[PR #425] Use native TLS when certificate validation is disabled #347

New Issue

GiteaMirror · 2026-03-22T21:18:49-05:00

GiteaMirror commented

2026-03-22 21:18:49 -05:00

📋 Pull Request Information

Original PR: https://github.com/mountain-loop/yaak/pull/425
Author: @gschier
Created: 3/12/2026
Status: 🔄 Open

Base: main ← Head: fix/native-tls-legacy-servers

📝 Commits (1)

67cbb06 Use native TLS when certificate validation is disabled for legacy server compatibility

📊 Changes

4 files changed (+70 additions, -5 deletions)

View changed files

📝 Cargo.lock (+1 -0)
📝 crates/yaak-http/Cargo.toml (+2 -1)
📝 crates/yaak-http/src/client.rs (+61 -4)
📝 crates/yaak-http/src/error.rs (+6 -0)

📄 Description

Summary

When "Validate TLS certificates" is disabled, use the OS native TLS stack (Secure Transport/SChannel/OpenSSL) instead of rustls
Fixes TLS handshake failures against legacy servers (e.g. IBM WebSphere) that only support TLS 1.0, since rustls only implements TLS 1.2+
No change to default behavior — rustls is still used when validation is enabled

Ref: https://yaak.app/feedback/posts/tls-handshake-eof-when-connecting-to-private-ibm-websphere-endpoint-works-when-s

Test plan

Verify normal HTTPS requests still work with "Validate TLS certificates" enabled (rustls path)
Verify requests work with "Validate TLS certificates" disabled against a standard HTTPS server (native-tls path)
Verify requests work against a TLS 1.0-only server with validation disabled

🤖 Generated with Claude Code

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/mountain-loop/yaak/pull/425 **Author:** [@gschier](https://github.com/gschier) **Created:** 3/12/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `fix/native-tls-legacy-servers` --- ### 📝 Commits (1) - [`67cbb06`](https://github.com/mountain-loop/yaak/commit/67cbb06bb994483e508a85bc5d4854a1bab8d3e8) Use native TLS when certificate validation is disabled for legacy server compatibility ### 📊 Changes **4 files changed** (+70 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.lock` (+1 -0) 📝 `crates/yaak-http/Cargo.toml` (+2 -1) 📝 `crates/yaak-http/src/client.rs` (+61 -4) 📝 `crates/yaak-http/src/error.rs` (+6 -0) </details> ### 📄 Description ## Summary - When "Validate TLS certificates" is disabled, use the OS native TLS stack (Secure Transport/SChannel/OpenSSL) instead of rustls - Fixes TLS handshake failures against legacy servers (e.g. IBM WebSphere) that only support TLS 1.0, since rustls only implements TLS 1.2+ - No change to default behavior — rustls is still used when validation is enabled Ref: https://yaak.app/feedback/posts/tls-handshake-eof-when-connecting-to-private-ibm-websphere-endpoint-works-when-s ## Test plan - [ ] Verify normal HTTPS requests still work with "Validate TLS certificates" enabled (rustls path) - [ ] Verify requests work with "Validate TLS certificates" disabled against a standard HTTPS server (native-tls path) - [ ] Verify requests work against a TLS 1.0-only server with validation disabled 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-03-22 21:18:49 -05:00

GiteaMirror referenced this issue

2026-04-16 15:20:20 -05:00

[PR #347] [MERGED] Add reorderable tabs with global persistence #625

GiteaMirror referenced this issue

2026-04-26 00:15:42 -05:00

[PR #347] [MERGED] Add reorderable tabs with global persistence #1254

Sign in to join this conversation.