From 4cd9ebb061fe4f25b4b0f876c532ba528fe9c89a Mon Sep 17 00:00:00 2001 From: asonix Date: Mon, 3 Jun 2024 13:16:46 -0500 Subject: [PATCH 1/7] Opt into ringless behavior --- Cargo.toml | 20 ++++++++++++-------- src/async_impl/client.rs | 8 +++++++- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 5e0cdb241..ff7e28bfa 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -41,9 +41,12 @@ native-tls-alpn = ["native-tls", "native-tls-crate?/alpn", "hyper-tls?/alpn"] native-tls-vendored = ["native-tls", "native-tls-crate?/vendored"] rustls-tls = ["rustls-tls-webpki-roots"] -rustls-tls-manual-roots = ["__rustls"] -rustls-tls-webpki-roots = ["dep:webpki-roots", "__rustls"] -rustls-tls-native-roots = ["dep:rustls-native-certs", "__rustls"] +rustls-tls-no-provider = ["rustls-tls-manual-roots-no-provider"] + +rustls-tls-manual-roots = ["__rustls", "__rustls-ring"] +rustls-tls-webpki-roots = ["dep:webpki-roots", "__rustls", "__rustls-ring"] +rustls-tls-native-roots = ["dep:rustls-native-certs", "__rustls", "__rustls-ring"] +rustls-tls-manual-roots-no-provider = ["__rustls"] blocking = ["futures-channel/sink", "futures-util/io", "futures-util/sink", "tokio/sync"] @@ -76,7 +79,7 @@ macos-system-configuration = ["dep:system-configuration"] # Experimental HTTP/3 client. # Disabled while waiting for quinn to upgrade. -#http3 = ["rustls-tls-manual-roots", "dep:h3", "dep:h3-quinn", "dep:quinn", "dep:futures-channel"] +#http3 = ["rustls-tls-manual-roots", "dep:h3", "dep:h3-quinn", "dep:quinn", "dep:futures-channel", "__rustls-ring"] # Internal (PRIVATE!) features used to aid testing. # Don't rely on these whatsoever. They may disappear at anytime. @@ -87,6 +90,7 @@ __tls = ["dep:rustls-pemfile", "tokio/io-util"] # Enables common rustls code. # Equivalent to rustls-tls-manual-roots but shorter :) __rustls = ["dep:hyper-rustls", "dep:tokio-rustls", "dep:rustls", "__tls", "dep:rustls-pemfile", "dep:rustls-pki-types"] +__rustls-ring = ["hyper-rustls?/ring", "tokio-rustls?/ring", "rustls?/ring", "quinn?/ring"] # When enabled, disable using the cached SYS_PROXIES. __internal_proxy_sys_no_cache = [] @@ -134,10 +138,10 @@ native-tls-crate = { version = "0.2.10", optional = true, package = "native-tls" tokio-native-tls = { version = "0.3.0", optional = true } # rustls-tls -hyper-rustls = { version = "0.27.0", default-features = false, optional = true, features = ["http1", "http2", "native-tokio", "ring", "tls12"] } -rustls = { version = "0.23.4", optional = true, default-features = false, features = ["std", "ring", "tls12"] } +hyper-rustls = { version = "0.27.0", default-features = false, optional = true, features = ["http1", "http2", "native-tokio", "tls12"] } +rustls = { version = "0.23.4", optional = true, default-features = false, features = ["std", "tls12"] } rustls-pki-types = { version = "1.1.0", features = ["alloc"] ,optional = true } -tokio-rustls = { version = "0.26", optional = true, default-features = false, features = ["ring", "tls12"] } +tokio-rustls = { version = "0.26", optional = true, default-features = false, features = ["tls12"] } webpki-roots = { version = "0.26.0", optional = true } rustls-native-certs = { version = "0.7", optional = true } @@ -158,7 +162,7 @@ hickory-resolver = { version = "0.24", optional = true, features = ["tokio-runti # HTTP/3 experimental support h3 = { version = "0.0.4", optional = true } h3-quinn = { version = "0.0.5", optional = true } -quinn = { version = "0.10", default-features = false, features = ["tls-rustls", "ring", "runtime-tokio"], optional = true } +quinn = { version = "0.10", default-features = false, features = ["tls-rustls", "runtime-tokio"], optional = true } futures-channel = { version = "0.3", optional = true } diff --git a/src/async_impl/client.rs b/src/async_impl/client.rs index 1930eff59..cc1f9381b 100644 --- a/src/async_impl/client.rs +++ b/src/async_impl/client.rs @@ -569,7 +569,13 @@ impl ClientBuilder { // If not, we use ring. let provider = rustls::crypto::CryptoProvider::get_default() .map(|arc| arc.clone()) - .unwrap_or_else(|| Arc::new(rustls::crypto::ring::default_provider())); + .unwrap_or_else(|| { + #[cfg(not(feature = "__rustls-ring"))] + panic!