Skip to content

Commit

Permalink
Add tls_info / TlsInfo for access to peer's leaf certificate (#1938)
Browse files Browse the repository at this point in the history
* Add `https_info` / `HttpsInfo` for access to peer's leaf certificate

* Fix blocking API CI failure and add tests

* Fix build failure with feature native-tls

* Skip test_https_info for rustls-tls-manual-roots to fix tests

* Rename HttpsInfo to TlsInfo and move into tls

* Fix formatting

* PR feedback: Remove TlsInfo re-export
  • Loading branch information
droe authored Sep 4, 2023
1 parent d3d95a5 commit 10d9d23
Show file tree
Hide file tree
Showing 6 changed files with 298 additions and 4 deletions.
30 changes: 30 additions & 0 deletions src/async_impl/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,8 @@ struct Config {
#[cfg(feature = "__tls")]
max_tls_version: Option<tls::Version>,
#[cfg(feature = "__tls")]
tls_info: bool,
#[cfg(feature = "__tls")]
tls: TlsBackend,
http_version_pref: HttpVersionPref,
http09_responses: bool,
Expand Down Expand Up @@ -198,6 +200,8 @@ impl ClientBuilder {
#[cfg(feature = "__tls")]
max_tls_version: None,
#[cfg(feature = "__tls")]
tls_info: false,
#[cfg(feature = "__tls")]
tls: TlsBackend::default(),
http_version_pref: HttpVersionPref::All,
http09_responses: false,
Expand Down Expand Up @@ -408,6 +412,7 @@ impl ClientBuilder {
user_agent(&config.headers),
config.local_address,
config.nodelay,
config.tls_info,
)?
}
#[cfg(feature = "native-tls")]
Expand All @@ -418,6 +423,7 @@ impl ClientBuilder {
user_agent(&config.headers),
config.local_address,
config.nodelay,
config.tls_info,
),
#[cfg(feature = "__rustls")]
TlsBackend::BuiltRustls(conn) => {
Expand All @@ -442,6 +448,7 @@ impl ClientBuilder {
user_agent(&config.headers),
config.local_address,
config.nodelay,
config.tls_info,
)
}
#[cfg(feature = "__rustls")]
Expand Down Expand Up @@ -586,6 +593,7 @@ impl ClientBuilder {
user_agent(&config.headers),
config.local_address,
config.nodelay,
config.tls_info,
)
}
#[cfg(any(feature = "native-tls", feature = "__rustls",))]
Expand Down Expand Up @@ -1483,6 +1491,26 @@ impl ClientBuilder {
self
}

/// Add TLS information as `TlsInfo` extension to responses.
///
/// # Optional
///
/// This requires the optional `default-tls`, `native-tls`, or `rustls-tls(-...)`
/// feature to be enabled.
#[cfg(feature = "__tls")]
#[cfg_attr(
docsrs,
doc(cfg(any(
feature = "default-tls",
feature = "native-tls",
feature = "rustls-tls"
)))
)]
pub fn tls_info(mut self, tls_info: bool) -> ClientBuilder {
self.config.tls_info = tls_info;
self
}

/// Enables the [trust-dns](trust_dns_resolver) async resolver instead of a default threadpool using `getaddrinfo`.
///
/// If the `trust-dns` feature is turned on, the default option is enabled.
Expand Down Expand Up @@ -1987,6 +2015,8 @@ impl Config {
}

f.field("tls_sni", &self.tls_sni);

f.field("tls_info", &self.tls_info);
}

#[cfg(all(feature = "native-tls-crate", feature = "__rustls"))]
Expand Down
19 changes: 19 additions & 0 deletions src/blocking/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -738,6 +738,25 @@ impl ClientBuilder {
self.with_inner(move |inner| inner.use_rustls_tls())
}

/// Add TLS information as `TlsInfo` extension to responses.
///
/// # Optional
///
/// This requires the optional `default-tls`, `native-tls`, or `rustls-tls(-...)`
/// feature to be enabled.
#[cfg(feature = "__tls")]
#[cfg_attr(
docsrs,
doc(cfg(any(
feature = "default-tls",
feature = "native-tls",
feature = "rustls-tls"
)))
)]
pub fn tls_info(self, tls_info: bool) -> ClientBuilder {
self.with_inner(|inner| inner.tls_info(tls_info))
}

/// Use a preconfigured TLS backend.
///
/// If the passed `Any` argument is not a TLS backend that reqwest
Expand Down
Loading

0 comments on commit 10d9d23

Please sign in to comment.