lib/ureq
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added method to set the TLS connection builder (#116)

Browse Source 
This allows configuring the accepted certs, client authentication,
etc, when using the native TLS crate.
This commit is contained in:
André Cruz
2020-07-28 20:44:35 +01:00
committed by GitHub
parent 74afb82de9
commit 75d5e52a45
3 changed files with 50 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/request.rs
View File

@@ -8,6 +8,9 @@ use url::{form_urlencoded, Url};
#[cfg(feature = "tls")] #[cfg(feature = "tls")]
use std::fmt; use std::fmt;
#[cfg(all(feature = "native-tls", not(feature = "tls")))]
use std::fmt;
use crate::agent::{self, Agent, AgentState}; use crate::agent::{self, Agent, AgentState};
use crate::body::{Payload, SizedReader}; use crate::body::{Payload, SizedReader};
use crate::error::Error; use crate::error::Error;
@@ -47,6 +50,8 @@ pub struct Request {
pub(crate) proxy: Option<crate::proxy::Proxy>, pub(crate) proxy: Option<crate::proxy::Proxy>,
#[cfg(feature = "tls")] #[cfg(feature = "tls")]
pub(crate) tls_config: Option<TLSClientConfig>, pub(crate) tls_config: Option<TLSClientConfig>,
#[cfg(all(feature = "native-tls", not(feature = "tls")))]
pub(crate) tls_connector: Option<TLSConnector>,
} }
impl ::std::fmt::Debug for Request { impl ::std::fmt::Debug for Request {
@@ -599,6 +604,20 @@ impl Request {
self self
} }
/// Sets the TLS connector that will be used for the connection.
///
/// Example:
/// ```
/// let tls_connector = std::sync::Arc::new(native_tls::TlsConnector::new());
/// let req = ureq::post("https://cool.server")
/// .set_tls_connector(tls_connector.clone());
/// ```
#[cfg(all(feature = "native-tls", not(feature = "tls")))]
pub fn set_tls_connector(&mut self, tls_connector: Arc<native_tls::TlsConnector>) -> &mut Request {
self.tls_connector = Some(TLSConnector(tls_connector));
self
}
// Returns true if this request, with the provided body, is retryable. // Returns true if this request, with the provided body, is retryable.
pub(crate) fn is_retryable(&self, body: &SizedReader) -> bool { pub(crate) fn is_retryable(&self, body: &SizedReader) -> bool {
// Per https://tools.ietf.org/html/rfc7231#section-8.1.3 // Per https://tools.ietf.org/html/rfc7231#section-8.1.3
@@ -626,3 +645,14 @@ impl fmt::Debug for TLSClientConfig {
f.debug_struct("TLSClientConfig").finish() f.debug_struct("TLSClientConfig").finish()
} }
} }
#[cfg(all(feature = "native-tls", not(feature = "tls")))]
#[derive(Clone)]
pub(crate) struct TLSConnector(pub(crate) Arc<native_tls::TlsConnector>);
#[cfg(all(feature = "native-tls", not(feature = "tls")))]
impl fmt::Debug for TLSConnector {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("TLSConnector").finish()
}
}

19
src/stream.rs
View File

@@ -15,7 +15,7 @@ use rustls::StreamOwned;
use socks::{TargetAddr, ToTargetAddr}; use socks::{TargetAddr, ToTargetAddr};
#[cfg(feature = "native-tls")] #[cfg(feature = "native-tls")]
use native_tls::{HandshakeError, TlsConnector, TlsStream}; use native_tls::{HandshakeError, TlsStream};
use crate::proxy::Proto; use crate::proxy::Proto;
use crate::proxy::Proxy; use crate::proxy::Proxy;
@@ -311,15 +311,22 @@ pub(crate) fn connect_https(unit: &Unit) -> Result<Stream, Error> {
#[cfg(all(feature = "native-tls", not(feature = "tls")))] #[cfg(all(feature = "native-tls", not(feature = "tls")))]
pub(crate) fn connect_https(unit: &Unit) -> Result<Stream, Error> { pub(crate) fn connect_https(unit: &Unit) -> Result<Stream, Error> {
use std::sync::Arc;
let hostname = unit.url.host_str().unwrap(); let hostname = unit.url.host_str().unwrap();
let port = unit.url.port().unwrap_or(443); let port = unit.url.port().unwrap_or(443);
let sock = connect_host(unit, hostname, port)?; let sock = connect_host(unit, hostname, port)?;
let tls_connector = TlsConnector::new().map_err(|e| Error::TlsError(e))?; let tls_connector: Arc<native_tls::TlsConnector> = match &unit.tls_connector {
let stream = tls_connector.connect(&hostname.trim_matches(|c| c == '[' || c == ']'), sock).map_err(|e| match e { Some(connector) => connector.0.clone(),
HandshakeError::Failure(err) => Error::TlsError(err), None => Arc::new(native_tls::TlsConnector::new().map_err(|e| Error::TlsError(e))?),
_ => Error::BadStatusRead, };
})?; let stream = tls_connector
.connect(&hostname.trim_matches(|c| c == '[' || c == ']'), sock)
.map_err(|e| match e {
HandshakeError::Failure(err) => Error::TlsError(err),
_ => Error::BadStatusRead,
})?;
Ok(Stream::Https(stream)) Ok(Stream::Https(stream))
} }

7
src/unit.rs
View File

@@ -18,6 +18,9 @@ use crate::{Error, Header, Request, Response};
#[cfg(feature = "tls")] #[cfg(feature = "tls")]
use crate::request::TLSClientConfig; use crate::request::TLSClientConfig;
#[cfg(all(feature = "native-tls", not(feature = "tls")))]
use crate::request::TLSConnector;
#[cfg(feature = "cookie")] #[cfg(feature = "cookie")]
use crate::pool::DEFAULT_HOST; use crate::pool::DEFAULT_HOST;
@@ -39,6 +42,8 @@ pub(crate) struct Unit {
pub proxy: Option<Proxy>, pub proxy: Option<Proxy>,
#[cfg(feature = "tls")] #[cfg(feature = "tls")]
pub tls_config: Option<TLSClientConfig>, pub tls_config: Option<TLSClientConfig>,
#[cfg(all(feature = "native-tls", not(feature = "tls")))]
pub tls_connector: Option<TLSConnector>,
} }
impl Unit { impl Unit {
@@ -108,6 +113,8 @@ impl Unit {
proxy: req.proxy.clone(), proxy: req.proxy.clone(),
#[cfg(feature = "tls")] #[cfg(feature = "tls")]
tls_config: req.tls_config.clone(), tls_config: req.tls_config.clone(),
#[cfg(all(feature = "native-tls", not(feature = "tls")))]
tls_connector: req.tls_connector.clone(),
} }
} }