- the number of https connections that should be available in the connection pool.
 -- Set keep-alive timer in seconds; keeps clients connected to the HTTP server, different from the connection to upstream search engines
 client_connection_keep_alive = 120