Unable to Customize HTTP Client in Serenity Crate

Question

Unable to Customize HTTP Client in Serenity Crate

KairuDeibisu opened this issue 6 months ago · 0 comments

Problem

I am currently developing a stateless Discord application using the serenity crate, hosted on Replit. Due to the nature of Replit's network environment, all external SSL/TLS certificates, including those from Discord, are reissued by Replit's firewall. This process leads to a situation where these certificates are not trusted by default in my application, resulting in certificate verification errors when attempting to communicate with Discord's API.

The core of the issue arises from the serenity crate's Http struct, which encapsulates the reqwest::Client but does not allow any modification or customization of it. This limitation prevents me from adding the necessary Replit-issued certificates to the trusted store or configuring SSL/TLS settings to suit my environment. The current implementation of the Http struct is as follows:

#[derive(Debug)]
pub struct Http {
    pub(crate) client: Client,
    pub ratelimiter: Option<Ratelimiter>,
    pub proxy: Option<String>,
    token: SecretString,
    application_id: AtomicU64,
}

Request

Can you make a constructor with a token and a custom certificate or token and custom client?

Error

2024-05-07T15:48:25.011852Z ERROR ordis: Failed to create guild command: Http(Request(reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("discord.com")), port: None, path: "/api/v10/applications/XXXXXXXXXX/guilds/XXXXXXXXXX/commands", query: None, fragment: None }, source: hyper::Error(Connect, Custom { kind: Other, error: Custom { kind: InvalidData, error: InvalidCertificate(UnknownIssuer) } }) }))

Debug

openssl s_client -showcerts -connect discord.com:443

~/ordis$ openssl s_client -showcerts -connect discord.com:443
CONNECTED(00000003)
depth=1 C = US, ST = California, L = San Francisco, O = Replit, OU = Replit
verify return:1
depth=0 C = US, ST = California, L = San Fransisco, O = Replit, OU = Replit, CN = discord.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = San Fransisco, O = Replit, OU = Replit, CN = discord.com
   i:C = US, ST = California, L = San Francisco, O = Replit, OU = Replit
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 22:10:32 2023 GMT; NotAfter: Aug 25 22:10:32 2024 GMT
-----BEGIN CERTIFICATE-----
MIID4DCCAsigAwIBAgIUKbkG3VHZ/EFjiIsdBAPPyuNchzMwDQYJKoZIhvcNAQEL
BQAwXDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
DVNhbiBGcmFuY2lzY28xDzANBgNVBAoMBlJlcGxpdDEPMA0GA1UECwwGUmVwbGl0
MB4XDTIzMDkwNDIyMTAzMloXDTI0MDgyNTIyMTAzMlowcjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuc2lzY28xDzAN
BgNVBAoMBlJlcGxpdDEPMA0GA1UECwwGUmVwbGl0MRQwEgYDVQQDDAtkaXNjb3Jk
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALg2e71WSdNMHtab
dXKVuJbKulaITfdCatD4FQzQhqaTfsvN06J4vbg5MvVGIrHNJqpYrkTvK561fW6V
s9d1U6wwmIWodgXOa6CjSHuiNXs4aS/IUCtd00dRvu/h08zNtDcI1LXqpfJWphI7
u5rDfY/q5mIBZBCkcGVa/2bIj0vo5IsqAaAn9pD/NkYjPvslcoCrCySiNrnaxSvH
LV8+hgyYhLQPUxOCr4WP6wKUYIDfpNc6+Bs+/lTsNlD7ASrSyLD+J1G7SHrMM1R1
sS1aHEUsmUZM6qPU9RnArj9UFWk1HnnYEUUYHvQ5brqB20KzjKoFlombOyZoGkAo
Jegp14kCAwEAAaOBgzCBgDAfBgNVHSMEGDAWgBRGbyLc7UwQJdplXLEfjDuXrBXR
/jAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAmBgNVHREEHzAdggtkaXNjb3JkLmNv
bYIOZGlzY29yZGFwcC5jb20wHQYDVR0OBBYEFHjLuhpp8IzR1rlm61D1EpRlYYk0
MA0GCSqGSIb3DQEBCwUAA4IBAQAAWHx+6JL8p4PdEbBrdpLkNIi3mkK1xwxBhRUe
NwycE1Y1u5JExWvvo5SKuLlVbdHAc19Qy6BPVTLJJOIcO1vmrEANuxYnHo7aLMdd
9QWYDGRtCx0hv9GdqWmsy7nHyYH1RvGApYxCIFQwCwPk68M3ZtMPqDhb565y6tD3
r6OY9yoInimvhyAh8Zd+jGG0Rmp8SgSHUot5OM1e3f1jHl8p6Xea8Gw2rHjCVHf9
D2t8V/HtJ1MSD+obWIBKBMzwJQeJjfQIAYT2kUa9FDSO0hkBseIN5O89NKELAbyq
9Rq4uvi50fBmsGOvGyToo9n3uAPA9bnqhicmxwEOxUnEWt+b
-----END CERTIFICATE-----
---
Server certificate
subject=C = US, ST = California, L = San Fransisco, O = Replit, OU = Replit, CN = discord.com
issuer=C = US, ST = California, L = San Francisco, O = Replit, OU = Replit
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1536 bytes and written 381 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_128_GCM_SHA256
    Session-ID: 973D451F09FD354CDA3012FB63B3FF7A9E06EEA8FE2184E8FEFAAEF207207B6D
    Session-ID-ctx: 
    Resumption PSK: 3107D1066DB137189188856D03C729599806139AAAF70DC08B87EBDCE45FC8B3
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 604800 (seconds)
    TLS session ticket:
    0000 - fd 53 59 a7 da a5 8b 77-6a f2 89 be 10 05 6f 46   .SY....wj.....oF
    0010 - 85 81 75 c7 50 ea 22 5e-65 27 f5 64 4f 2d 45 19   ..u.P."^e'.dO-E.
    0020 - ee 24 98 8b 46 b1 57 fe-c2 04 3c 60 9c 19 bf 6f   .$..F.W...<`...o
    0030 - e7 2c 54 f4 74 40 f8 e2-e7 b7 12 f0 c0 44 aa 94   .,T.t@.......D..
    0040 - 17 d8 84 0b 0d 37 21 04-f5 89 8c bb ee 57 ef 20   .....7!......W. 
    0050 - 8e c1 9d e8 4c 6e a4 6a-09 6c 78 8d 6a ee c4 25   ....Ln.j.lx.j..%
    0060 - 71 18 05 ac e5 88 a4 a1-db                        q........

    Start Time: 1715097004
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK