From e89b49c16dd91eeb99598aa36dbdd87523051c2a Mon Sep 17 00:00:00 2001 From: Yusuf Bera Ertan Date: Mon, 31 May 2021 22:32:40 +0300 Subject: [PATCH] feat: add two new features to allow using webpki-roots or rustls-native-certs --- Cargo.toml | 7 ++++- README.md | 10 ++++++-- src/lib.rs | 13 +++++++--- src/tokio.rs | 62 ++++++++++++++++++++++++++++++++++----------- src/tokio/rustls.rs | 6 +++++ 5 files changed, 77 insertions(+), 21 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index f404e26..55de5cb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,8 @@ gio-runtime = ["gio", "glib"] async-tls = ["real-async-tls"] async-native-tls = ["async-std-runtime", "real-async-native-tls", "tungstenite/native-tls"] tokio-native-tls = ["tokio-runtime", "real-tokio-native-tls", "real-native-tls", "tungstenite/native-tls"] -tokio-rustls = ["tokio-runtime", "real-tokio-rustls", "webpki-roots", "tungstenite/rustls-tls"] +tokio-rustls-webpki-roots = ["tokio-runtime", "real-tokio-rustls", "webpki-roots", "tungstenite/rustls-tls"] +tokio-rustls-native-certs = ["tokio-runtime", "real-tokio-rustls", "rustls-native-certs", "tungstenite/rustls-tls"] tokio-openssl = ["tokio-runtime", "real-tokio-openssl", "openssl"] [package.metadata.docs.rs] @@ -79,6 +80,10 @@ optional = true version = "^0.22" package = "tokio-rustls" +[dependencies.rustls-native-certs] +optional = true +version = "0.5" + [dependencies.webpki-roots] optional = true version = "0.21" diff --git a/README.md b/README.md index fe741fe..5e5b38c 100644 --- a/README.md +++ b/README.md @@ -43,8 +43,14 @@ integration with various other crates can be enabled via feature flags with the [tokio](https://tokio.rs) runtime. * `tokio-native-tls`: Enables the additional functions in the `tokio` module to implement TLS via [tokio-native-tls](https://crates.io/crates/tokio-native-tls). - * `tokio-rustls`: Enables the additional functions in the `tokio` module to - implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls). + * `tokio-rustls-native-certs`: Enables the additional functions in the `tokio` + module to implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls) + and uses native system certificates found with + [rustls-native-certs](https://github.com/rustls/rustls-native-certs). + * `tokio-rustls-webpki-roots`: Enables the additional functions in the `tokio` + module to implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls) + and uses the certificates [webpki-roots](https://github.com/rustls/webpki-roots) + provides. * `gio-runtime`: Enables the `gio` module, which provides integration with the [gio](https://gtk-rs.org) runtime. diff --git a/src/lib.rs b/src/lib.rs index 85e86c8..7dd2d11 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -18,8 +18,14 @@ //! with the [tokio](https://tokio.rs) runtime. //! * `tokio-native-tls`: Enables the additional functions in the `tokio` module to //! implement TLS via [tokio-native-tls](https://crates.io/crates/tokio-native-tls). -//! * `tokio-rustls`: Enables the additional functions in the `tokio` module to -//! implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls). +//! * `tokio-rustls-native-certs`: Enables the additional functions in the `tokio` +//! module to implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls) +//! and uses native system certificates found with +//! [rustls-native-certs](https://github.com/rustls/rustls-native-certs). +//! * `tokio-rustls-webpki-roots`: Enables the additional functions in the `tokio` +//! module to implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls) +//! and uses the certificates [webpki-roots](https://github.com/rustls/webpki-roots) +//! provides. //! * `tokio-openssl`: Enables the additional functions in the `tokio` module to //! implement TLS via [tokio-openssl](https://crates.io/crates/tokio-openssl). //! * `gio-runtime`: Enables the `gio` module, which provides integration with @@ -45,7 +51,8 @@ mod handshake; feature = "async-tls", feature = "async-native-tls", feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", ))] pub mod stream; diff --git a/src/tokio.rs