Skip to content

feat: make TLS certificate verification configurable#1893

Open
wavezhang wants to merge 1 commit into
Hmbown:mainfrom
wavezhang:feat/insecure-skip-tls-verify-config
Open

feat: make TLS certificate verification configurable#1893
wavezhang wants to merge 1 commit into
Hmbown:mainfrom
wavezhang:feat/insecure-skip-tls-verify-config

Conversation

@wavezhang
Copy link
Copy Markdown

@wavezhang wavezhang commented May 21, 2026

Add insecure_skip_tls_verify configuration option (default false) to allow users to disable TLS certificate verification.

Configuration:

  • Config file: insecure_skip_tls_verify = true
  • Environment variable: DEEPSEEK_INSECURE_SKIP_TLS_VERIFY=true

Changes:

  • Replaced all hardcoded .danger_accept_invalid_certs(true) across the workspace with configurable flags
  • Added env override parsing in both deepseek-config and TUI Config
  • Added tests for TOML deserialization, env override application, and HTTP client builder behavior

Note: TLS verification is enabled by default. Only disable when connecting to servers with self-signed or untrusted certificates.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request implements a new configuration setting, insecure_skip_tls_verify, and a corresponding environment variable, DEEPSEEK_INSECURE_SKIP_TLS_VERIFY, to allow users to bypass TLS certificate verification for outbound HTTPS requests. This change affects multiple modules, including the CLI update mechanism, skill management, MCP connections, and various network-dependent tools. The review feedback identifies several locations where the skip_verify flag is not properly propagated to internal function calls, specifically regarding mirror-based updates and skill registry synchronization. Furthermore, the reviewer suggests centralizing the environment variable parsing logic to eliminate redundancy and ensure consistent boolean evaluation across the codebase.

Comment thread crates/cli/src/update.rs
fn fetch_latest_release(skip_verify: bool) -> Result<Release> {
if let Some(base_url) = release_base_url_from_env() {
let version = update_version_from_env().unwrap_or_else(|| env!("CARGO_PKG_VERSION").into());
return Ok(release_from_mirror_base_url(
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The skip_verify flag is not propagated to release_from_mirror_base_url. If a user has configured a mirror via environment variables and that mirror uses a self-signed certificate, the update check will fail even if TLS verification is disabled.

Comment thread crates/tui/src/commands/skills.rs Outdated
Comment on lines 372 to 373
let (network, _max_size, registry_url, _skip_verify) = installer_settings(app);
let registry = run_async(async move { install::fetch_registry(&network, &registry_url).await });
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The skip_verify flag obtained from installer_settings is explicitly ignored here (as _skip_verify) and not passed to install::fetch_registry. This will cause skill listing to fail when using a registry with an untrusted certificate, despite the configuration setting.

Comment thread crates/tui/src/skills/install.rs Outdated
Comment thread crates/cli/src/lib.rs Outdated
Comment thread crates/tui/src/config.rs
Comment on lines +2691 to +2695
if let Ok(value) = std::env::var("DEEPSEEK_INSECURE_SKIP_TLS_VERIFY") {
let val = value.trim().to_ascii_lowercase();
config.insecure_skip_tls_verify =
Some(matches!(val.as_str(), "1" | "true" | "yes" | "on"));
}
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This boolean parsing logic is duplicated from crates/cli/src/lib.rs. It is recommended to use a centralized helper (like the one used in crates/config) to ensure consistent handling of truthy values (e.g., "1", "true", "yes", "on") across the entire application.

@wavezhang wavezhang force-pushed the feat/insecure-skip-tls-verify-config branch 2 times, most recently from 120404f to 804815d Compare May 21, 2026 10:09
@wavezhang
feat: make TLS certificate verification configurable
f60c0fd 
Add `insecure_skip_tls_verify` configuration option (default `false`)
to allow users to disable TLS certificate verification for outbound HTTPS
requests. This affects the API client, tools (fetch, search, web_run,
finance, image_analyze), skill installer, MCP connections, sandbox,
config UI polling, CLI self-updater, and webhook hooks.

**Configuration**
- TOML: `insecure_skip_tls_verify = true`
- Environment variable: `DEEPSEEK_INSECURE_SKIP_TLS_VERIFY=true`

**Key design decisions**
- The flag is threaded through constructors and execution contexts rather
  than read from global config inside HTTP client builders, keeping the
  dependency graph clean (hooks crate does not depend on config).
- `ConfigToml::resolve_insecure_skip_tls_verify()` centralizes env-var
  override resolution so callers don't duplicate parsing logic.
- `parse_bool` in `crates/config` is now `pub` for shared boolean
  parsing.

**Tests added**
- Config TOML deserialization for `insecure_skip_tls_verify`
- Env override application in TUI Config
- HTTP client builder behavior with skip_verify true/false

**Security note**
This commit does not introduce or expose any credentials, tokens, or
secrets. All changes are strictly structural (replacing hardcoded
`danger_accept_invalid_certs(true)` with a configurable flag). No API
keys, passwords, or personal access tokens are present in the diff.
@wavezhang wavezhang force-pushed the feat/insecure-skip-tls-verify-config branch from 804815d to f60c0fd Compare May 21, 2026 10:09
@wavezhang
Copy link
Copy Markdown
Author

wavezhang commented May 21, 2026

Thanks for the review. Here is the status of each comment:

  1. crates/cli/src/update.rs:303release_from_mirror_base_url only constructs the Release struct (URLs) without making any HTTP request. The actual downloads go through download_url(url, skip_verify), so skip_verify is already applied at the network boundary. No change needed here.

  2. crates/tui/src/commands/skills.rs — Fixed. skip_verify is now passed to install::fetch_registry.

  3. crates/tui/src/skills/install.rs — Fixed. sync_registry now passes skip_verify to fetch_registry, and fetch_registry uses a custom reqwest::Client with .danger_accept_invalid_certs(skip_verify).

  4. crates/cli/src/lib.rs — Fixed. Removed the redundant manual env parsing; now uses store.config.resolve_insecure_skip_tls_verify().

  5. crates/tui/src/config.rs — Fixed. Replaced inline boolean parsing with the centralized parse_bool_env helper to stay consistent with crates/config.

All fixes have been squashed into the latest commit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wavezhang