feat: Accept invalid hostnames (#118)

bitcoin-numeraire · Aug 12, 2024 · 3d0743a · 3d0743a
1 parent fd6beb8
commit 3d0743a
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 4 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -26,7 +26,7 @@ dotenv = "0.15.0"
 tracing = "0.1.40"
 tracing-subscriber = { version = "0.3.18", features = ["json", "env-filter"] }
 jsonwebtoken = "9.3.0"
-reqwest = "=0.11.20"
+reqwest = { version = "0.12.5", features = ["json"] }
 uuid = { version = "1.9.1", features = ["v4", "serde"] }
 chrono = "0.4.38"
 thiserror = "1.0.61"

diff --git a/config/default.toml b/config/default.toml
@@ -36,6 +36,7 @@ connect_timeout = "5s"
 timeout = "30s"
 connection_verbose = true
 accept_invalid_certs = false
+accept_invalid_hostnames = false
 maxfeepercent = 0.5
 payment_timeout = "60s"
 payment_exemptfee = 5000

diff --git a/src/infra/lightning/cln/cln_rest_client.rs b/src/infra/lightning/cln/cln_rest_client.rs
@@ -37,6 +37,7 @@ pub struct ClnRestClientConfig {
     #[serde(deserialize_with = "deserialize_duration")]
     pub timeout: Duration,
     pub accept_invalid_certs: bool,
+    pub accept_invalid_hostnames: bool,
     pub maxfeepercent: Option<f64>,
     #[serde(deserialize_with = "deserialize_duration")]
     pub payment_timeout: Duration,
@@ -80,7 +81,9 @@ impl ClnRestClient {
             let ca_certificate = Self::read_ca(ca_cert_path)
                 .await
                 .map_err(|e| LightningError::ReadCertificates(e.to_string()))?;
-            client_builder = client_builder.add_root_certificate(ca_certificate);
+            client_builder = client_builder
+                .add_root_certificate(ca_certificate)
+                .danger_accept_invalid_hostnames(config.accept_invalid_hostnames);
         }
 
         let client = client_builder

diff --git a/src/infra/lightning/cln/cln_websocket_client.rs b/src/infra/lightning/cln/cln_websocket_client.rs
@@ -41,9 +41,10 @@ pub async fn connect_websocket(
             .map_err(|e| LightningError::ReadCertificates(e.to_string()))?;
         let tls_connector = TlsConnector::builder()
             .add_root_certificate(ca_certificate)
+            .danger_accept_invalid_hostnames(config.accept_invalid_hostnames)
             .build()
             .map_err(|e| LightningError::TLSConfig(e.to_string()))?;
-        client_builder = client_builder.tls_config(tls_connector);
+        client_builder = client_builder.tls_config(tls_connector.clone());
     }
 
     if config.accept_invalid_certs {