From a6687a383951a565e7b8eecfbb10ee7e99cd9608 Mon Sep 17 00:00:00 2001 From: Tunglies <77394545+Tunglies@users.noreply.github.com> Date: Sun, 12 Apr 2026 03:24:21 +0800 Subject: [PATCH] feat(tls): refactor TLS configuration to use static Lazy instance --- src-tauri/src/feat/clash.rs | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/src-tauri/src/feat/clash.rs b/src-tauri/src/feat/clash.rs index 91ed54ed9..231c97bf4 100644 --- a/src-tauri/src/feat/clash.rs +++ b/src-tauri/src/feat/clash.rs @@ -7,8 +7,21 @@ use crate::{ }; use bytes::BytesMut; use clash_verge_logging::{Type, logging}; +use once_cell::sync::Lazy; use serde_yaml_ng::{Mapping, Value}; use smartstring::alias::String; +use std::sync::Arc; + +#[allow(clippy::expect_used)] +static TLS_CONFIG: Lazy> = Lazy::new(|| { + let root_store = rustls::RootCertStore::from_iter(webpki_roots::TLS_SERVER_ROOTS.iter().cloned()); + let config = rustls::ClientConfig::builder_with_provider(Arc::new(rustls::crypto::ring::default_provider())) + .with_safe_default_protocol_versions() + .expect("Failed to set TLS versions") + .with_root_certificates(root_store) + .with_no_client_auth(); + Arc::new(config) +}); /// Restart the Clash core pub async fn restart_clash_core() { @@ -144,13 +157,7 @@ pub async fn test_delay(url: String) -> anyhow::Result { } None => TcpStream::connect(format!("{host}:{port}")).await?, }; - let root_store = rustls::RootCertStore::from_iter(webpki_roots::TLS_SERVER_ROOTS.iter().cloned()); - let config = - rustls::ClientConfig::builder_with_provider(Arc::new(rustls::crypto::ring::default_provider())) - .with_safe_default_protocol_versions()? - .with_root_certificates(root_store) - .with_no_client_auth(); - let connector = tokio_rustls::TlsConnector::from(Arc::new(config)); + let connector = tokio_rustls::TlsConnector::from(Arc::clone(&TLS_CONFIG)); let server_name = rustls::pki_types::ServerName::try_from(host.as_str()) .map_err(|_| anyhow::anyhow!("Invalid DNS name: {host}"))? .to_owned();