Caddy Self signed and system level trusted certificates not working in Tauri

[jrouaix]

Hi,

We have multiple apis running behind caddy for exposing https self certificates on local domain names like api.awesome-app.lan & app.awesome-app.lan for instance.

After calling caddy trust on ubuntu

• curl https://app.awesome-app.lan => 🟢
• chrome on https://app.awesome-app.lan => 🟢
• a rust process using reqwest crate calling https://api.awesome-app.lan => 🟢
• tauri http plugin (yes allow configured) on https://app.awesome-app.lan => 🔴

I saw some issues here that might be related ... not sure, also it seems to be a discussed topic in the discord.

What would be the right way to go in order to make this work ? (and avoid activating the dangerous-settings feature in tauri plugin)

Thanks

EDIT : epiphany web browser on utunbu => 🟢

[FabianLars]

can you share the reqwest code (include the feature flags in cargo.toml) that works for you? would make it super easy to spot the difference since our http plugin uses reqwest as well.

[FabianLars]

p.s. system level certs should be loaded automatically if you enable the plugin's rustls-tls-native-roots feature flag (i assume you had to do the same for reqwest?)

[jrouaix]

yes :

[dependencies]
anyhow = "1"
tokio = { version = "1", features = ["full"] }
url = "2"
reqwest = { version = "0.12" }

#[tokio::main]
async fn main() -> anyhow::Result<()> {
  let client = reqwest::Client::new();
  let url = url::Url::parse("https://app.awesome-app.lan")?;
  let response = client.get(url).send().await?;
  dbg!(response.status());
  Ok(())
}

[reqwest_test/src/main.rs:6:3] response.status() = 200

Tested outside of any workspace or existing cargo.lock file : behaves the same.
reqwest 0.11 also behaves the same way.

[jrouaix]

@FabianLars feature rustls-tls-native-roots on http plugin did the trick !
Thanks a lot !

[FabianLars]

Transferred to the docs repo so well add the flags to the guide