let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

fix: wire gateway tls fingerprint for wss

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-19 08:54:17 +00:00
parent 4609ed70c1
commit 66193dab92
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/gateway/call.ts
View File

@@ -14,6 +14,7 @@ import {
type GatewayClientMode,
type GatewayClientName,
} from "../utils/message-channel.js";
import { loadGatewayTlsRuntime } from "../infra/tls/gateway.js";
import { GatewayClient } from "./client.js";
import { PROTOCOL_VERSION } from "./protocol/index.js";
@@ -134,6 +135,13 @@ export async function callGateway<T = unknown>(opts: CallGatewayOptions): Promis
...(opts.configPath ? { configPath: opts.configPath } : {}),
});
const url = connectionDetails.url;
const useLocalTls =
config.gateway?.tls?.enabled === true &&
!urlOverride &&
!remoteUrl &&
url.startsWith("wss://");
const tlsRuntime = useLocalTls ? await loadGatewayTlsRuntime(config.gateway?.tls) : undefined;
const tlsFingerprint = tlsRuntime?.enabled ? tlsRuntime.fingerprintSha256 : undefined;
const token =
(typeof opts.token === "string" && opts.token.trim().length > 0
? opts.token.trim()
@@ -183,6 +191,7 @@ export async function callGateway<T = unknown>(opts: CallGatewayOptions): Promis
url,
token,
password,
tlsFingerprint,
instanceId: opts.instanceId ?? randomUUID(),
clientName: opts.clientName ?? GATEWAY_CLIENT_NAMES.CLI,
clientDisplayName: opts.clientDisplayName,

11
src/gateway/client.ts
View File

@@ -99,7 +99,16 @@ export class GatewayClient {
typeof fingerprintValue === "string" ? fingerprintValue : "",
);
const expected = normalizeFingerprint(this.opts.tlsFingerprint ?? "");
return Boolean(fingerprint && fingerprint === expected);
if (!expected) {
return new Error("gateway tls fingerprint missing");
}
if (!fingerprint) {
return new Error("gateway tls fingerprint unavailable");
}
if (fingerprint !== expected) {
return new Error("gateway tls fingerprint mismatch");
}
return undefined;
};
}
this.ws = new WebSocket(url, wsOptions);