search

seanmonstar / reqwest

An easy and powerful Rust HTTP Client
https://docs.rs/reqwest
Apache License 2.0
9.93k stars 1.13k forks source link

Use `rustls` default provider unless specified #2423

Open GreenYun opened 2 months ago

GreenYun commented 2 months ago

Starting from rustls 0.23, the backend provider is aws-lc-rs. However, request hard coded many rings, especially the default rustls-tls feature. Will this change in the future to use the default setup from rustls unless some more other features specified?

Congyuwang commented 1 month ago

I hope that ring would still remain an option even if aws-lc-rs becomes available as a feature. For those without compliance need, ring is much more lightweight.

GreenYun commented 1 month ago

I hope that ring would still remain an option even if aws-lc-rs. For those without compliance need, ring is much more lightweight.

I think the library should not eliminate the potential to have another choice. ring may be lightweight but was-lc could have other benefits.

My current implementation is to build the requester myself:

use std::sync::OnceLock;

use reqwest::Client;
use rustls::{ClientConfig, RootCertStore};
use webpki_roots::TLS_SERVER_ROOTS;

static HTTP_CLIENT: OnceLock<Client> = OnceLock::new();

pub fn client() -> Client {
    HTTP_CLIENT.get_or_init(init_client).clone()
}

fn init_client() -> Client {
    static USER_AGENT: &str = concat!(env!("CARGO_PKG_NAME"), "/", env!("CARGO_PKG_VERSION"),);

    let cert_store: RootCertStore = TLS_SERVER_ROOTS.iter().cloned().collect();
    let mut tls = ClientConfig::builder().with_root_certificates(cert_store).with_no_client_auth();
    tls.enable_early_data = true;
    tls.alpn_protocols = vec!["h2".into(), "http/1.1".into()];

    let client = Client::builder().use_preconfigured_tls(tls).user_agent(USER_AGENT).build();
    match client {
        Ok(client) => client,
        Err(e) => {
            log::error!("{e}");
            panic!("{e}");
        }
    }
}

Most of the code to build the Client is copied from reqwest, and no hard coding ring or was_lc_rs. However, install_default() should be called before the client initialized.

polarathene commented 3 days ago

ring may be lightweight but aws-lc could have other benefits.

Seems to be covered well here: https://www.reddit.com/r/rust/comments/1de13y6/ring_vs_awslcrs/