fetch_ohttp_keys relies on an HTTP CONNECT method that tunnels an encrypted HTTPS request. This was broken in fixing #237 because reqwest must depend on reqwest/rustls-tls in order to establish this tunnel.
This change should be accompanied by a test, which would require hosting the ohttp_relay behind a TLS certificate in testing, perhaps via a danger-local-https feature in that crate akin to the one in payjoin-directory. We could also use a reverse proxy to do TLS termination just within the tests, which would be a more clean single-use-principle design.
fetch_ohttp_keys
relies on an HTTP CONNECT method that tunnels an encrypted HTTPS request. This was broken in fixing #237 because reqwest must depend onreqwest/rustls-tls
in order to establish this tunnel.This change should be accompanied by a test, which would require hosting the
ohttp_relay
behind a TLS certificate in testing, perhaps via adanger-local-https
feature in that crate akin to the one inpayjoin-directory
. We could also use a reverse proxy to do TLS termination just within the tests, which would be a more clean single-use-principle design.