("No provider set"); + + #[cfg(feature = "__rustls-ring")] + Arc::new(rustls::crypto::ring::default_provider()) + }); // Build TLS config let config_builder = rustls::ClientConfig::builder_with_provider(provider) From 7deb856df240daf874b34388ee822153806c73ae Mon Sep 17 00:00:00 2001 From: asonix Date: Mon, 3 Jun 2024 13:26:59 -0500 Subject: [PATCH 2/7] ci: add rustls-tls-no-provider and combination with rustls-tls --- .github/workflows/ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 74fbae5ee..a0ff3de65 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -72,8 +72,10 @@ jobs: - "feat.: rustls-tls" - "feat.: rustls-tls-manual-roots" - "feat.: rustls-tls-native-roots" + - "feat.: rustls-tls-no-provider" - "feat.: native-tls" - "feat.: default-tls and rustls-tls" + - "feat.: rustls-tls and rustls-tls-no-provider" - "feat.: cookies" - "feat.: blocking" - "feat.: blocking only" @@ -131,8 +133,12 @@ jobs: features: "--no-default-features --features rustls-tls-manual-roots" - name: "feat.: rustls-tls-native-roots" features: "--no-default-features --features rustls-tls-native-roots" + - name: "feat.: rustls-tls-no-provider" + features: "--no-default-features --features rustls-tls-no-provider" - name: "feat.: native-tls" features: "--features native-tls" + - name: "feat.: rustls-tls and rustls-tls-no-provider" + features: "--features rustls-tls,rustls-tls-no-provider" - name: "feat.: default-tls and rustls-tls" features: "--features rustls-tls" - name: "feat.: cookies" From eaa7429b5216507b5b5b41afbd9a54bc568d298c Mon Sep 17 00:00:00 2001 From: asonix Date: Mon, 3 Jun 2024 14:01:42 -0500 Subject: [PATCH 3/7] tests: conditionally install default rustls provider for -no-provider tests --- src/async_impl/client.rs | 10 ++++++++++ src/async_impl/request.rs | 39 +++++++++++++++++++++++++++++++++++++++ tests/badssl.rs | 17 ++++++++++++++++- tests/client.rs | 11 ++++++++++- tests/proxy.rs | 18 ++++++++++++++++++ tests/redirect.rs | 27 +++++++++++++++++++++++++++ tests/timeouts.rs | 21 +++++++++++++++++++++ tests/upgrade.rs | 3 +++ 8 files changed, 144 insertions(+), 2 deletions(-) diff --git a/src/async_impl/client.rs b/src/async_impl/client.rs index cc1f9381b..5e7577377 100644 --- a/src/async_impl/client.rs +++ b/src/async_impl/client.rs @@ -1318,6 +1318,8 @@ impl ClientBuilder { /// # Example /// /// ``` + /// # #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + /// # let _ = rustls::crypto::ring::default_provider().install_default(); /// use std::net::IpAddr; /// let local_addr = IpAddr::from([12, 4, 1, 8]); /// let client = reqwest::Client::builder() @@ -1337,6 +1339,8 @@ impl ClientBuilder { /// # Example /// /// ``` + /// # #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + /// # let _ = rustls::crypto::ring::default_provider().install_default(); /// let interface = "lo"; /// let client = reqwest::Client::builder() /// .interface(interface) @@ -2762,6 +2766,9 @@ fn add_cookie_header(headers: &mut HeaderMap, cookie_store: &dyn cookie::CookieS mod tests { #[tokio::test] async fn execute_request_rejects_invalid_urls() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let url_str = "hxxps://www.rust-lang.org/"; let url = url::Url::parse(url_str).unwrap(); let result = crate::get(url.clone()).await; @@ -2775,6 +2782,9 @@ mod tests { /// https://github.com/seanmonstar/reqwest/issues/668 #[tokio::test] async fn execute_request_rejects_invalid_hostname() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let url_str = "https://{{hostname}}/"; let url = url::Url::parse(url_str).unwrap(); let result = crate::get(url.clone()).await; diff --git a/src/async_impl/request.rs b/src/async_impl/request.rs index 