From 6889a8be5c4f993a47315dd6f72177f720b93544 Mon Sep 17 00:00:00 2001 From: Christian Leingang <40596710+christian-leingang@users.noreply.github.com> Date: Thu, 23 Oct 2025 13:58:54 +0000 Subject: [PATCH 1/4] updater: allow accepting invalid TLS certs/hostnames via config and builder --- plugins/updater/src/config.rs | 10 ++++++++++ plugins/updater/src/updater.rs | 14 +++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/plugins/updater/src/config.rs b/plugins/updater/src/config.rs index 6b16bc01f4..330443d687 100644 --- a/plugins/updater/src/config.rs +++ b/plugins/updater/src/config.rs @@ -95,6 +95,10 @@ where pub struct Config { /// Dangerously allow using insecure transport protocols for update endpoints. pub dangerous_insecure_transport_protocol: bool, + /// Dangerously accept invalid TLS certificates for update requests. + pub dangerous_accept_invalid_certs: bool, + /// Dangerously accept invalid hostnames for TLS certificates for update requests. + pub dangerous_accept_invalid_hostnames: bool, /// Updater endpoints. pub endpoints: Vec, /// Signature public key. @@ -113,6 +117,10 @@ impl<'de> Deserialize<'de> for Config { pub struct Config { #[serde(default, alias = "dangerous-insecure-transport-protocol")] pub dangerous_insecure_transport_protocol: bool, + #[serde(default, alias = "dangerous-accept-invalid-certs")] + pub dangerous_accept_invalid_certs: bool, + #[serde(default, alias = "dangerous-accept-invalid-hostnames")] + pub dangerous_accept_invalid_hostnames: bool, #[serde(default)] pub endpoints: Vec, pub pubkey: String, @@ -129,6 +137,8 @@ impl<'de> Deserialize<'de> for Config { Ok(Self { dangerous_insecure_transport_protocol: config.dangerous_insecure_transport_protocol, + dangerous_accept_invalid_certs: config.dangerous_accept_invalid_certs, + dangerous_accept_invalid_hostnames: config.dangerous_accept_invalid_hostnames, endpoints: config.endpoints, pubkey: config.pubkey, windows: config.windows, diff --git a/plugins/updater/src/updater.rs b/plugins/updater/src/updater.rs index 28c420ca86..748a6a6ca6 100644 --- a/plugins/updater/src/updater.rs +++ b/plugins/updater/src/updater.rs @@ -425,6 +425,12 @@ impl Updater { log::debug!("checking for updates {url}"); let mut request = ClientBuilder::new().user_agent(UPDATER_USER_AGENT); + if self.config.dangerous_accept_invalid_certs { + request = request.danger_accept_invalid_certs(true); + } + if self.config.dangerous_accept_invalid_hostnames { + request = request.danger_accept_invalid_hostnames(true); + } if let Some(timeout) = self.timeout { request = request.timeout(timeout); } @@ -624,7 +630,13 @@ impl Update { headers.insert(ACCEPT, HeaderValue::from_static("application/octet-stream")); } - let mut request = ClientBuilder::new().user_agent(UPDATER_USER_AGENT); + let mut request = ClientBuilder::new().user_agent(UPDATER_USER_AGENT); + if self.config.dangerous_accept_invalid_certs { + request = request.danger_accept_invalid_certs(true); + } + if self.config.dangerous_accept_invalid_hostnames { + request = request.danger_accept_invalid_hostnames(true); + } if let Some(timeout) = self.timeout { request = request.timeout(timeout); } From 360abb4f13be531bbdc51b60d9fd7e94dfd9447b Mon Sep 17 00:00:00 2001 From: Christian Leingang <40596710+christian-leingang@users.noreply.github.com> Date: Fri, 24 Oct 2025 09:03:03 +0000 Subject: [PATCH 2/4] refactor: improve formatting of request builder in Update implementation --- plugins/updater/src/updater.