Skip to content

Commit

Permalink
feat(download/rustls): use rustls-platform-verifier
Browse files Browse the repository at this point in the history
  • Loading branch information
rami3l committed Jun 25, 2024
1 parent d85502c commit fb662c5
Show file tree
Hide file tree
Showing 3 changed files with 129 additions and 13 deletions.
122 changes: 111 additions & 11 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 8 additions & 1 deletion download/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,21 @@ default = ["reqwest-backend", "reqwest-rustls-tls", "reqwest-native-tls"]
curl-backend = ["curl"]
reqwest-backend = ["reqwest", "env_proxy"]
reqwest-native-tls = ["reqwest/native-tls", "dep:once_cell"]
reqwest-rustls-tls = ["reqwest/rustls-tls-native-roots", "dep:once_cell"]
reqwest-rustls-tls = [
"reqwest/rustls-tls-manual-roots-no-provider",
"dep:rustls",
"dep:rustls-platform-verifier",
"dep:once_cell",
]

[dependencies]
anyhow.workspace = true
curl = { version = "0.4.44", optional = true }
env_proxy = { version = "0.4.1", optional = true }
once_cell = { workspace = true, optional = true }
reqwest = { version = "0.12", default-features = false, features = ["blocking", "gzip", "socks", "stream"], optional = true }
rustls = { version = "0.23", optional = true, default-features = false, features = ["logging", "ring", "tls12"] }
rustls-platform-verifier = { version = "0.3", optional = true }
thiserror.workspace = true
tokio = { workspace = true, default-features = false, features = ["sync"] }
tokio-stream.workspace = true
Expand Down
11 changes: 10 additions & 1 deletion download/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -294,12 +294,16 @@ pub mod reqwest_be {
compile_error!("Must select a reqwest TLS backend");

use std::io;
#[cfg(feature = "reqwest-rustls-tls")]
use std::sync::Arc;
use std::time::Duration;

use anyhow::{anyhow, Context, Result};
#[cfg(any(feature = "reqwest-rustls-tls", feature = "reqwest-native-tls"))]
use once_cell::sync::Lazy;
use reqwest::{header, Client, ClientBuilder, Proxy, Response};
#[cfg(feature = "reqwest-rustls-tls")]
use rustls::crypto::ring;
use tokio_stream::StreamExt;
use url::Url;

Expand Down Expand Up @@ -353,7 +357,12 @@ pub mod reqwest_be {
static CLIENT_RUSTLS_TLS: Lazy<Client> = Lazy::new(|| {
let catcher = || {
client_generic()
.use_rustls_tls()
.use_preconfigured_tls(
rustls_platform_verifier::tls_config_with_provider(Arc::new(
ring::default_provider(),
))
.expect("failed to initialize pre-configured rustls backend"),
)
.user_agent(super::REQWEST_RUSTLS_TLS_USER_AGENT)
.build()
};
Expand Down

0 comments on commit fb662c5

Please sign in to comment.