Add support for wildcard client certs

Author: pimterry

src/components/settings/connection-settings-card.tsx

@@ -8,7 +8,7 @@ import { WarningIcon, Icon } from '../../icons';
 import { trackEvent } from '../../metrics';
 
 import { uploadFile } from '../../util/ui';
-import { UnreachableCheck, asError, unreachableCheck } from '../../util/error';
+import { asError, unreachableCheck } from '../../util/error';
 
 import { UpstreamProxyType, RulesStore } from '../../model/rules/rules-store';
 import { ParsedCertificate, ValidationResult } from '../../model/crypto';
@@ -19,7 +19,8 @@ import {
     versionSatisfies,
     CLIENT_CERT_SERVER_RANGE,
     PROXY_CONFIG_RANGE,
-    CUSTOM_CA_TRUST_RANGE
+    CUSTOM_CA_TRUST_RANGE,
+    WILDCARD_CLIENT_CERTS
 } from '../../services/service-versions';
 
 import { inputValidation } from '../component-utils';
@@ -69,10 +70,17 @@ const UpstreamProxyDropdown = styled(Select)`
     margin-right: 10px;
 `;
 
+const isValidClientCertHost = (input: string): boolean =>
+    isValidHost(input) || input === '*';
+
 const validateHost = inputValidation(isValidHost,
     "Should be a plain hostname, optionally with a specific port"
 );
 
+const validateClientCertHost = inputValidation(isValidClientCertHost,
+    "Should be a plain hostname, optionally with a specific port, or '*'"
+);
+
 const isValidProxyHost = (host: string | undefined): boolean =>
     !!host?.match(/^([^/@]*@)?[A-Za-z0-9\-.]+(:\d+)?$/);
 const validateProxyHost = inputValidation(isValidProxyHost,
@@ -426,7 +434,7 @@ class ClientCertificateConfig extends React.Component<{ rulesStore: RulesStore }
                     value={this.clientCertHostInput}
                     onChange={action((e: React.ChangeEvent<HTMLInputElement>) => {
                         this.clientCertHostInput = e.target.value;
-                        validateHost(e.target);
+                        validateClientCertHost(e.target);
                     })}
                 />
                 { this.clientCertState === undefined
@@ -477,7 +485,7 @@ class ClientCertificateConfig extends React.Component<{ rulesStore: RulesStore }
                 }
                 <SettingsButton
                     disabled={
-                        !isValidHost(this.clientCertHostInput) ||
+                        !isValidClientCertHost(this.clientCertHostInput) ||
                         this.clientCertState !== 'decrypted' || // Not decrypted yet, or
                         !!clientCertificateHostMap[this.clientCertHostInput] // Duplicate host
                     }
@@ -488,7 +496,11 @@ class ClientCertificateConfig extends React.Component<{ rulesStore: RulesStore }
             </ClientCertificatesList>
             <SettingsExplanation>
                 These certificates will be used for client TLS authentication, if requested by the server, when
-                connecting to their corresponding hostname.
+                connecting to their corresponding hostname. {
+                    versionSatisfies(serverVersion.value, WILDCARD_CLIENT_CERTS)
+                    ? <>Use <code>*</code> to use a certificate for all hosts.</>
+                    : ''
+                }
             </SettingsExplanation>
         </>;
     }

src/model/send/send-store.ts

@@ -159,6 +159,7 @@ export class SendStore {
             const hostWithPort = `${url.hostname}:${effectivePort}`;
             const clientCertificate = passthroughOptions.clientCertificateHostMap?.[hostWithPort] ||
                 passthroughOptions.clientCertificateHostMap?.[url.hostname!] ||
+                passthroughOptions.clientCertificateHostMap?.['*'] ||
                 undefined;
 
             const additionalCACerts = this.rulesStore.additionalCaCertificates.map((cert) =>

src/services/service-versions.ts

@@ -84,4 +84,5 @@ export const TLS_PASSTHROUGH_SUPPORTED = '^1.12.0';
 export const CONNECTION_RESET_SUPPORTED = '^1.12.0';
 export const SERVER_REST_API_SUPPORTED = '^1.13.0';
 export const SERVER_SEND_API_SUPPORTED = '^1.13.0';
-export const ADVANCED_PATCH_TRANSFORMS = '^1.18.0';
+export const ADVANCED_PATCH_TRANSFORMS = '^1.18.0';
+export const WILDCARD_CLIENT_CERTS = '^1.22.0';