forked/reqwest-impersonate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a rustls-tls-native-roots feature

Browse Source 
Adds an optional cargo feature to load certificates
from the OS native certificate store.
This commit is contained in:
est31
2020-10-16 19:56:27 +02:00
committed by Sean McArthur
parent 3ea9f92f24
commit 23aaa0b60e
4 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/async_impl/client.rs
View File

@@ -21,6 +21,8 @@ use http::Uri;
use hyper::client::ResponseFuture;
#[cfg(feature = "native-tls-crate")]
use native_tls_crate::TlsConnector;
#[cfg(feature = "rustls-tls-native-roots")]
use rustls::RootCertStore;
use std::future::Future;
use std::pin::Pin;
use std::task::{Context, Poll};
@@ -259,6 +261,11 @@ impl ClientBuilder {
#[cfg(feature = "rustls-tls-webpki-roots")]
tls.root_store
.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
#[cfg(feature = "rustls-tls-native-roots")]
{
let roots_slice = NATIVE_ROOTS.as_ref().unwrap().roots.as_slice();
tls.root_store.roots.extend_from_slice(roots_slice);
}
if !config.certs_verification {
tls.dangerous()
@@ -1540,6 +1547,11 @@ fn add_cookie_header(headers: &mut HeaderMap, cookie_store: &cookie::CookieStore
}
}
#[cfg(feature = "rustls-tls-native-roots")]
lazy_static! {
static ref NATIVE_ROOTS: std::io::Result<RootCertStore> = rustls_native_certs::load_native_certs().map_err(|e| e.1);
}
#[cfg(test)]
mod tests {
#[tokio::test]

4
src/lib.rs
View File

@@ -174,7 +174,9 @@
//! - **rustls-tls-manual-roots**: Enables TLS functionality provided by `rustls`,
//! without setting any root certificates. Roots have to be specified manually.
//! - **rustls-tls-webpki-roots**: Enables TLS functionality provided by `rustls`,
//! while using root certificates from the `webpki-roots` crate
//! while using root certificates from the `webpki-roots` crate.
//! - **rustls-tls-native-roots**: Enables TLS functionality provided by `rustls`,
//! while using root certificates from the `rustls-native-certs` crate.
//! - **blocking**: Provides the [blocking][] client API.
//! - **cookies**: Provides cookie session support.
//! - **gzip**: Provides response body gzip decompression.