feat: Trust all server cert

Signed-off-by: zu1k <[email protected]>
zu1k · Jun 4, 2022 · 8324981 · 8324981 · vercel · Jun 4, 2022
1 parent 3b33d24
commit 8324981
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/core/Cargo.toml b/core/Cargo.toml
@@ -24,4 +24,5 @@ tokio = { version = "1", features = ["rt"] }
 tokio-rustls = { version = "0.23", default-features = false, features = ["tls12"] }
 tokio-util = { version = "0.7", features = ["io"] }
 wildmatch = "2.1"
-quick-js = { version = "0.4", features = ["log"] }
+quick-js = { version = "0.4", features = ["log"] }
+rustls = { version = "0.20", features = ["dangerous_configuration"] }
diff --git a/core/src/http_client.rs b/core/src/http_client.rs
@@ -1,6 +1,12 @@
+use std::{sync::Arc, time::SystemTime};
+
 use hyper::{client::HttpConnector, Client};
 use hyper_proxy::{Proxy as UpstreamProxy, ProxyConnector};
 use hyper_rustls::{HttpsConnector, HttpsConnectorBuilder};
+use rustls::{
+    client::{ServerCertVerified, ServerCertVerifier},
+    ClientConfig,
+};
 
 #[derive(Clone)]
 pub enum HttpClient {
@@ -10,7 +16,13 @@ pub enum HttpClient {
 
 pub fn gen_client(upstream_proxy: Option<UpstreamProxy>) -> HttpClient {
     let https = HttpsConnectorBuilder::new()
-        .with_webpki_roots()
+        .with_tls_config({
+            let cert_resolver = Arc::new(TrustAllCertVerifier::default());
+            ClientConfig::builder()
+                .with_safe_defaults()
+                .with_custom_certificate_verifier(cert_resolver)
+                .with_no_client_auth()
+        })
         .https_or_http()
         .enable_http1()
         .enable_http2()
@@ -36,3 +48,20 @@ pub fn gen_client(upstream_proxy: Option<UpstreamProxy>) -> HttpClient {
         )
     }
 }
+
+#[derive(Default)]
+struct TrustAllCertVerifier;
+
+impl ServerCertVerifier for TrustAllCertVerifier {
+    fn verify_server_cert(
+        &self,
+        _end_entity: &rustls::Certificate,
+        _intermediates: &[rustls::Certificate],
+        _server_name: &rustls::ServerName,
+        _scts: &mut dyn Iterator<Item = &[u8]>,
+        _ocsp_response: &[u8],
+        _n_ow: SystemTime,
+    ) -> Result<ServerCertVerified, rustls::Error> {
+        Ok(ServerCertVerified::assertion())
+    }
+}
diff --git a/rules/yuanshen.yaml b/rules/yuanshen.yaml
@@ -0,0 +1,10 @@
+- name: "redirect yuanshen"
+  filter:
+    - domain-suffix: 'mihoyo.com'
+    - domain-suffix: 'hoyoverse.com'
+    - domain-suffix: 'yuanshen.com'
+  action:
+    modify-request:
+      url:
+        re: 'https?:\/\/(.+)\.(.+)\.com(.*)'
+        new: 'https://192.168.226.200:443$3'