diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1a9dc4b..4d0d139 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,6 +70,9 @@ jobs: - name: Check tokio-runtime, tokio-rustls-webpki-roots run: cargo check --features tokio-runtime,tokio-rustls-webpki-roots + - name: Check tokio-runtime, tokio-rustls-manual-roots + run: cargo check --features tokio-runtime,tokio-rustls-manual-roots + - name: Check tokio-runtime, tokio-openssl run: cargo check --features tokio-runtime,tokio-openssl diff --git a/Cargo.toml b/Cargo.toml index 4f91cfc..39e2614 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,11 +23,14 @@ gio-runtime = ["gio", "glib", "handshake"] async-tls = ["real-async-tls", "handshake"] async-native-tls = ["async-std-runtime", "real-async-native-tls", "tungstenite/native-tls"] tokio-native-tls = ["tokio-runtime", "real-tokio-native-tls", "real-native-tls", "tungstenite/native-tls"] -tokio-rustls-webpki-roots = ["tokio-runtime", "real-tokio-rustls", "webpki-roots", "tungstenite/__rustls-tls"] -tokio-rustls-native-certs = ["tokio-runtime", "real-tokio-rustls", "rustls-native-certs", "tungstenite/__rustls-tls"] +tokio-rustls-manual-roots = ["__rustls-tls"] +tokio-rustls-webpki-roots = ["__rustls-tls", "webpki-roots"] +tokio-rustls-native-certs = ["__rustls-tls", "rustls-native-certs"] tokio-openssl = ["tokio-runtime", "real-tokio-openssl", "openssl"] verbose-logging = [] +__rustls-tls = ["tokio-runtime", "real-tokio-rustls", "tungstenite/__rustls-tls"] + [package.metadata.docs.rs] features = ["async-std-runtime", "tokio-runtime", "gio-runtime", "async-tls", "async-native-tls", "tokio-native-tls"] diff --git a/src/lib.rs b/src/lib.rs index f8ff30f..7e6bb9b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -51,6 +51,7 @@ mod handshake; feature = "async-tls", feature = "async-native-tls", feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", diff --git a/src/tokio.rs b/src/tokio.rs index 9908591..362bce3 100644 --- a/src/tokio.rs +++ b/src/tokio.rs @@ -17,6 +17,7 @@ mod tls; #[cfg(all( any( + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots" ), @@ -29,6 +30,7 @@ mod tls; feature = "tokio-openssl", not(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots" )) @@ -40,6 +42,7 @@ mod tls; feature = "async-tls", not(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl" @@ -50,6 +53,7 @@ mod tls; #[cfg(not(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", @@ -60,6 +64,7 @@ mod tls; #[cfg(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", @@ -68,6 +73,7 @@ mod tls; pub use self::tls::client_async_tls_with_connector_and_config; #[cfg(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", @@ -77,6 +83,7 @@ use self::tls::{AutoStream, Connector}; #[cfg(not(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", @@ -85,6 +92,7 @@ use self::tls::{AutoStream, Connector}; pub use self::tls::client_async_tls_with_connector_and_config; #[cfg(not(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl", @@ -196,6 +204,7 @@ pub type ClientStream = AutoStream; feature = "tokio-native-tls", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", + all(feature = "__rustls-tls", not(feature = "tokio-rustls-manual-roots")), // No roots will be available all(feature = "async-tls", not(feature = "tokio-openssl")) ))] /// Creates a WebSocket handshake from a request and a stream, @@ -216,6 +225,7 @@ where feature = "tokio-native-tls", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", + all(feature = "__rustls-tls", not(feature = "tokio-rustls-manual-roots")), // No roots will be available all(feature = "async-tls", not(feature = "tokio-openssl")) ))] /// Creates a WebSocket handshake from a request and a stream, @@ -236,6 +246,7 @@ where #[cfg(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", all(feature = "async-tls", not(feature = "tokio-openssl")) @@ -260,6 +271,7 @@ where feature = "tokio-openssl", not(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots" )) @@ -288,6 +300,7 @@ where feature = "tokio-openssl", not(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots" )) @@ -318,6 +331,7 @@ where feature = "tokio-openssl", not(any( feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots" )) @@ -378,6 +392,7 @@ where #[cfg(any( feature = "async-tls", feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl" @@ -396,6 +411,7 @@ where #[cfg(any( feature = "async-tls", feature = "tokio-native-tls", + feature = "tokio-rustls-manual-roots", feature = "tokio-rustls-native-certs", feature = "tokio-rustls-webpki-roots", feature = "tokio-openssl" diff --git a/src/tokio/rustls.rs b/src/tokio/rustls.rs index 8f738f8..aeb8ffb 100644 --- a/src/tokio/rustls.rs +++ b/src/tokio/rustls.rs @@ -37,7 +37,14 @@ where let connector = if let Some(connector) = connector { connector } else { + #[cfg(feature = "tokio-rustls-manual-roots")] + log::error!("tokio-rustls-manual-roots was selected, but no connector was provided! No certificates can be verified in this state."); + + #[cfg(feature = "tokio-rustls-manual-roots")] + let root_store = RootCertStore::empty(); + #[cfg(not(feature = "tokio-rustls-manual-roots"))] let mut root_store = RootCertStore::empty(); + #[cfg(feature = "tokio-rustls-native-certs")] { use real_tokio_rustls::rustls::Certificate; @@ -50,7 +57,8 @@ where } #[cfg(all( feature = "tokio-rustls-webpki-roots", - not(feature = "tokio-rustls-native-certs") + not(feature = "tokio-rustls-native-certs"), + not(feature = "tokio-rustls-manual-roots") ))] { use real_tokio_rustls::rustls::OwnedTrustAnchor;