Revert "mobile wss use rustls_platform_verifier"

2026-02-16 02:20:43 +00:00 · 2025-10-30 10:27:55 +08:00
parent b166534807
commit 84a13ad7f3
5 changed files with 7 additions and 77 deletions
--- a/src/config.rs
+++ b/src/config.rs
@@ -5,7 +5,7 @@ use std::{
    net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr},
    ops::{Deref, DerefMut},
    path::{Path, PathBuf},
-    sync::{atomic::AtomicBool, Mutex, RwLock},
+    sync::{Mutex, RwLock},
    time::{Duration, Instant, SystemTime},
 };

@@ -70,7 +70,6 @@ lazy_static::lazy_static! {
    pub static ref OVERWRITE_LOCAL_SETTINGS: RwLock<HashMap<String, String>> = Default::default();
    pub static ref HARD_SETTINGS: RwLock<HashMap<String, String>> = Default::default();
    pub static ref BUILTIN_SETTINGS: RwLock<HashMap<String, String>> = Default::default();
-    pub static ref RUSTLS_PLATFORM_VERIFIER_INITIALIZED: AtomicBool = AtomicBool::new(false);
 }

 lazy_static::lazy_static! {
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -57,10 +57,8 @@ pub use toml;
 pub use uuid;
 pub mod fingerprint;
 pub use flexi_logger;
-pub mod stream;
 pub mod websocket;
-#[cfg(not(any(target_os = "macos", target_os = "windows")))]
-pub use rustls_platform_verifier;
+pub mod stream;
 pub use stream::Stream;
 pub use whoami;

--- a/src/proxy.rs
+++ b/src/proxy.rs
@@ -56,6 +56,7 @@ const MAXIMUM_RESPONSE_HEADERS: usize = 16;
 const DEFINE_TIME_OUT: u64 = 600;

 pub trait IntoUrl {
+
    // Besides parsing as a valid `Url`, the `Url` must be a valid
    // `http::Uri`, in that it makes sense to use in a network request.
    fn into_url(self) -> Result<Url, ProxyError>;
@@ -454,10 +455,8 @@ impl Proxy {
        Input: AsyncRead + AsyncWrite + Unpin,
        T: IntoTargetAddr<'a>,
    {
-        use rustls_platform_verifier::ConfigVerifierExt;
        use std::convert::TryFrom;
-        let verifier = tokio_rustls::rustls::ClientConfig::with_platform_verifier()
-            .map_err(|e| ProxyError::IoError(std::io::Error::other(e)))?;
+        let verifier = rustls_platform_verifier::tls_config();
        let url_domain = self.intercept.get_domain()?;

        let domain = rustls_pki_types::ServerName::try_from(url_domain.as_str())
--- a/src/websocket.rs
+++ b/src/websocket.rs
@@ -8,11 +8,7 @@ use crate::{
    ResultType,
 };
 use bytes::{Bytes, BytesMut};
-#[cfg(any(target_os = "android", target_os = "ios"))]
-use futures::future::{select_ok, FutureExt};
 use futures::{SinkExt, StreamExt};
-#[cfg(any(target_os = "android", target_os = "ios"))]
-use std::future::Future;
 use std::{
    io::{Error, ErrorKind},
    net::SocketAddr,
@@ -32,19 +28,6 @@ pub struct WsFramedStream {
    send_timeout: u64,
 }

-#[cfg(any(target_os = "android", target_os = "ios"))]
-async fn await_timeout_result<F, T, E>(future: F) -> ResultType<T>
-where
-    F: Future<Output = Result<Result<T, E>, tokio::time::error::Elapsed>>,
-    E: std::error::Error + Send + Sync + 'static,
-{
-    match future.await {
-        Ok(Ok(result)) => Ok(result),
-        Ok(Err(e)) => Err(e.into()),
-        Err(elapsed) => Err(Error::new(ErrorKind::TimedOut, elapsed).into()),
-    }
-}
-
 impl WsFramedStream {
    pub async fn new<T: AsRef<str>>(
        url: T,
@@ -60,57 +43,8 @@ impl WsFramedStream {
            .into_client_request()
            .map_err(|e| Error::new(ErrorKind::Other, e))?;

-        let stream;
-        #[cfg(any(target_os = "android", target_os = "ios"))]
-        {
-            let mut futures = vec![];
-
-            let is_wss = url_str.starts_with("wss://");
-            let rustls_platform_verifier_initialized = !cfg!(target_os = "android")
-                || crate::config::RUSTLS_PLATFORM_VERIFIER_INITIALIZED
-                    .load(std::sync::atomic::Ordering::Relaxed);
-            if is_wss && rustls_platform_verifier_initialized {
-                use rustls_platform_verifier::ConfigVerifierExt;
-                use std::sync::Arc;
-                use tokio_rustls::rustls::ClientConfig;
-                use tokio_tungstenite::{connect_async_tls_with_config, Connector};
-                match ClientConfig::with_platform_verifier() {
-                    Ok(config) => {
-                        let connector = Connector::Rustls(Arc::new(config));
-                        futures.push(
-                            await_timeout_result(timeout(
-                                Duration::from_millis(ms_timeout),
-                                connect_async_tls_with_config(
-                                    request.clone(),
-                                    None,
-                                    false,
-                                    Some(connector),
-                                ),
-                            ))
-                            .boxed(),
-                        );
-                    }
-                    Err(e) => {
-                        log::error!("with_platform_verifier failed: {:?}", e);
-                    }
-                }
-            }
-            futures.push(
-                await_timeout_result(timeout(
-                    Duration::from_millis(ms_timeout),
-                    connect_async(request),
-                ))
-                .boxed(),
-            );
-            let ((s, _), _) = select_ok(futures).await?;
-            stream = s;
-        }
-        #[cfg(not(any(target_os = "android", target_os = "ios")))]
-        {
-            let (s, _) =
-                timeout(Duration::from_millis(ms_timeout), connect_async(request)).await??;
-            stream = s;
-        }
+        let (stream, _) =
+            timeout(Duration::from_millis(ms_timeout), connect_async(request)).await??;

        let addr = match stream.get_ref() {
            MaybeTlsStream::Plain(tcp) => tcp.peer_addr()?,