From df946a75c282c24605bc817036434084538f7e2b Mon Sep 17 00:00:00 2001
From: DaniPopes <57450786+DaniPopes@users.noreply.github.com>
Date: Tue, 19 Mar 2024 18:46:55 +0100
Subject: [PATCH] perf: load TLS certs only for https

---
 .../common/src/provider/runtime_transport.rs  |  4 ++-
 crates/config/src/etherscan.rs                | 36 ++++++++++---------
 2 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/crates/common/src/provider/runtime_transport.rs b/crates/common/src/provider/runtime_transport.rs
index 5c2eededfcb0..48411a321f1d 100644
--- a/crates/common/src/provider/runtime_transport.rs
+++ b/crates/common/src/provider/runtime_transport.rs
@@ -144,7 +144,9 @@ impl RuntimeTransport {
 
     /// Connects to an HTTP [alloy_transport_http::Http] transport.
     async fn connect_http(&self) -> Result<InnerTransport, RuntimeTransportError> {
-        let mut client_builder = reqwest::Client::builder().timeout(self.timeout);
+        let mut client_builder = reqwest::Client::builder()
+            .timeout(self.timeout)
+            .tls_built_in_root_certs(self.url.scheme() == "https");
         let mut headers = reqwest::header::HeaderMap::new();
 
         // If there's a JWT, add it to the headers if we can decode it.
diff --git a/crates/config/src/etherscan.rs b/crates/config/src/etherscan.rs
index 6e2030cb968b..fb254a6357d8 100644
--- a/crates/config/src/etherscan.rs
+++ b/crates/config/src/etherscan.rs
@@ -306,32 +306,29 @@ impl ResolvedEtherscanConfig {
         let (mainnet_api, mainnet_url) = NamedChain::Mainnet.etherscan_urls().expect("exist; qed");
 
         let cache = chain
-            .or_else(|| {
-                if api_url == mainnet_api {
-                    // try to match against mainnet, which is usually the most common target
-                    Some(NamedChain::Mainnet.into())
-                } else {
-                    None
-                }
-            })
+            // try to match against mainnet, which is usually the most common target
+            .or_else(|| (api_url == mainnet_api).then(Chain::mainnet))
             .and_then(Config::foundry_etherscan_chain_cache_dir);
 
-        if let Some(ref cache_path) = cache {
+        if let Some(cache_path) = &cache {
             // we also create the `sources` sub dir here
             if let Err(err) = std::fs::create_dir_all(cache_path.join("sources")) {
                 warn!("could not create etherscan cache dir: {:?}", err);
             }
         }
 
+        let api_url = into_url(&api_url)?;
+        let client = reqwest::Client::builder()
+            .user_agent(ETHERSCAN_USER_AGENT)
+            .tls_built_in_root_certs(api_url.scheme() == "https")
+            .build()?;
         foundry_block_explorers::Client::builder()
-            .with_client(reqwest::Client::builder().user_agent(ETHERSCAN_USER_AGENT).build()?)
+            .with_client(client)
             .with_api_key(api_key)
-            .with_api_url(api_url.as_str())?
-            .with_url(
-                // the browser url is not used/required by the client so we can simply set the
-                // mainnet browser url here
-                browser_url.as_deref().unwrap_or(mainnet_url),
-            )?
+            .with_api_url(api_url)?
+            // the browser url is not used/required by the client so we can simply set the
+            // mainnet browser url here
+            .with_url(browser_url.as_deref().unwrap_or(mainnet_url))?
             .with_cache(cache, Duration::from_secs(24 * 60 * 60))
             .build()
     }
@@ -419,6 +416,13 @@ impl fmt::Display for EtherscanApiKey {
     }
 }
 
+/// This is a hack to work around `IntoUrl`'s sealed private functions, which can't be called
+/// normally.
+#[inline]
+fn into_url(url: impl reqwest::IntoUrl) -> std::result::Result<reqwest::Url, reqwest::Error> {
+    url.into_url()
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;