b/src/tokio.rs index bbb01b1..8de54b5 100644 --- a/src/tokio.rs +++ b/src/tokio.rs @@ -15,13 +15,23 @@ use futures_io::{AsyncRead, AsyncWrite}; #[path = "tokio/native_tls.rs"] mod tls; -#[cfg(all(feature = "tokio-rustls", not(feature = "tokio-native-tls")))] +#[cfg(all( + any( + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots" + ), + not(feature = "tokio-native-tls") +))] #[path = "tokio/rustls.rs"] mod tls; #[cfg(all( feature = "tokio-openssl", - not(any(feature = "tokio-native-tls", feature = "tokio-rustls")) + not(any( + feature = "tokio-native-tls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots" + )) ))] #[path = "tokio/openssl.rs"] mod tls; @@ -30,7 +40,8 @@ mod tls; feature = "async-tls", not(any( feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl" )) ))] @@ -39,7 +50,8 @@ mod tls; #[cfg(not(any( feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", feature = "async-tls" )))] @@ -48,14 +60,16 @@ mod tls; #[cfg(any( feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", feature = "async-tls", ))] pub use self::tls::client_async_tls_with_connector_and_config; #[cfg(any( feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", feature = "async-tls" ))] @@ -63,7 +77,8 @@ use self::tls::{AutoStream, Connector}; #[cfg(not(any( feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", feature = "async-tls" )))] @@ -171,7 +186,8 @@ pub type ClientStream = AutoStream; #[cfg(any( feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", all(feature = "async-tls", not(feature = "tokio-openssl")) ))] /// Creates a WebSocket handshake from a request and a stream, @@ -190,7 +206,8 @@ where #[cfg(any( feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", all(feature = "async-tls", not(feature = "tokio-openssl")) ))] /// Creates a WebSocket handshake from a request and a stream, @@ -211,7 +228,8 @@ where #[cfg(any( feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", all(feature = "async-tls", not(feature = "tokio-openssl")) ))] /// Creates a WebSocket handshake from a request and a stream, @@ -232,7 +250,11 @@ where #[cfg(all( feature = "tokio-openssl", - not(any(feature = "tokio-native-tls", feature = "tokio-rustls")) + not(any( + feature = "tokio-native-tls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots" + )) ))] /// Creates a WebSocket handshake from a request and a stream, /// upgrading the stream to TLS if required. @@ -256,7 +278,11 @@ where #[cfg(all( feature = "tokio-openssl", - not(any(feature = "tokio-native-tls", feature = "tokio-rustls")) + not(any( + feature = "tokio-native-tls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots" + )) ))] /// Creates a WebSocket handshake from a request and a stream, /// upgrading the stream to TLS if required and using the given @@ -282,7 +308,11 @@ where #[cfg(all( feature = "tokio-openssl", - not(any(feature = "tokio-native-tls", feature = "tokio-rustls")) + not(any( + feature = "tokio-native-tls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots" + )) ))] /// Creates a WebSocket handshake from a request and a stream, /// upgrading the stream to TLS if required and using the given @@ -340,7 +370,8 @@ where #[cfg(any( feature = "async-tls", feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl" ))] /// Connect to a given URL using the provided TLS connector. @@ -357,7 +388,8 @@ where #[cfg(any( feature = "async-tls", feature = "tokio-native-tls", - feature = "tokio-rustls", + feature = "tokio-rustls-native-certs", + feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl" ))] /// Connect to a given URL using the provided TLS connector. diff --git a/src/tokio/rustls.rs b/src/tokio/rustls.rs index f7ceaab..0da5fda 100644 --- a/src/tokio/rustls.rs +++ b/src/tokio/rustls.rs @@ -36,6 +36,12 @@ where connector } else { let mut config = ClientConfig::new(); + #[cfg(feature = "tokio-rustls-native-certs")] + { + config.root_store = + rustls_native_certs::load_native_certs().map_err(|(_, err)| err)?; + } + #[cfg(feature = "tokio-rustls-webpki-roots")] config .root_store .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);