Skip to content

Commit

Permalink
add webpki roots option for rustls no provider setup (#2447)
Browse files Browse the repository at this point in the history
  • Loading branch information
@stevefan1999-personal
stevefan1999-personal authored Oct 28, 2024
1 parent 598f857 commit 64aa7d1
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 21 deletions.
9 changes: 6 additions & 3 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,13 @@ native-tls-vendored = ["native-tls", "native-tls-crate?/vendored"]
rustls-tls = ["rustls-tls-webpki-roots"]
rustls-tls-no-provider = ["rustls-tls-manual-roots-no-provider"]

rustls-tls-manual-roots = ["__rustls", "__rustls-ring"]
rustls-tls-webpki-roots = ["dep:webpki-roots", "hyper-rustls?/webpki-tokio", "__rustls", "__rustls-ring"]
rustls-tls-native-roots = ["dep:rustls-native-certs", "hyper-rustls?/native-tokio", "__rustls", "__rustls-ring"]
rustls-tls-manual-roots-no-provider = ["__rustls"]
rustls-tls-webpki-roots-no-provider = ["dep:webpki-roots", "hyper-rustls?/webpki-tokio", "__rustls"]
rustls-tls-native-roots-no-provider = ["dep:rustls-native-certs", "hyper-rustls?/native-tokio", "__rustls"]

rustls-tls-manual-roots = ["rustls-tls-manual-roots-no-provider", "__rustls-ring"]
rustls-tls-webpki-roots = ["rustls-tls-webpki-roots-no-provider", "__rustls-ring"]
rustls-tls-native-roots = ["rustls-tls-native-roots-no-provider", "__rustls-ring"]

blocking = ["dep:futures-channel", "futures-channel?/sink", "futures-util/io", "futures-util/sink", "tokio/sync"]

Expand Down
24 changes: 12 additions & 12 deletions src/async_impl/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,9 +116,9 @@ struct Config {
root_certs: Vec<Certificate>,
#[cfg(feature = "__tls")]
tls_built_in_root_certs: bool,
#[cfg(feature = "rustls-tls-webpki-roots")]
#[cfg(feature = "rustls-tls-webpki-roots-no-provider")]
tls_built_in_certs_webpki: bool,
#[cfg(feature = "rustls-tls-native-roots")]
#[cfg(feature = "rustls-tls-native-roots-no-provider")]
tls_built_in_certs_native: bool,
#[cfg(feature = "__rustls")]
crls: Vec<CertificateRevocationList>,
Expand Down Expand Up @@ -215,9 +215,9 @@ impl ClientBuilder {
root_certs: Vec::new(),
#[cfg(feature = "__tls")]
tls_built_in_root_certs: true,
#[cfg(feature = "rustls-tls-webpki-roots")]
#[cfg(feature = "rustls-tls-webpki-roots-no-provider")]
tls_built_in_certs_webpki: true,
#[cfg(feature = "rustls-tls-native-roots")]
#[cfg(feature = "rustls-tls-native-roots-no-provider")]
tls_built_in_certs_native: true,
#[cfg(any(feature = "native-tls", feature = "__rustls"))]
identity: None,
Expand Down Expand Up @@ -511,12 +511,12 @@ impl ClientBuilder {
cert.add_to_rustls(&mut root_cert_store)?;
}

#[cfg(feature = "rustls-tls-webpki-roots")]
#[cfg(feature = "rustls-tls-webpki-roots-no-provider")]
if config.tls_built_in_certs_webpki {
root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
}

#[cfg(feature = "rustls-tls-native-roots")]
#[cfg(feature = "rustls-tls-native-roots-no-provider")]
if config.tls_built_in_certs_native {
let mut valid_count = 0;
let mut invalid_count = 0;
Expand Down Expand Up @@ -1490,12 +1490,12 @@ impl ClientBuilder {
pub fn tls_built_in_root_certs(mut self, tls_built_in_root_certs: bool) -> ClientBuilder {
self.config.tls_built_in_root_certs = tls_built_in_root_certs;

#[cfg(feature = "rustls-tls-webpki-roots")]
#[cfg(feature = "rustls-tls-webpki-roots-no-provider")]
{
self.config.tls_built_in_certs_webpki = tls_built_in_root_certs;
}

#[cfg(feature = "rustls-tls-native-roots")]
#[cfg(feature = "rustls-tls-native-roots-no-provider")]
{
self.config.tls_built_in_certs_native = tls_built_in_root_certs;
}
Expand All @@ -1506,8 +1506,8 @@ impl ClientBuilder {
/// Sets whether to load webpki root certs with rustls.
///
/// If the feature is enabled, this value is `true` by default.
#[cfg(feature = "rustls-tls-webpki-roots")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls-webpki-roots")))]
#[cfg(feature = "rustls-tls-webpki-roots-no-provider")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls-webpki-roots-no-provider")))]
pub fn tls_built_in_webpki_certs(mut self, enabled: bool) -> ClientBuilder {
self.config.tls_built_in_certs_webpki = enabled;
self
Expand All @@ -1516,8 +1516,8 @@ impl ClientBuilder {
/// Sets whether to load native root certs with rustls.
///
/// If the feature is enabled, this value is `true` by default.
#[cfg(feature = "rustls-tls-native-roots")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls-native-roots")))]
#[cfg(feature = "rustls-tls-native-roots-no-provider")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls-native-roots-no-provider")))]
pub fn tls_built_in_native_certs(mut self, enabled: bool) -> ClientBuilder {
self.config.tls_built_in_certs_native = enabled;
self
Expand Down
8 changes: 4 additions & 4 deletions src/blocking/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -659,17 +659,17 @@ impl ClientBuilder {
/// Sets whether to load webpki root certs with rustls.
///
/// If the feature is enabled, this value is `true` by default.
#[cfg(feature = "rustls-tls-webpki-roots")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls-webpki-roots")))]
#[cfg(feature = "rustls-tls-webpki-roots-no-provider")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls-webpki-roots-no-provider")))]
pub fn tls_built_in_webpki_certs(self, enabled: bool) -> ClientBuilder {
self.with_inner(move |inner| inner.tls_built_in_webpki_certs(enabled))
}

/// Sets whether to load native root certs with rustls.
///
/// If the feature is enabled, this value is `true` by default.
#[cfg(feature = "rustls-tls-native-roots")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls-native-roots")))]
#[cfg(feature = "rustls-tls-native-roots-no-provider")]
#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls-native-roots-no-provider")))]
pub fn tls_built_in_native_certs(self, enabled: bool) -> ClientBuilder {
self.with_inner(move |inner| inner.tls_built_in_native_certs(enabled))
}
Expand Down
4 changes: 2 additions & 2 deletions tests/badssl.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ async fn test_badssl_modern() {
}

#[cfg(any(
feature = "rustls-tls-webpki-roots",
feature = "rustls-tls-native-roots"
feature = "rustls-tls-webpki-roots-no-provider",
feature = "rustls-tls-native-roots-no-provider"
))]
#[tokio::test]
async fn test_rustls_badssl_modern() {
Expand Down

0 comments on commit 64aa7d1

Please sign in to comment.