Enable root cert providers through feature flags

pull/217/head
Dominik Nakamura 3 years ago
parent 2f40edb91e
commit 3fbd583f29
No known key found for this signature in database
GPG Key ID: E4C6A749B2491910
  1. 12
      Cargo.toml
  2. 9
      src/client.rs

@ -19,7 +19,9 @@ all-features = true
default = [] default = []
native-tls = ["native-tls-crate"] native-tls = ["native-tls-crate"]
native-tls-vendored = ["native-tls", "native-tls-crate/vendored"] native-tls-vendored = ["native-tls", "native-tls-crate/vendored"]
rustls-tls = ["rustls", "webpki", "rustls-native-certs"] rustls-tls = ["rustls", "webpki"]
rustls-tls-native-roots = ["rustls-tls", "rustls-native-certs"]
rustls-tls-webpki-roots = ["rustls-tls", "webpki-roots"]
[dependencies] [dependencies]
base64 = "0.13.0" base64 = "0.13.0"
@ -43,13 +45,17 @@ version = "0.2.3"
optional = true optional = true
version = "0.19.0" version = "0.19.0"
[dependencies.rustls-native-certs]
optional = true
version = "0.5.0"
[dependencies.webpki] [dependencies.webpki]
optional = true optional = true
version = "0.21" version = "0.21"
[dependencies.rustls-native-certs] [dependencies.webpki-roots]
optional = true optional = true
version = "0.5.0" version = "0.21"
[dev-dependencies] [dev-dependencies]
criterion = "0.3.4" criterion = "0.3.4"

@ -71,12 +71,21 @@ mod encryption {
Mode::Plain => Ok(StreamSwitcher::Plain(stream)), Mode::Plain => Ok(StreamSwitcher::Plain(stream)),
Mode::Tls => { Mode::Tls => {
let config = { let config = {
#[allow(unused_mut)]
let mut config = ClientConfig::new(); let mut config = ClientConfig::new();
#[cfg(feature = "rustls-native-roots")]
{
config.root_store = config.root_store =
rustls_native_certs::load_native_certs().map_err(|(_, err)| err)?; rustls_native_certs::load_native_certs().map_err(|(_, err)| err)?;
}
#[cfg(feature = "rustls-webpki-roots")]
{
config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
}
Arc::new(config) Arc::new(config)
}; };
let domain = DNSNameRef::try_from_ascii_str(domain).map_err(TlsError::Dns)?; let domain = DNSNameRef::try_from_ascii_str(domain).map_err(TlsError::Dns)?;
let client = ClientSession::new(&config, domain); let client = ClientSession::new(&config, domain);
let stream = StreamOwned::new(client, stream); let stream = StreamOwned::new(client, stream);

Loading…
Cancel
Save