665710430..cbaa986ac 100644 --- a/src/async_impl/request.rs +++ b/src/async_impl/request.rs @@ -657,6 +657,9 @@ mod tests { #[test] fn add_query_append() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = Client::new(); let some_url = "https://google.com/"; let r = client.get(some_url); @@ -670,6 +673,9 @@ mod tests { #[test] fn add_query_append_same() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = Client::new(); let some_url = "https://google.com/"; let r = client.get(some_url); @@ -682,6 +688,9 @@ mod tests { #[test] fn add_query_struct() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + #[derive(Serialize)] struct Params { foo: String, @@ -705,6 +714,9 @@ mod tests { #[test] fn add_query_map() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let mut params = BTreeMap::new(); params.insert("foo", "bar"); params.insert("qux", "three"); @@ -721,6 +733,9 @@ mod tests { #[test] fn test_replace_headers() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + use http::HeaderMap; let mut headers = HeaderMap::new(); @@ -746,6 +761,9 @@ mod tests { #[test] fn normalize_empty_query() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = Client::new(); let some_url = "https://google.com/"; let empty_query: &[(&str, &str)] = &[]; @@ -762,6 +780,9 @@ mod tests { #[test] fn try_clone_reusable() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = Client::new(); let builder = client .post("http://httpbin.org/post") @@ -779,6 +800,9 @@ mod tests { #[test] fn try_clone_no_body() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = Client::new(); let builder = client.get("http://httpbin.org/get"); let req = builder @@ -806,6 +830,9 @@ mod tests { #[test] fn convert_url_authority_into_basic_auth() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = Client::new(); let some_url = "https://Aladdin:open sesame@localhost/"; @@ -820,6 +847,9 @@ mod tests { #[test] fn test_basic_auth_sensitive_header() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = Client::new(); let some_url = "https://localhost/"; @@ -839,6 +869,9 @@ mod tests { #[test] fn test_bearer_auth_sensitive_header() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = Client::new(); let some_url = "https://localhost/"; @@ -855,6 +888,9 @@ mod tests { #[test] fn test_explicit_sensitive_header() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = Client::new(); let some_url = "https://localhost/"; @@ -912,6 +948,9 @@ mod tests { #[test] fn builder_split_reassemble() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let builder = { let client = Client::new(); client.get("http://example.com") diff --git a/tests/badssl.rs b/tests/badssl.rs index 9b001d070..d3b63775b 100644 --- a/tests/badssl.rs +++ b/tests/badssl.rs @@ -1,8 +1,17 @@ #![cfg(not(target_arch = "wasm32"))] -#[cfg(all(feature = "__tls", not(feature = "rustls-tls-manual-roots")))] +#[cfg(all( + feature = "__tls", + not(any( + feature = "rustls-tls-manual-roots", + feature = "rustls-tls-manual-roots-no-provider" + )) +))] #[tokio::test] async fn test_badssl_modern() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let text = reqwest::Client::builder() .no_proxy() .build() @@ -43,6 +52,9 @@ async fn test_rustls_badssl_modern() { #[cfg(feature = "__tls")] #[tokio::test] async fn test_badssl_self_signed() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let text = reqwest::Client::builder() .danger_accept_invalid_certs(true) .no_proxy() @@ -62,6 +74,9 @@ async fn test_badssl_self_signed() { #[cfg(feature = "__tls")] #[tokio::test] async fn test_badssl_no_built_in_roots() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let result = reqwest::Client::builder() .tls_built_in_root_certs(false) .no_proxy() diff --git a/tests/client.rs b/tests/client.rs index 1639d68a0..d6e1d0c90 100644 --- a/tests/client.rs +++ b/tests/client.rs @@ -11,6 +11,9 @@ use reqwest::Client; #[tokio::test] async fn auto_headers() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let server = server::http(move |req| async move { assert_eq!