In our use-case at Materialize we resolve DNS for untrusted hosts ourselves and perform some basic security checks on the resolved IPs. We'd like to be able to provide these directly to all the client libraries we use such that no additional DNS resolution is performed.
This PR adds support for providing a vec of ips to an OpsBuilder and using those directly when establishing the TCP connection.
The host will still be the default value used for TLS identity verification. This technically does obviate the need for the newly added with_danger_tls_hostname_override method on SSLOpts, though the ergonomics of that method are nicer if someone doesn't want to do DNS resolution themselves, so we opted to leave that method in. If you want us to remove that too, I'm happy to adjust this PR.
In our use-case at Materialize we resolve DNS for untrusted hosts ourselves and perform some basic security checks on the resolved IPs. We'd like to be able to provide these directly to all the client libraries we use such that no additional DNS resolution is performed.
This PR adds support for providing a vec of ips to an
OpsBuilderand using those directly when establishing the TCP connection.The host will still be the default value used for TLS identity verification. This technically does obviate the need for the newly added
with_danger_tls_hostname_overridemethod onSSLOpts, though the ergonomics of that method are nicer if someone doesn't want to do DNS resolution themselves, so we opted to leave that method in. If you want us to remove that too, I'm happy to adjust this PR.Thanks!