On App (not web) - Allow connections to servers using self-signed certificates

[PeterFalken]

Describe your feature request
As a user/dev, I would like to connect to a server that uses self-signed certificates. Since this is not allowed on the browser, the APP implementation should allow creating a connection where the certificate validation/check is optional.

The rational for this feature, is that sometimes development environments are setup with self-signed certificates, this allows testing the connections with TLS/SSL similar to what the PROD environment will use, the only difference being the certificate validation.

I'm basing the feature on a similar connection features that exists on PostgreSQL, This would allow self-hosted DEV environments with TLS/SSL connectivity.

Are you willing to contribute this feature?
I can help if needed.

[akneni]

I've started working with SurrealDB recently and this has been a pain point for me as well. Have you gotten started on this yet? If not I can start working on it. While I've worked with Tauri and rust before, I haven't actually looked at this code base yet, so any help you can provide would be much appreciated.

[PeterFalken]

@akneni, I haven't started yet.

There is one pre-requisite:

• The driver has to have a feature that can enable it connect with the self-signed certificate (for most apps, they would look like insecure connections).

And keep in mind is that this should only apply to when running it in App mode, the web browser version follows the security configuration of the browser where it is running.

[akneni]

@PeterFalken So, I had asked about this on their discord server. Apparently the connections to the database occur though the native webview, which I don't think we can enable to accept self signed certificates. This may require building out quite a bit of rust code to implement these connections from scratch and configure the typescript codebase to optionally use these new rust functions to connect to the database rather than the native webview.
If this is something you would still want to pursue, you can contact me at [email protected]. Depending on how large of an undertaking this turns out to be, I may still be willing to implement something like this.

[PeterFalken]

@akneni - I might be wrong, but based on comments & messages from the discord server & after some research it seems that this is an upstream issue with the base framework.

Both HTTP and WebSocket connections are instantiated through the native webview implementation, hence we're limited by browser security measures. Behaviour can differ between platforms, however installing the certificate into the system certificate store might work

hoppscotch/hoppscotch#392
hoppscotch/hoppscotch#882
tauri-apps/tauri#4039

Regarding the driver, the core API for Connections, would need extra parameters/options to skip certificate validation.

From CONTRIBUTING.md on SurrelDB.py

We would recommend following the API of the Rust driver, as the Rust driver is fully utilising our capabilities and is the de-facto reference implementation. In the future, it will also be the underlying implementation as we begin to share a common API (either via foreign function interfaces or WASM), with native language-specific bindings.

Drivers connect to SurrealDB using either REST, a text-based WebSocket protocol, or a binary-based WebSocket protocol. Each of the protocols aims to support as many of the SurrealDB features as possible, ensuring that similar functionality and similar performance are supported regardless of the protocol being used.

[coutouly]

when it will be supported ?