Allow TLS client config to be overridden

See: https://docs.rs/rustls/latest/rustls/struct.ClientConfig.html

src/request.rs

@@ -1,5 +1,7 @@
 use std::io::Read;
 use std::sync::{Arc, Mutex};
+#[cfg(feature = "tls")]
+use std::fmt;
 
 use lazy_static::lazy_static;
 use qstring::QString;
@@ -46,6 +48,8 @@ pub struct Request {
     pub(crate) timeout_write: u64,
     pub(crate) redirects: u32,
     pub(crate) proxy: Option<crate::proxy::Proxy>,
+    #[cfg(feature = "tls")]
+    pub(crate) tls_config: Option<TLSClientConfig>,
 }
 
 impl ::std::fmt::Debug for Request {
@@ -554,4 +558,31 @@ impl Request {
         self.proxy = Some(proxy);
         self
     }
+
+    /// Set the TLS client config to use for the connection.
+    ///
+    /// See [`ClientConfig`](https://docs.rs/rustls/latest/rustls/struct.ClientConfig.html).
+    ///
+    /// Example:
+    /// ```
+    /// let tls_config = std::sync::Arc::new(rustls::ClientConfig::new());
+    /// let req = ureq::post("https://cool.server")
+    ///     .set_tls_config(tls_config.clone());
+    /// ```
+    #[cfg(feature = "tls")]
+    pub fn set_tls_config(&mut self, tls_config: Arc<rustls::ClientConfig>) -> &mut Request {
+        self.tls_config = Some(TLSClientConfig(tls_config));
+        self
+    }
+}
+
+#[cfg(feature = "tls")]
+#[derive(Clone)]
+pub(crate) struct TLSClientConfig(pub(crate) Arc<rustls::ClientConfig>);
+
+#[cfg(feature = "tls")]
+impl fmt::Debug for TLSClientConfig {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_struct("TLSClientConfig").finish()
+    }
 }

src/stream.rs

@@ -165,7 +165,9 @@ pub(crate) fn connect_https(unit: &Unit) -> Result<Stream, Error> {
 
     let sni = webpki::DNSNameRef::try_from_ascii_str(hostname)
         .map_err(|err| Error::DnsFailed(err.to_string()))?;
-    let sess = rustls::ClientSession::new(&*TLS_CONF, sni);
+    let tls_conf: &Arc<rustls::ClientConfig> =
+        unit.tls_config.as_ref().map(|c| &c.0).unwrap_or(&*TLS_CONF);
+    let sess = rustls::ClientSession::new(&tls_conf, sni);
 
     let sock = connect_host(unit, hostname, port)?;
 

src/unit.rs

@@ -13,6 +13,8 @@ use crate::header;
 use crate::stream::{self, connect_https, connect_test, Stream};
 use crate::Proxy;
 use crate::{Error, Header, Request, Response};
+#[cfg(feature = "tls")]
+use crate::request::TLSClientConfig;
 
 use crate::pool::DEFAULT_HOST;
 
@@ -31,6 +33,8 @@ pub(crate) struct Unit {
     pub timeout_write: u64,
     pub method: String,
     pub proxy: Option<Proxy>,
+    #[cfg(feature = "tls")]
+    pub tls_config: Option<TLSClientConfig>,
 }
 
 impl Unit {
@@ -89,6 +93,8 @@ impl Unit {
             timeout_write: req.timeout_write,
             method: req.method.clone(),
             proxy: req.proxy.clone(),
+            #[cfg(feature = "tls")]
+            tls_config: req.tls_config.clone(),
         }
     }