From 0f0125c30a61817906fe10bbb67771a7a46e5bc3 Mon Sep 17 00:00:00 2001 From: Jens Reidel Date: Fri, 13 Sep 2024 15:01:22 +0200 Subject: [PATCH] Add rustls-bring-your-own-connector feature Signed-off-by: Jens Reidel --- Cargo.toml | 1 + README.md | 1 + src/error.rs | 29 +++++++++++++++++++---------- src/tls.rs | 36 ++++++++++++++++++++++++------------ 4 files changed, 45 insertions(+), 22 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index bd0c1e24ee7..d7de6659dd8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -62,6 +62,7 @@ native-tls = ["dep:tokio-native-tls"] rustls-webpki-roots = ["dep:rustls-pki-types", "dep:tokio-rustls", "dep:webpki-roots"] rustls-native-roots = ["dep:rustls-pki-types", "dep:tokio-rustls", "dep:rustls-native-certs"] rustls-platform-verifier = ["dep:rustls-pki-types", "dep:tokio-rustls", "dep:rustls-platform-verifier"] +rustls-bring-your-own-connector = ["dep:rustls-pki-types", "dep:tokio-rustls"] rustls-tls12 = ["tokio-rustls?/tls12"] nightly = ["simdutf8?/aarch64_neon_prefetch"] diff --git a/README.md b/README.md index 73680da621d..dc4feef6898 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,7 @@ TLS is supported via any of the following feature flags: - `rustls-webpki-roots` for a [`tokio-rustls`](https://docs.rs/tokio-rustls/latest/tokio_rustls/) backed implementation with [`webpki-roots`](https://docs.rs/webpki-roots/latest/webpki_roots/) - `rustls-native-roots` for a [`tokio-rustls`](https://docs.rs/tokio-rustls/latest/tokio_rustls/) backed implementation with [`rustls-native-certs`](https://docs.rs/rustls-native-certs/latest/rustls_native_certs/) - `rustls-platform-verifier` for a [`tokio-rustls`](https://docs.rs/tokio-rustls/latest/tokio_rustls/) backed implementation with [`rustls-platform-verifier`](https://docs.rs/rustls-platform-verifier/latest/rustls_platform_verifier/) +- `rustls-bring-your-own-connector` for a [`tokio-rustls`](https://docs.rs/tokio-rustls/latest/tokio_rustls/) backed implementation that requires you to create your own `Connector::Rustls` - the `Connector::new` method will return a plain connector The `rustls-*-roots` and `rustls-platform-verifier` features require a crypto provider for `rustls`. You can either enable the `aws_lc_rs` (optionally also FIPS-compliant via the `fips` feature) or `ring` features to use these crates as the providers and then use `TlsConnector::new()`, or bring your own with `TlsConnector::new_rustls_with_crypto_provider()`. diff --git a/src/error.rs b/src/error.rs index 4c9d86c151a..d8462f3352b 100644 --- a/src/error.rs +++ b/src/error.rs @@ -4,7 +4,8 @@ use std::{fmt, io}; #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] use rustls_pki_types::InvalidDnsNameError; #[cfg(feature = "native-tls")] @@ -36,14 +37,16 @@ pub enum Error { #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] InvalidDNSName(InvalidDnsNameError), /// A general rustls error. #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Rustls(tokio_rustls::rustls::Error), /// An unsupported, i.e. not `ws` or `wss`, or no URI scheme was specified. @@ -69,7 +72,7 @@ pub enum Error { #[cfg(all( not(feature = "rustls-webpki-roots"), feature = "rustls-native-roots", - not(feature = "rustls-platform-verifier") + not(feature = "rustls-platform-verifier"), ))] NoNativeRootCertificatesFound(Vec), } @@ -96,7 +99,8 @@ impl From for Error { #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] impl From for Error { fn from(err: InvalidDnsNameError) -> Self { @@ -107,7 +111,8 @@ impl From for Error { #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] impl From for Error { fn from(err: tokio_rustls::rustls::Error) -> Self { @@ -144,13 +149,15 @@ impl fmt::Display for Error { #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Error::InvalidDNSName(_) => f.write_str("invalid DNS name"), #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Error::Rustls(e) => e.fmt(f), #[cfg(feature = "client")] @@ -211,13 +218,15 @@ impl std::error::Error for Error { #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Error::InvalidDNSName(e) => Some(e), #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Error::Rustls(e) => Some(e), #[cfg(any(feature = "client", feature = "server"))] diff --git a/src/tls.rs b/src/tls.rs index 3db94fdb9b9..3e26ea9c49c 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -20,7 +20,8 @@ use std::{ #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] use rustls_pki_types::ServerName; use tokio::io::{AsyncRead, AsyncWrite, ReadBuf}; @@ -71,7 +72,8 @@ pub enum Connector { #[cfg(any( feature = "rustls-native-roots", feature = "rustls-webpki-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Rustls(tokio_rustls::TlsConnector), } @@ -85,7 +87,8 @@ impl Debug for Connector { #[cfg(any( feature = "rustls-native-roots", feature = "rustls-webpki-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Self::Rustls(_) => f.write_str("Connector::Rustls"), } @@ -109,7 +112,8 @@ pub enum MaybeTlsStream { #[cfg(any( feature = "rustls-native-roots", feature = "rustls-webpki-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Rustls(tokio_rustls::client::TlsStream), } @@ -127,7 +131,8 @@ impl AsyncRead for MaybeTlsStream { #[cfg(any( feature = "rustls-native-roots", feature = "rustls-webpki-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Self::Rustls(s) => Pin::new(s).poll_read(cx, buf), } @@ -147,7 +152,8 @@ impl AsyncWrite for MaybeTlsStream { #[cfg(any( feature = "rustls-native-roots", feature = "rustls-webpki-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Self::Rustls(s) => Pin::new(s).poll_write(cx, buf), } @@ -161,7 +167,8 @@ impl AsyncWrite for MaybeTlsStream { #[cfg(any( feature = "rustls-native-roots", feature = "rustls-webpki-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Self::Rustls(s) => Pin::new(s).poll_flush(cx), } @@ -175,7 +182,8 @@ impl AsyncWrite for MaybeTlsStream { #[cfg(any( feature = "rustls-native-roots", feature = "rustls-webpki-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Self::Rustls(s) => Pin::new(s).poll_shutdown(cx), } @@ -193,7 +201,8 @@ impl AsyncWrite for MaybeTlsStream { #[cfg(any( feature = "rustls-native-roots", feature = "rustls-webpki-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Self::Rustls(s) => Pin::new(s).poll_write_vectored(cx, bufs), } @@ -207,7 +216,8 @@ impl AsyncWrite for MaybeTlsStream { #[cfg(any( feature = "rustls-native-roots", feature = "rustls-webpki-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Self::Rustls(s) => s.is_write_vectored(), } @@ -349,7 +359,8 @@ impl Connector { feature = "native-tls", feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" )), allow(unused_variables, clippy::unused_async) )] @@ -367,7 +378,8 @@ impl Connector { #[cfg(any( feature = "rustls-webpki-roots", feature = "rustls-native-roots", - feature = "rustls-platform-verifier" + feature = "rustls-platform-verifier", + feature = "rustls-bring-your-own-connector" ))] Self::Rustls(connector) => Ok(MaybeTlsStream::Rustls( connector