feat(tls): refactor TLS configuration to use static Lazy instance

src-tauri/src/feat/clash.rs

@@ -7,8 +7,21 @@ use crate::{
 };
 use bytes::BytesMut;
 use clash_verge_logging::{Type, logging};
+use once_cell::sync::Lazy;
 use serde_yaml_ng::{Mapping, Value};
 use smartstring::alias::String;
+use std::sync::Arc;
+
+#[allow(clippy::expect_used)]
+static TLS_CONFIG: Lazy<Arc<rustls::ClientConfig>> = Lazy::new(|| {
+    let root_store = rustls::RootCertStore::from_iter(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
+    let config = rustls::ClientConfig::builder_with_provider(Arc::new(rustls::crypto::ring::default_provider()))
+        .with_safe_default_protocol_versions()
+        .expect("Failed to set TLS versions")
+        .with_root_certificates(root_store)
+        .with_no_client_auth();
+    Arc::new(config)
+});
 
 /// Restart the Clash core
 pub async fn restart_clash_core() {
@@ -144,13 +157,7 @@ pub async fn test_delay(url: String) -> anyhow::Result<u32> {
                 }
                 None => TcpStream::connect(format!("{host}:{port}")).await?,
             };
-            let root_store = rustls::RootCertStore::from_iter(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
+            let connector = tokio_rustls::TlsConnector::from(Arc::clone(&TLS_CONFIG));
-            let config =
-                rustls::ClientConfig::builder_with_provider(Arc::new(rustls::crypto::ring::default_provider()))
-                    .with_safe_default_protocol_versions()?
-                    .with_root_certificates(root_store)
-                    .with_no_client_auth();
-            let connector = tokio_rustls::TlsConnector::from(Arc::new(config));
             let server_name = rustls::pki_types::ServerName::try_from(host.as_str())
                 .map_err(|_| anyhow::anyhow!("Invalid DNS name: {host}"))?
                 .to_owned();