(req.method(), "GET"); @@ -436,7 +439,13 @@ fn update_json_content_type_if_set_manually() { assert_eq!("application/json", req.headers().get(CONTENT_TYPE).unwrap()); } -#[cfg(all(feature = "__tls", not(feature = "rustls-tls-manual-roots")))] +#[cfg(all( + feature = "__tls", + not(any( + feature = "rustls-tls-manual-roots", + feature = "rustls-tls-manual-roots-no-provider" + )) +))] #[tokio::test] async fn test_tls_info() { let resp = reqwest::Client::builder() diff --git a/tests/proxy.rs b/tests/proxy.rs index 231de25d8..519f6055b 100644 --- a/tests/proxy.rs +++ b/tests/proxy.rs @@ -6,6 +6,9 @@ use std::env; #[tokio::test] async fn http_proxy() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let url = "http://hyper.rs/prox"; let server = server::http(move |req| { assert_eq!(req.method(), "GET"); @@ -32,6 +35,9 @@ async fn http_proxy() { #[tokio::test] async fn http_proxy_basic_auth() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let url = "http://hyper.rs/prox"; let server = server::http(move |req| { assert_eq!(req.method(), "GET"); @@ -66,6 +72,9 @@ async fn http_proxy_basic_auth() { #[tokio::test] async fn http_proxy_basic_auth_parsed() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let url = "http://hyper.rs/prox"; let server = server::http(move |req| { assert_eq!(req.method(), "GET"); @@ -96,6 +105,9 @@ async fn http_proxy_basic_auth_parsed() { #[tokio::test] async fn system_http_proxy_basic_auth_parsed() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let url = "http://hyper.rs/prox"; let server = server::http(move |req| { assert_eq!(req.method(), "GET"); @@ -138,6 +150,9 @@ async fn system_http_proxy_basic_auth_parsed() { #[tokio::test] async fn test_no_proxy() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let server = server::http(move |req| { assert_eq!(req.method(), "GET"); assert_eq!(req.uri(), "/4"); @@ -197,6 +212,9 @@ async fn test_using_system_proxy() { #[tokio::test] async fn http_over_http() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let url = "http://hyper.rs/prox"; let server = server::http(move |req| { diff --git a/tests/redirect.rs b/tests/redirect.rs index c98c799ef..ffa05346b 100644 --- a/tests/redirect.rs +++ b/tests/redirect.rs @@ -6,6 +6,9 @@ use support::server; #[tokio::test] async fn test_redirect_301_and_302_and_303_changes_post_to_get() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = reqwest::Client::new(); let codes = [301u16, 302, 303]; @@ -43,6 +46,9 @@ async fn test_redirect_301_and_302_and_303_changes_post_to_get() { #[tokio::test] async fn test_redirect_307_and_308_tries_to_get_again() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let client = reqwest::Client::new(); let codes = [307u16, 308]; for &code in &codes { @@ -79,6 +85,9 @@ async fn test_redirect_307_and_308_tries_to_get_again() { #[tokio::test] async fn test_redirect_307_and_308_tries_to_post_again() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let _ = env_logger::try_init(); let client = reqwest::Client::new(); let codes = [307u16, 308]; @@ -168,6 +177,9 @@ fn test_redirect_307_does_not_try_if_reader_cannot_reset() { #[tokio::test] async fn test_redirect_removes_sensitive_headers() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + use tokio::sync::watch; let (tx, rx) = watch::channel::>(None); @@ -215,6 +227,9 @@ async fn test_redirect_removes_sensitive_headers() { #[tokio::test] async fn test_redirect_policy_can_return_errors() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let server = server::http(move |req| async move { assert_eq!(req.uri(), "/loop"); http::Response::builder() @@ -231,6 +246,9 @@ async fn test_redirect_policy_can_return_errors() { #[tokio::test] async fn test_redirect_policy_can_stop_redirects_without_an_error() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let server = server::http(move |req| async move { assert_eq!