Skip to content

danger_accept_invalid_certs(true) is ignored when browser impersonation is enabled #155

Description

@ehfkwlfkwl

ClientBuilder::danger_accept_invalid_certs(true) does not appear to work when .impersonate(...) is enabled.

The same option is expected to disable certificate validation, but in the impersonation path primp builds a custom rustls::ClientConfig and passes it to reqwest via use_preconfigured_tls(...). Because of that, the reqwest builder's danger_accept_invalid_certs(true) setting is not applied to the preconfigured TLS config.

In the impersonation build path, apply_impersonation(...) creates a custom rustls::ClientConfig:

let tls_config = build_impersonate_tls_config(&settings, custom_certs)?;
let builder = builder.use_preconfigured_tls(tls_config);

At this point, the danger_accept_invalid_certs(true) setting from the underlying reqwest builder is no longer applied, because the TLS verifier has already been selected inside the preconfigured rustls config.

Possible fix:
Track the accept_invalid_certs setting in primp::ClientBuilder and pass it into build_impersonate_tls_config(...). When enabled, build the rustls config with a custom verifier, similar to reqwest's NoVerifier path:

let config = if accept_invalid_certs {
    builder
        .dangerous()
        .with_custom_certificate_verifier(Arc::new(NoVerifier))
        .with_no_client_auth()
} else {
    builder
        .with_root_certificates(root_store)
        .with_no_client_auth()
};

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions