Add tls_info / TlsInfo for access to peer's leaf certificate
#1938
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
New to the feature combinatorics hell in Rust — is there a better way to run tests in all relevant feature combinations at-desk than to manually run cargo with all feature combos that seem relevant? |
|
I'm not sure, it is very unfortunate, sorry. But that is why that one CI job exists, to test all the things I'd never try locally. |
|
The MSRV failure looks unrelated to this change. |
seanmonstar
reviewed
Aug 21, 2023
|
Very cool. I was thinking of making a change like this myself today, but found this PR first. Hopefully the tls version, cipher suite, and raw certificate can make it into the extension. |
droe
changed the title
https_info / HttpsInfo for access to peer's leaf certificatetls_info / TlsInfo for access to peer's leaf certificate
seanmonstar
reviewed
Aug 30, 2023
seanmonstar
reviewed
Sep 4, 2023
src/lib.rs
Outdated
| @@ -326,6 +326,8 @@ if_hyper! { | |||
| #[cfg(feature = "multipart")] | |||
| pub use self::async_impl::multipart; | |||
|
|
|||
| #[cfg(feature = "__tls")] | |||
| pub use self::tls::TlsInfo; | |||
There was a problem hiding this comment.
I think I'd suggest leaving this re-export out, and then I think we can ship this!
seanmonstar
approved these changes
Sep 4, 2023
kodiakhq bot
pushed a commit
to pdylanross/fatigue
that referenced
this pull request
Oct 3, 2023
Bumps reqwest from 0.11.20 to 0.11.21. Release notes Sourced from reqwest's releases. v0.11.21 What's Changed Add automatically detecting macOS proxy settings. Add ClientBuilder::tls_info(bool), which will put tls::TlsInfo into the response extensions. Fix trust-dns resolver from possible hangs. Fix connect timeout to be split among multiple IP addresses. New Contributors @SpeedReach made their first contribution in seanmonstar/reqwest#1960 @jefflloyd made their first contribution in seanmonstar/reqwest#1955 @droe made their first contribution in seanmonstar/reqwest#1938 @conradludgate made their first contribution in seanmonstar/reqwest#1940 Changelog Sourced from reqwest's changelog. v0.11.21 Add automatically detecting macOS proxy settings. Add ClientBuilder::tls_info(bool), which will put tls::TlsInfo into the response extensions. Fix trust-dns resolver from possible hangs. Fix connect timeout to be split among multiple IP addresses. Commits d050e60 v0.11.21 2a881fb fix: split connect timeout for multiple IPs (#1940) 17c893f Bump actions/checkout from 3 to 4 (#1968) 10d9d23 Add tls_info / TlsInfo for access to peer's leaf certificate (#1938) d3d95a5 Optimize TrustDnsResolver (#1967) 0292486 dep: Upgrade trust-dns-resolver from v0.22 to v0.23 (#1965) 70d100c Feature: auto detect MacOS proxy settings (#1955) 34f6c70 Added wasm in the docs. (#1960) See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a
HttpsInfoextension into responses when configuring a client withhttps_info(true). The extension can be obtained by callers to get access to the peer's leaf certificate. Works with both native and rustls TLS. Fixes #1428.Not sure if this is the best way to solve it, but it works, doesn't expose TLS connector specific types, and should not cause overhead unless enabled. Happy to refactor and clean up as much as needed for this to go in.