forked/reqwest-impersonate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add option to configure TLS server name indication (SNI) (#1669)

Browse Source
This commit is contained in:
Alvenix
2022-11-09 17:49:58 +03:00
committed by GitHub
parent f11e958433
commit e302f75b60
2 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/async_impl/client.rs
View File

@@ -83,6 +83,8 @@ struct Config {
hostname_verification: bool, hostname_verification: bool,
#[cfg(feature = "__tls")] #[cfg(feature = "__tls")]
certs_verification: bool, certs_verification: bool,
#[cfg(feature = "__tls")]
tls_sni: bool,
connect_timeout: Option<Duration>, connect_timeout: Option<Duration>,
connection_verbose: bool, connection_verbose: bool,
pool_idle_timeout: Option<Duration>, pool_idle_timeout: Option<Duration>,
@@ -150,6 +152,8 @@ impl ClientBuilder {
hostname_verification: true, hostname_verification: true,
#[cfg(feature = "__tls")] #[cfg(feature = "__tls")]
certs_verification: true, certs_verification: true,
#[cfg(feature = "__tls")]
tls_sni: true,
connect_timeout: None, connect_timeout: None,
connection_verbose: false, connection_verbose: false,
pool_idle_timeout: Some(Duration::from_secs(90)), pool_idle_timeout: Some(Duration::from_secs(90)),
@@ -268,6 +272,8 @@ impl ClientBuilder {
tls.danger_accept_invalid_certs(!config.certs_verification); tls.danger_accept_invalid_certs(!config.certs_verification);
tls.use_sni(config.tls_sni);
tls.disable_built_in_roots(!config.tls_built_in_root_certs); tls.disable_built_in_roots(!config.tls_built_in_root_certs);
for cert in config.root_certs { for cert in config.root_certs {
@@ -429,6 +435,8 @@ impl ClientBuilder {
.set_certificate_verifier(Arc::new(NoVerifier)); .set_certificate_verifier(Arc::new(NoVerifier));
} }
tls.enable_sni = config.tls_sni;
// ALPN protocol // ALPN protocol
match config.http_version_pref { match config.http_version_pref {
HttpVersionPref::Http1 => { HttpVersionPref::Http1 => {
@@ -1140,6 +1148,28 @@ impl ClientBuilder {
self self
} }
/// Controls the use of TLS server name indication.
///
/// Defaults to `true`.
///
/// # Optional
///
/// This requires the optional `default-tls`, `native-tls`, or `rustls-tls(-...)`
/// feature to be enabled.
#[cfg(feature = "__tls")]
#[cfg_attr(
docsrs,
doc(cfg(any(
feature = "default-tls",
feature = "native-tls",
feature = "rustls-tls"
)))
)]
pub fn tls_sni(mut self, tls_sni: bool) -> ClientBuilder {
self.config.tls_sni = tls_sni;
self
}
/// Set the minimum required TLS version for connections. /// Set the minimum required TLS version for connections.
/// ///
/// By default the TLS backend's own default is used. /// By default the TLS backend's own default is used.
@@ -1706,6 +1736,8 @@ impl Config {
if let Some(ref max_tls_version) = self.max_tls_version { if let Some(ref max_tls_version) = self.max_tls_version {
f.field("max_tls_version", max_tls_version); f.field("max_tls_version", max_tls_version);
} }
f.field("tls_sni", &self.tls_sni);
} }
#[cfg(all(feature = "native-tls-crate", feature = "__rustls"))] #[cfg(all(feature = "native-tls-crate", feature = "__rustls"))]

16
src/blocking/client.rs
View File

@@ -620,6 +620,22 @@ impl ClientBuilder {
self.with_inner(|inner| inner.danger_accept_invalid_certs(accept_invalid_certs)) self.with_inner(|inner| inner.danger_accept_invalid_certs(accept_invalid_certs))
} }
/// Controls the use of TLS server name indication.
///
/// Defaults to `true`.
#[cfg(feature = "__tls")]
#[cfg_attr(
docsrs,
doc(cfg(any(
feature = "default-tls",
feature = "native-tls",
feature = "rustls-tls"
)))
)]
pub fn tls_sni(self, tls_sni: bool) -> ClientBuilder {
self.with_inner(|inner| inner.tls_sni(tls_sni))
}
/// Set the minimum required TLS version for connections. /// Set the minimum required TLS version for connections.
/// ///
/// By default the TLS backend's own default is used. /// By default the TLS backend's own default is used.