This change allows the `ClientBuilder::resolve_to_addrs` method to accept a
slice of `SocketAddr`s for overriding resolution for a single domain.
Allowing multiple IPs more accurately reflects behavior of `getaddrinfo`
and allows users to rely on hyper's happy eyeballs algorithm to connect
to a host that can accept traffic on IPv4 and IPv6.
This change allows users to bypass the selected DNS resolver for
specific domains. The allows, for example, to make calls to a local TLS
server by rerouting a given domain to 127.0.0.1.
The approach I've taken for the design is to wrap the resolver in an
outer service. This leads to a fair amount of boilerplate code mainly to
be able to explain the typing to the compiler. The actual business logic
is very simple for the number of lines involved.
Closes#561
Now, callers have more control over the set of roots.
Note that, due to cargo unification, other dependencies in the
dependency tree might enable rustls-tls-webpki-roots
or rustls-tls.
This will affect connections initiated by code that explicitly
enabled rustls-tls-manual-roots.
So for now, the choice is done once per entire cargo
dependency graph. If people want more precise control
over things, they can add methods that allow controlling
this on a per-connection level. Even if such methods
are available, the *-manual-roots feature will still be
helpful with eliminating the webpki-roots dependency
for those cargo graphs where there is no unification.
The "socks" feature has been removed for a while now, the optional
dependency on the "socks" crate commented out.
The code for actually providing the socks feature was, however, still
mostly present, if a bit out of date.
This commit re-adds the socks feature using the tokio-socks (instead of
socks) crate.
Closes#620
To allow for the default-tls to change to a different backend by
default, this adds a new `native-tls` optional feature. Any TLS feature
that was only available using native-tls now requires the `native-tls`
feature to be enabled.
- The `Error`'s kind is a now a set of variants depending on the context
of when an error could occur.
- If another error was the cause, it is now always the `source`.
Along with the `is_*` methods, this should help in understanding *when*
a certain error occurred. For example, an error setting the TLS
certificates will return a builder error, with the TLS error as the
source. This should help differentiate from a TLS error that happens
when connecting to a server.
It also makes the internal code less dependent on all the exact
dependencies that can be enabled or disabled.
Before the fix anything other than 200 & 407 would throw an unhelpful
`unsuccessful tunnel` error.
After this change,
- Explicit handling of 403, where the proxy forbids a connection.
- All other responses will be part of the error message.
