Fix MutualTLS issue (#256)

Author: MikuSugar

lib/src/auth/mod.rs

@@ -23,6 +23,7 @@ impl ClientCertificate {
 
 #[derive(Debug, Clone, PartialEq)]
 pub struct MutualTLS {
+    pub(crate) validation: bool,
     pub(crate) cert_file: Option<PathBuf>,
     pub(crate) client_cert: PathBuf,
     pub(crate) client_key: PathBuf,
@@ -35,9 +36,16 @@ impl MutualTLS {
         client_key: impl AsRef<Path>,
     ) -> Self {
         MutualTLS {
+            validation: true,
             cert_file: cert_file.map(|p| p.as_ref().to_path_buf()),
             client_cert: client_cert.as_ref().to_path_buf(),
             client_key: client_key.as_ref().to_path_buf(),
         }
     }
+    pub fn with_no_validation(&self) -> Self {
+        Self {
+            validation: false,
+            ..self.clone()
+        }
+    }
 }

lib/src/connection.rs

@@ -402,13 +402,15 @@ impl ConnectionInfo {
                 // do not apply validation if using a self-signed certificate,as the documentation suggests
                 let config = if !validation {
                     match tls_config {
-                        ConnectionTLSConfig::MutualTLS(_) => tls_config,
-                        _ => &ConnectionTLSConfig::NoSSLValidation,
+                        ConnectionTLSConfig::MutualTLS(mtls) => {
+                            ConnectionTLSConfig::MutualTLS(mtls.with_no_validation())
+                        }
+                        _ => ConnectionTLSConfig::NoSSLValidation,
                     }
                 } else {
-                    tls_config
+                    tls_config.clone()
                 };
-                Self::tls_connector(url.host(), config)
+                Self::tls_connector(url.host(), &config)
             })
             .transpose()?;
 
@@ -498,9 +500,23 @@ impl ConnectionInfo {
                         .with_root_certificates(root_cert_store)
                         .with_client_auth_cert(cert_certs.collect(), keys)
                         .map_err(|_e| Error::ConnectionError)?
+                } else if mutual.validation {
+                    match rustls_native_certs::load_native_certs() {
+                        Ok(certs) => {
+                            root_cert_store.add_parsable_certificates(certs);
+                        }
+                        Err(e) => {
+                            warn!("Failed to load native certificates: {e}");
+                        }
+                    }
+                    builder
+                        .with_root_certificates(root_cert_store)
+                        .with_client_auth_cert(cert_certs.collect(), keys)
+                        .map_err(|_e| Error::ConnectionError)?
                 } else {
                     builder
-                        .with_root_certificates(RootCertStore::empty())
+                        .dangerous()
+                        .with_custom_certificate_verifier(Arc::new(NoCertificateVerification))
                         .with_client_auth_cert(cert_certs.collect(), keys)
                         .map_err(|_e| Error::ConnectionError)?
                 }