From 4c7b984fe6e070e60b33a375fbe5d68fdc82f78e Mon Sep 17 00:00:00 2001 From: Evan Yang Date: Wed, 9 Oct 2024 15:25:38 -0700 Subject: [PATCH] TLS certificates --- src/config/parser.rs | 2 ++ src/results/aggregator.rs | 2 ++ websurfx/config.lua | 2 ++ 3 files changed, 6 insertions(+) diff --git a/src/config/parser.rs b/src/config/parser.rs index 5d821c3d..1cd19bb6 100644 --- a/src/config/parser.rs +++ b/src/config/parser.rs @@ -53,6 +53,8 @@ pub struct Config { pub proxy: Option, /// It stores the number of https connections to keep in the pool. pub number_of_https_connections: u8, + /// It stores the operating system's TLS certificates for https requests. + pub operating_system_tls_certificates: bool, } impl Config { diff --git a/src/results/aggregator.rs b/src/results/aggregator.rs index a6b34a4d..9f53fb87 100644 --- a/src/results/aggregator.rs +++ b/src/results/aggregator.rs @@ -83,6 +83,8 @@ pub async fn aggregate( .tcp_keepalive(Duration::from_secs(config.tcp_connection_keep_alive as u64)) .pool_max_idle_per_host(config.number_of_https_connections as usize) .connect_timeout(Duration::from_secs(config.request_timeout as u64)) // Add timeout to request to avoid DDOSing the server + .use_rustls_tls() + .tls_built_in_root_certs(config.operating_system_tls_certificates) .https_only(true) .gzip(true) .brotli(true) diff --git a/websurfx/config.lua b/websurfx/config.lua index 8dd7a40d..632474ca 100644 --- a/websurfx/config.lua +++ b/websurfx/config.lua @@ -19,6 +19,8 @@ rate_limiter = { -- Set whether the server will use an adaptive/dynamic HTTPS window size, see https://httpwg.org/specs/rfc9113.html#fc-principles https_adaptive_window_size = false +operating_system_tls_certificates = true -- Set whether the server will use operating system's tls certificates alongside rustls certificates while fetching search results from the upstream engines. + number_of_https_connections = 10 -- the number of https connections that should be available in the connection pool. -- Set keep-alive timer in seconds; keeps clients connected to the HTTP server, different from the connection to upstream search engines client_connection_keep_alive = 120