Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

perf: load TLS certs only for https #7450

Merged
merged 1 commit into from
Mar 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion crates/common/src/provider/runtime_transport.rs
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,9 @@ impl RuntimeTransport {

/// Connects to an HTTP [alloy_transport_http::Http] transport.
async fn connect_http(&self) -> Result<InnerTransport, RuntimeTransportError> {
let mut client_builder = reqwest::Client::builder().timeout(self.timeout);
let mut client_builder = reqwest::Client::builder()
.timeout(self.timeout)
.tls_built_in_root_certs(self.url.scheme() == "https");
let mut headers = reqwest::header::HeaderMap::new();

// If there's a JWT, add it to the headers if we can decode it.
Expand Down
36 changes: 20 additions & 16 deletions crates/config/src/etherscan.rs
Original file line number Diff line number Diff line change
Expand Up @@ -306,32 +306,29 @@ impl ResolvedEtherscanConfig {
let (mainnet_api, mainnet_url) = NamedChain::Mainnet.etherscan_urls().expect("exist; qed");

let cache = chain
.or_else(|| {
if api_url == mainnet_api {
// try to match against mainnet, which is usually the most common target
Some(NamedChain::Mainnet.into())
} else {
None
}
})
// try to match against mainnet, which is usually the most common target
.or_else(|| (api_url == mainnet_api).then(Chain::mainnet))
.and_then(Config::foundry_etherscan_chain_cache_dir);

if let Some(ref cache_path) = cache {
if let Some(cache_path) = &cache {
// we also create the `sources` sub dir here
if let Err(err) = std::fs::create_dir_all(cache_path.join("sources")) {
warn!("could not create etherscan cache dir: {:?}", err);
}
}

let api_url = into_url(&api_url)?;
let client = reqwest::Client::builder()
.user_agent(ETHERSCAN_USER_AGENT)
.tls_built_in_root_certs(api_url.scheme() == "https")
.build()?;
foundry_block_explorers::Client::builder()
.with_client(reqwest::Client::builder().user_agent(ETHERSCAN_USER_AGENT).build()?)
.with_client(client)
.with_api_key(api_key)
.with_api_url(api_url.as_str())?
.with_url(
// the browser url is not used/required by the client so we can simply set the
// mainnet browser url here
browser_url.as_deref().unwrap_or(mainnet_url),
)?
.with_api_url(api_url)?
// the browser url is not used/required by the client so we can simply set the
// mainnet browser url here
.with_url(browser_url.as_deref().unwrap_or(mainnet_url))?
.with_cache(cache, Duration::from_secs(24 * 60 * 60))
.build()
}
Expand Down Expand Up @@ -419,6 +416,13 @@ impl fmt::Display for EtherscanApiKey {
}
}

/// This is a hack to work around `IntoUrl`'s sealed private functions, which can't be called
/// normally.
#[inline]
fn into_url(url: impl reqwest::IntoUrl) -> std::result::Result<reqwest::Url, reqwest::Error> {
url.into_url()
}

#[cfg(test)]
mod tests {
use super::*;
Expand Down
Loading