From 3fbd583f297bb523bbf0fd6cd2a392f90994bedd Mon Sep 17 00:00:00 2001 From: Dominik Nakamura Date: Mon, 12 Jul 2021 22:37:52 +0900 Subject: [PATCH] Enable root cert providers through feature flags --- Cargo.toml | 12 +++++++++--- src/client.rs | 13 +++++++++++-- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index b531488..50c13db 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,7 +19,9 @@ all-features = true default = [] native-tls = ["native-tls-crate"] native-tls-vendored = ["native-tls", "native-tls-crate/vendored"] -rustls-tls = ["rustls", "webpki", "rustls-native-certs"] +rustls-tls = ["rustls", "webpki"] +rustls-tls-native-roots = ["rustls-tls", "rustls-native-certs"] +rustls-tls-webpki-roots = ["rustls-tls", "webpki-roots"] [dependencies] base64 = "0.13.0" @@ -43,13 +45,17 @@ version = "0.2.3" optional = true version = "0.19.0" +[dependencies.rustls-native-certs] +optional = true +version = "0.5.0" + [dependencies.webpki] optional = true version = "0.21" -[dependencies.rustls-native-certs] +[dependencies.webpki-roots] optional = true -version = "0.5.0" +version = "0.21" [dev-dependencies] criterion = "0.3.4" diff --git a/src/client.rs b/src/client.rs index d4d9492..1a473f0 100644 --- a/src/client.rs +++ b/src/client.rs @@ -71,12 +71,21 @@ mod encryption { Mode::Plain => Ok(StreamSwitcher::Plain(stream)), Mode::Tls => { let config = { + #[allow(unused_mut)] let mut config = ClientConfig::new(); - config.root_store = - rustls_native_certs::load_native_certs().map_err(|(_, err)| err)?; + #[cfg(feature = "rustls-native-roots")] + { + config.root_store = + rustls_native_certs::load_native_certs().map_err(|(_, err)| err)?; + } + #[cfg(feature = "rustls-webpki-roots")] + { + config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + } Arc::new(config) }; + let domain = DNSNameRef::try_from_ascii_str(domain).map_err(TlsError::Dns)?; let client = ClientSession::new(&config, domain); let stream = StreamOwned::new(client, stream);