(req.uri(), "/no-redirect"); http::Response::builder() @@ -257,6 +275,9 @@ async fn test_redirect_policy_can_stop_redirects_without_an_error() { #[tokio::test] async fn test_referer_is_not_set_if_disabled() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let server = server::http(move |req| async move { if req.uri() == "/no-refer" { http::Response::builder() @@ -284,6 +305,9 @@ async fn test_referer_is_not_set_if_disabled() { #[tokio::test] async fn test_invalid_location_stops_redirect_gh484() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let server = server::http(move |_req| async move { http::Response::builder() .status(302) @@ -302,6 +326,9 @@ async fn test_invalid_location_stops_redirect_gh484() { #[tokio::test] async fn test_invalid_scheme_is_rejected() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let server = server::http(move |_req| async move { http::Response::builder() .status(302) diff --git a/tests/timeouts.rs b/tests/timeouts.rs index c18fecdbe..9393497e2 100644 --- a/tests/timeouts.rs +++ b/tests/timeouts.rs @@ -6,6 +6,9 @@ use std::time::Duration; #[tokio::test] async fn client_timeout() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let _ = env_logger::try_init(); let server = server::http(move |_req| { @@ -33,6 +36,9 @@ async fn client_timeout() { #[tokio::test] async fn request_timeout() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let _ = env_logger::try_init(); let server = server::http(move |_req| { @@ -66,6 +72,9 @@ async fn request_timeout() { #[cfg(not(target_arch = "wasm32"))] #[tokio::test] async fn connect_timeout() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let _ = env_logger::try_init(); let client = reqwest::Client::builder() @@ -89,6 +98,9 @@ async fn connect_timeout() { #[cfg(not(target_arch = "wasm32"))] #[tokio::test] async fn connect_many_timeout_succeeds() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let _ = env_logger::try_init(); let server = server::http(move |_req| async { http::Response::default() }); @@ -116,6 +128,9 @@ async fn connect_many_timeout_succeeds() { #[cfg(not(target_arch = "wasm32"))] #[tokio::test] async fn connect_many_timeout() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let _ = env_logger::try_init(); let client = reqwest::Client::builder() @@ -177,6 +192,9 @@ async fn response_timeout() { #[tokio::test] async fn read_timeout_applies_to_headers() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let _ = env_logger::try_init(); let server = server::http(move |_req| { @@ -405,6 +423,9 @@ fn write_timeout_large_body() { #[tokio::test] async fn response_body_timeout_forwards_size_hint() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let _ = env_logger::try_init(); let server = server::http(move |_req| async { http::Response::new(b"hello".to_vec().into()) }); diff --git a/tests/upgrade.rs b/tests/upgrade.rs index 5ea72acc2..a678609a7 100644 --- a/tests/upgrade.rs +++ b/tests/upgrade.rs @@ -5,6 +5,9 @@ use tokio::io::{AsyncReadExt, AsyncWriteExt}; #[tokio::test] async fn http_upgrade() { + #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] + let _ = rustls::crypto::ring::default_provider().install_default(); + let server = server::http(move |req| { assert_eq!(req.method(), "GET"); assert_eq!(req.headers()["connection"], "upgrade"); From 60264b2fb3054fd9caabe15bc47f89066144c82b Mon Sep 17 00:00:00 2001 From: asonix Date: Mon, 3 Jun 2024 14:09:44 -0500 Subject: [PATCH 4/7] tests: badssl: don't install a provider in tests that don't run --- tests/badssl.