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/plugins/updater/src/updater.rs b/plugins/updater/src/updater.rs index 748a6a6ca6..35945b87dd 100644 --- a/plugins/updater/src/updater.rs +++ b/plugins/updater/src/updater.rs @@ -630,13 +630,13 @@ impl Update { headers.insert(ACCEPT, HeaderValue::from_static("application/octet-stream")); } - let mut request = ClientBuilder::new().user_agent(UPDATER_USER_AGENT); - if self.config.dangerous_accept_invalid_certs { - request = request.danger_accept_invalid_certs(true); - } - if self.config.dangerous_accept_invalid_hostnames { - request = request.danger_accept_invalid_hostnames(true); - } + let mut request = ClientBuilder::new().user_agent(UPDATER_USER_AGENT); + if self.config.dangerous_accept_invalid_certs { + request = request.danger_accept_invalid_certs(true); + } + if self.config.dangerous_accept_invalid_hostnames { + request = request.danger_accept_invalid_hostnames(true); + } if let Some(timeout) = self.timeout { request = request.timeout(timeout); } From a52647fa3293df2a7d103061745e922d0f76529b Mon Sep 17 00:00:00 2001 From: Christian Leingang <40596710+christian-leingang@users.noreply.github.com> Date: Fri, 24 Oct 2025 10:24:04 +0000 Subject: [PATCH 3/4] chore(changes): add changefile for updater allow invalid TLS --- .changes/updater-allow-invalid-tls.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .changes/updater-allow-invalid-tls.md diff --git a/.changes/updater-allow-invalid-tls.md b/.changes/updater-allow-invalid-tls.md new file mode 100644 index 0000000000..e2f8e4d9e9 --- /dev/null +++ b/.changes/updater-allow-invalid-tls.md @@ -0,0 +1,15 @@ +```markdown +--- +"updater": minor +"updater-js": minor +--- + +Allow configuring the updater client to accept invalid TLS certificates and hostnames for +internal/self-signed update servers. These options are available via the plugin config +(`dangerousAcceptInvalidCerts`, `dangerousAcceptInvalidHostnames`) and via the +`UpdaterBuilder` (`dangerous_accept_invalid_certs`, `dangerous_accept_invalid_hostnames`). + +These settings are gated behind the `dangerous-settings` Cargo feature and should only be +used in trusted environments (tests, internal servers). + +``` From fce85ba1ac869e6466c5170b7a17d2faf5670dcd Mon Sep 17 00:00:00 2001 From: Fabian-Lars Date: Fri, 24 Oct 2025 13:46:52 +0200 Subject: [PATCH 4/4] changefile syntax --- .changes/updater-allow-invalid-tls.md | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/.changes/updater-allow-invalid-tls.md b/.changes/updater-allow-invalid-tls.md index e2f8e4d9e9..7c8e275cf7 100644 --- a/.changes/updater-allow-invalid-tls.md +++ b/.changes/updater-allow-invalid-tls.md @@ -1,15 +1,6 @@ -```markdown --- "updater": minor "updater-js": minor --- -Allow configuring the updater client to accept invalid TLS certificates and hostnames for -internal/self-signed update servers. These options are available via the plugin config -(`dangerousAcceptInvalidCerts`, `dangerousAcceptInvalidHostnames`) and via the -`UpdaterBuilder` (`dangerous_accept_invalid_certs`, `dangerous_accept_invalid_hostnames`). - -These settings are gated behind the `dangerous-settings` Cargo feature and should only be -used in trusted environments (tests, internal servers). - -``` +Allow configuring the updater client to accept invalid TLS certificates and hostnames for internal/self-signed update servers. These options are available via the plugin config (`dangerousAcceptInvalidCerts`, `dangerousAcceptInvalidHostnames`) and via the `UpdaterBuilder` (`dangerous_accept_invalid_certs`, `dangerous_accept_invalid_hostnames`).