Now, callers have more control over the set of roots.
Note that, due to cargo unification, other dependencies in the
dependency tree might enable rustls-tls-webpki-roots
or rustls-tls.
This will affect connections initiated by code that explicitly
enabled rustls-tls-manual-roots.
So for now, the choice is done once per entire cargo
dependency graph. If people want more precise control
over things, they can add methods that allow controlling
this on a per-connection level. Even if such methods
are available, the *-manual-roots feature will still be
helpful with eliminating the webpki-roots dependency
for those cargo graphs where there is no unification.
The "socks" feature has been removed for a while now, the optional
dependency on the "socks" crate commented out.
The code for actually providing the socks feature was, however, still
mostly present, if a bit out of date.
This commit re-adds the socks feature using the tokio-socks (instead of
socks) crate.
Closes#620
To allow for the default-tls to change to a different backend by
default, this adds a new `native-tls` optional feature. Any TLS feature
that was only available using native-tls now requires the `native-tls`
feature to be enabled.
- The `Error`'s kind is a now a set of variants depending on the context
of when an error could occur.
- If another error was the cause, it is now always the `source`.
Along with the `is_*` methods, this should help in understanding *when*
a certain error occurred. For example, an error setting the TLS
certificates will return a builder error, with the TLS error as the
source. This should help differentiate from a TLS error that happens
when connecting to a server.
It also makes the internal code less dependent on all the exact
dependencies that can be enabled or disabled.
Before the fix anything other than 200 & 407 would throw an unhelpful
`unsuccessful tunnel` error.
After this change,
- Explicit handling of 403, where the proxy forbids a connection.
- All other responses will be part of the error message.
- System Conf is read as `ClientBuilder::build()` time, providing the
error earlier.
- If there is an error reading the resolve system conf, a better error
is reported.
- Resolver only needs to lock a mutex once to spawn the background task,
instead of every single `resolve` call.
