Add HttpsConnectorBuilder

g2p · g2p · commit db41b503fdd0 · 2021-02-11T13:01:01.000+01:00
This gives more control over various rustls features,
as well as ensures that enabling connector features
like http2 can only be done when the appropriate crate
features are enabled.

Adds an hyper-rustls/http2 feature.
diff --git a/Cargo.toml b/Cargo.toml
@@ -28,9 +28,10 @@ futures-util = { version = "0.3.1", default-features = false }
 
 [features]
 default = ["native-tokio"]
+http2 = ["hyper/http2"]
 webpki-tokio = ["tokio-runtime", "webpki-roots"]
 native-tokio = ["tokio-runtime", "rustls-native-certs"]
-tokio-runtime =  ["hyper/runtime", "ct-logs"]
+tokio-runtime =  ["hyper/tcp", "ct-logs"]
 
 [[example]]
 name = "client"
diff --git a/examples/client.rs b/examples/client.rs
@@ -55,7 +55,7 @@ async fn run_client() -> io::Result<()> {
             hyper_rustls::HttpsConnector::from((http, tls))
         }
         // Default HTTPS connector.
-        None => hyper_rustls::HttpsConnector::with_native_roots(),
+        None => hyper_rustls::HttpsConnectorBuilder::with_native_roots().build(),
     };
 
     // Build the hyper client from the HTTPS connector.
diff --git a/src/connector.rs b/src/connector.rs
@@ -22,12 +22,18 @@ pub struct HttpsConnector<T> {
     tls_config: Arc<ClientConfig>,
 }
 
-#[cfg(all(
-    any(feature = "rustls-native-certs", feature = "webpki-roots"),
-    feature = "tokio-runtime"
-))]
-impl HttpsConnector<HttpConnector> {
-    /// Construct a new `HttpsConnector` using the OS root store
+/// A builder that will configure an `HttpsConnector`
+///
+/// This builder ensures configuration is consistent.
+///
+/// An alternative way of building an `HttpsConnector`
+/// is to use From/Into.
+pub struct HttpsConnectorBuilder {
+    tls_config: ClientConfig,
+}
+
+impl HttpsConnectorBuilder {
+    /// Configure using the OS root store for certificate trust
     #[cfg(feature = "rustls-native-certs")]
     #[cfg_attr(docsrs, doc(cfg(feature = "rustls-native-certs")))]
     pub fn with_native_roots() -> Self {
@@ -43,27 +49,54 @@ impl HttpsConnector<HttpConnector> {
         if config.root_store.is_empty() {
             panic!("no CA certificates found");
         }
-        Self::build(config)
+        Self { tls_config: config }
+    }
+
+    /// Configure using a custom `rustls::RootCertStore` for certificate trust
+    pub fn with_custom_roots(roots: rustls::RootCertStore) -> Self {
+        let mut config = ClientConfig::new();
+        config.root_store = roots;
+        Self { tls_config: config }
     }
 
-    /// Construct a new `HttpsConnector` using the `webpki_roots`
+    /// Configure using `webpki_roots` for certificate trust
     #[cfg(feature = "webpki-roots")]
     #[cfg_attr(docsrs, doc(cfg(feature = "webpki-roots")))]
     pub fn with_webpki_roots() -> Self {
         let mut config = ClientConfig::new();
         config
             .root_store
             .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
-        Self::build(config)
+        Self { tls_config: config }
     }
 
-    fn build(mut config: ClientConfig) -> Self {
+    /// Enable HTTP2
+    /// This advertises http2 support in ALPN
+    #[cfg(feature = "http2")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "http2")))]
+    pub fn enable_http2(mut self) -> Self {
+        self.tls_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
+        self
+    }
+
+    /// Enable certificate transparency
+    #[cfg(feature = "ct-logs")]
+    pub fn enable_ct_logs(mut self) -> Self {
+        self.tls_config.ct_logs = Some(&ct_logs::LOGS);
+        self
+    }
+
+    /// Built an HttpsConnector<HttpConnector>
+    #[cfg(feature = "tokio-runtime")]
+    pub fn build(self) -> HttpsConnector<HttpConnector> {
         let mut http = HttpConnector::new();
         http.enforce_http(false);
+        self.wrap_connector(http)
+    }
 
-        config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
-        config.ct_logs = Some(&ct_logs::LOGS);
-        (http, config).into()
+    /// Built an HttpsConnector with a custom lower-level connector
+    pub fn wrap_connector<H>(self, conn: H) -> HttpsConnector<H> {
+        (conn, self.tls_config).into()
     }
 }
 
diff --git a/src/lib.rs b/src/lib.rs
@@ -11,7 +11,7 @@
 //!
 //! let mut rt = tokio::runtime::Runtime::new().unwrap();
 //! let url = ("https://hyper.rs").parse().unwrap();
-//! let https = hyper_rustls::HttpsConnector::with_native_roots();
+//! let https = hyper_rustls::HttpsConnectorBuilder::with_native_roots().build();
 //!
 //! let client: Client<_, hyper::Body> = Client::builder().build(https);
 //!
@@ -27,5 +27,5 @@
 mod connector;
 mod stream;
 
-pub use crate::connector::HttpsConnector;
+pub use crate::connector::{HttpsConnector, HttpsConnectorBuilder};
 pub use crate::stream::MaybeHttpsStream;

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ async fn run_client() -> io::Result<()> {`
`55`	`55`	`hyper_rustls::HttpsConnector::from((http, tls))`
`56`	`56`	`}`
`57`	`57`	`// Default HTTPS connector.`
`58`		`- None => hyper_rustls::HttpsConnector::with_native_roots(),`
	`58`	`+ None => hyper_rustls::HttpsConnectorBuilder::with_native_roots().build(),`
`59`	`59`	`};`
`60`	`60`
`61`	`61`	`// Build the hyper client from the HTTPS connector.`