Skip to content

Commit

Permalink
Use process-wide default rustls backend if set
Browse files Browse the repository at this point in the history
  • Loading branch information
laniakea64 authored Aug 12, 2024
1 parent 85b2795 commit 5f2a503
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 13 deletions.
4 changes: 2 additions & 2 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -429,7 +429,7 @@ pub(crate) mod test {

let agent: Agent = AgentConfig {
tls_config: TlsConfig {
provider: TlsProvider::RustlsWithRing,
provider: TlsProvider::Rustls,
..Default::default()
},
..Default::default()
Expand Down Expand Up @@ -488,7 +488,7 @@ pub(crate) mod test {

let agent: Agent = AgentConfig {
tls_config: TlsConfig {
provider: TlsProvider::RustlsWithRing,
provider: TlsProvider::Rustls,
root_certs: RootCerts::WebPki,
..Default::default()
},
Expand Down
17 changes: 9 additions & 8 deletions src/tls/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,19 +17,20 @@ pub use self::native_tls::NativeTlsConnector;

/// Setting for which TLS provider to use.
///
/// Defaults to [`RustlsWithRing`][Self::RustlsWithRing] because this has the highest chance
/// Defaults to [`Rustls`][Self::Rustls] because this has the highest chance
/// to compile and "just work" straight out of the box without installing additional
/// development dependencies.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[non_exhaustive]
pub enum TlsProvider {
/// [Rustls](https://crates.io/crates/rustls) with [Ring](https://crates.io/crates/ring) as
/// cryptographic backend.
/// [Rustls](https://crates.io/crates/rustls) with the
/// [process-wide default cryptographic backend](https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html#method.install_default),
/// or [Ring](https://crates.io/crates/ring) if no process-wide default is set.
///
/// Requires the feature flag **rustls**.
///
/// This is the default.
RustlsWithRing,
Rustls,

/// [Native-TLS](https://crates.io/crates/native-tls) for cases where it's important to
/// use the TLS libraries installed on the host running ureq.
Expand All @@ -44,7 +45,7 @@ pub enum TlsProvider {
impl TlsProvider {
pub(crate) fn is_feature_enabled(&self) -> bool {
match self {
TlsProvider::RustlsWithRing => {
TlsProvider::Rustls => {
cfg!(feature = "rustls")
}
TlsProvider::NativeTls => {
Expand All @@ -55,7 +56,7 @@ impl TlsProvider {

pub(crate) fn feature_name(&self) -> &'static str {
match self {
TlsProvider::RustlsWithRing => "rustls",
TlsProvider::Rustls => "rustls",
TlsProvider::NativeTls => "native-tls",
}
}
Expand All @@ -69,7 +70,7 @@ impl TlsProvider {
pub struct TlsConfig {
/// The provider to use.
///
/// Defaults to [`TlsProvider::RustlsWithRing`].
/// Defaults to [`TlsProvider::Rustls`].
pub provider: TlsProvider,

/// Client certificate chains with corresponding private keys.
Expand Down Expand Up @@ -132,6 +133,6 @@ impl Default for TlsConfig {

impl Default for TlsProvider {
fn default() -> Self {
Self::RustlsWithRing
Self::Rustls
}
}
6 changes: 4 additions & 2 deletions src/tls/rustls.rs
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ impl Connector for RustlsConnector {
return Ok(Some(transport));
}

if details.config.tls_config.provider != TlsProvider::RustlsWithRing {
if details.config.tls_config.provider != TlsProvider::Rustls {
debug!("Skip because config is not set to Rustls");
return Ok(Some(transport));
}
Expand Down Expand Up @@ -91,7 +91,9 @@ impl Connector for RustlsConnector {
fn build_config(tls_config: &TlsConfig) -> Arc<ClientConfig> {
// Improve chances of ureq working out-of-the-box by not requiring the user
// to select a default crypto provider.
let provider = Arc::new(rustls::crypto::ring::default_provider());
let provider = rustls::crypto::CryptoProvider::get_default()
.cloned()
.unwrap_or(Arc::new(rustls::crypto::ring::default_provider()));

let builder = ClientConfig::builder_with_provider(provider.clone())
.with_protocol_versions(ALL_VERSIONS)
Expand Down
2 changes: 1 addition & 1 deletion src/transport/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ impl Default for DefaultConnector {
// Panic if the config calls for rustls, the uri scheme is https and that
// TLS provider is not enabled by feature flags.
#[cfg(feature = "_tls")]
no_tls::WarnOnMissingTlsProvider(crate::tls::TlsProvider::RustlsWithRing).boxed(),
no_tls::WarnOnMissingTlsProvider(crate::tls::TlsProvider::Rustls).boxed(),
//
// As a fallback if rustls isn't enabled, use native-tls
#[cfg(feature = "native-tls")]
Expand Down

0 comments on commit 5f2a503

Please sign in to comment.