From 6b1847a0a09cb16d5149e8db30f31ba0745948fd Mon Sep 17 00:00:00 2001 From: Honsun Zhu Date: Tue, 3 Dec 2024 19:35:01 +0800 Subject: [PATCH] feat: add webpki roots support --- Cargo.toml | 19 ++++++++++++++----- src/lib.rs | 31 ++++++++++++++++++++----------- 2 files changed, 34 insertions(+), 16 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 771be31..c9ac2b6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,9 +28,8 @@ hyper-util = { version = "0.1", features = ["tokio"] } hyper-tls = { version = "0.6", optional = true } # `rustls` feature -hyper-rustls = { version = "0.26", optional = true } -rusttls = { package = "rustls", version = "0.22", optional = true } -rustls-native-certs = { version = "0.7", optional = true } +rusttls = { package = "rustls", version = "0.23", default-features = false, optional = true } +hyper-rustls = { version = "0.27", default-features = false, optional = true } [dev-dependencies] tokio = { version = "1.0", features = ["macros"] } @@ -40,5 +39,15 @@ bytes = "1" [features] default = ["tls"] -tls = ["hyper-tls"] -rustls = ["hyper-rustls", "rusttls", "rustls-native-certs"] +tls = ["dep:hyper-tls"] +# for compatibility +rustls = ["rustls-native-roots"] +_rustls = ["dep:rusttls", "dep:hyper-rustls", "hyper-rustls?/http1", "tls12", "logging", "aws-lc-rs"] +rustls-native-roots = ["_rustls", "hyper-rustls?/native-tokio"] +rustls-webpki-roots = ["_rustls", "hyper-rustls?/webpki-tokio"] +# only available for hyper-rustls +tls12 = ["rusttls?/tls12", "hyper-rustls?/tls12"] +logging = ["rusttls?/logging", "hyper-rustls?/logging"] +aws-lc-rs = ["rusttls?/aws-lc-rs", "hyper-rustls?/aws-lc-rs"] +fips = ["rusttls?/fips", "hyper-rustls?/fips"] +ring = ["rusttls?/ring", "hyper-rustls?/ring"] diff --git a/src/lib.rs b/src/lib.rs index 187282c..4f77838 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -34,7 +34,7 @@ //! * `tls` feature is enabled by default. It adds TLS support using `hyper-tls`. //! * `rustls` feature adds TLS support using `hyper-rustls`. -#[cfg(all(feature = "tls", feature = "rustls"))] +#[cfg(all(feature = "tls", feature = "_rustls"))] compile_error!( "`tls` and `rustls` features are mutually exclusive. You should enable only one of them" ); @@ -45,7 +45,7 @@ use hyper::{ rt::{Read, Write}, Uri, }; -#[cfg(feature = "rustls")] +#[cfg(feature = "_rustls")] use hyper_rustls::HttpsConnector; #[cfg(feature = "tls")] use hyper_tls::HttpsConnector; @@ -112,19 +112,28 @@ impl SocksConnector { } /// Create a new connector with TLS support - #[cfg(feature = "rustls")] + #[cfg(feature = "_rustls")] pub fn with_tls(self) -> Result, io::Error> { - let mut root_store = rusttls::RootCertStore::empty(); - for cert in rustls_native_certs::load_native_certs()? { - root_store - .add(cert) - .map_err(|err| io::Error::new(io::ErrorKind::InvalidData, err))?; - } - Ok(self.with_rustls_root_cert_store(root_store)) + use hyper_rustls::ConfigBuilderExt as _; + use rusttls::ClientConfig; + use std::sync::Arc; + + let config = ClientConfig::builder(); + + #[cfg(feature = "rustls-webpki-roots")] + let config = config.with_webpki_roots(); + + #[cfg(feature = "rustls-native-roots")] + let config = config.with_native_roots()?; + + let config = Arc::new(config.with_no_client_auth()); + + let args = (self, config); + Ok(HttpsConnector::from(args)) } /// Create a new connector with TLS support using cert store - #[cfg(feature = "rustls")] + #[cfg(feature = "_rustls")] pub fn with_rustls_root_cert_store( self, root_store: rusttls::RootCertStore,