Ignoring validation seems broken as some default functions actually do
check. That is fine for the proper TLS validation, but gets in the way
when someone wants to skip TLS validation (e.g. for self-signed
certificates).
This change re-implements these default functions in a way that they
do not check, but return "success" all the time.
Fixes#1210
Now, callers have more control over the set of roots.
Note that, due to cargo unification, other dependencies in the
dependency tree might enable rustls-tls-webpki-roots
or rustls-tls.
This will affect connections initiated by code that explicitly
enabled rustls-tls-manual-roots.
So for now, the choice is done once per entire cargo
dependency graph. If people want more precise control
over things, they can add methods that allow controlling
this on a per-connection level. Even if such methods
are available, the *-manual-roots feature will still be
helpful with eliminating the webpki-roots dependency
for those cargo graphs where there is no unification.
To allow for the default-tls to change to a different backend by
default, this adds a new `native-tls` optional feature. Any TLS feature
that was only available using native-tls now requires the `native-tls`
feature to be enabled.
- The `Error`'s kind is a now a set of variants depending on the context
of when an error could occur.
- If another error was the cause, it is now always the `source`.
Along with the `is_*` methods, this should help in understanding *when*
a certain error occurred. For example, an error setting the TLS
certificates will return a builder error, with the TLS error as the
source. This should help differentiate from a TLS error that happens
when connecting to a server.
It also makes the internal code less dependent on all the exact
dependencies that can be enabled or disabled.
This makes it easier to parse Certificates in advance and pass them as
clones for each client request.
Signed-off-by: Timothée Ravier <timothee.ravier@ssi.gouv.fr>
- Bumps `native-tls` dependency to 0.2 and adapt code accordingly
- Import code used from `tokio-tls` into `connect_async` and adapt dependencies accordinlgy
- Add an option for using `danger_accept_invalid_certs` inside the `Config` struct