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/badssl.rs b/tests/badssl.rs index d3b63775b..5f05ee2ee 100644 --- a/tests/badssl.rs +++ b/tests/badssl.rs @@ -9,9 +9,6 @@ ))] #[tokio::test] async fn test_badssl_modern() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let text = reqwest::Client::builder() .no_proxy() .build() From e2aae4a663123afbcc287fad58c44ca744ae54ba Mon Sep 17 00:00:00 2001 From: asonix Date: Mon, 3 Jun 2024 14:52:32 -0500 Subject: [PATCH 5/7] tests: ignore most tests with -no-provider enabled --- Cargo.toml | 1 + src/async_impl/client.rs | 5 ++--- src/async_impl/request.rs | 41 ++------------------------------------- tests/badssl.rs | 15 ++------------ tests/client.rs | 12 ++---------- tests/proxy.rs | 19 +----------------- tests/redirect.rs | 28 +------------------------- tests/timeouts.rs | 22 +-------------------- tests/upgrade.rs | 4 +--- 9 files changed, 13 insertions(+), 134 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index ff7e28bfa..2af1b1785 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -177,6 +177,7 @@ zstd_crate = { package = "zstd", version = "0.13" } doc-comment = "0.3" tokio = { version = "1.0", default-features = false, features = ["macros", "rt-multi-thread"] } futures-util = { version = "0.3.0", default-features = false, features = ["std", "alloc"] } +rustls = { version = "0.23", default-features = false, features = ["ring"] } [target.'cfg(windows)'.dependencies] winreg = "0.52.0" diff --git a/src/async_impl/client.rs b/src/async_impl/client.rs index 5e7577377..6a5c3d819 100644 --- a/src/async_impl/client.rs +++ b/src/async_impl/client.rs @@ -2764,11 +2764,10 @@ fn add_cookie_header(headers: &mut HeaderMap, cookie_store: &dyn cookie::CookieS #[cfg(test)] mod tests { + #![cfg(not(feature = "rustls-tls-manual-roots-no-provider"))] + #[tokio::test] async fn execute_request_rejects_invalid_urls() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let url_str = "hxxps://www.rust-lang.org/"; let url = url::Url::parse(url_str).unwrap(); let result = crate::get(url.clone()).await; diff --git a/src/async_impl/request.rs b/src/async_impl/request.rs index cbaa986ac..aa900ca02 100644 --- a/src/async_impl/request.rs +++ b/src/async_impl/request.rs @@ -649,6 +649,8 @@ impl TryFrom for HttpRequest { #[cfg(test)] mod tests { + #![cfg(not(feature = "rustls-tls-manual-roots-no-provider"))] + use super::{Client, HttpRequest, Request, RequestBuilder, Version}; use crate::Method; use serde::Serialize; @@ -657,9 +659,6 @@ mod tests { #[test] fn add_query_append() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = Client::new(); let some_url = "https://google.com/"; let r = client.get(some_url); @@ -673,9 +672,6 @@ mod tests { #[test] fn add_query_append_same() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = Client::new(); let some_url = "https://google.com/"; let r = client.get(some_url); @@ -688,9 +684,6 @@ mod tests { #[test] fn add_query_struct() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - #[derive(Serialize)] struct Params { foo: String, @@ -714,9 +707,6 @@ mod tests { #[test] fn add_query_map() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let mut params = BTreeMap::new(); params.insert("foo", "bar"); params.insert("qux", "three"); @@ -733,9 +723,6 @@ mod tests { #[test] fn test_replace_headers() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - use http::HeaderMap; let mut headers = HeaderMap::new(); @@ -761,9 +748,6 @@ mod tests { #[test] fn normalize_empty_query() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = Client::new(); let some_url = "https://google.com/"; let empty_query: &[(&str, &str)] = &[]; @@ -780,9 +764,6 @@ mod tests { #[test] fn try_clone_reusable() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = Client::new(); let builder = client .post("http://httpbin.org/post") @@ -800,9 +781,6 @@ mod tests { #[test] fn try_clone_no_body() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = Client::new(); let builder = client.get("http://httpbin.org/get"); let req = builder @@ -830,9 +808,6 @@ mod tests { #[test] fn convert_url_authority_into_basic_auth() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = Client::new(); let some_url = "https://Aladdin:open sesame@localhost/"; @@ -847,9 +822,6 @@ mod tests { #[test] fn test_basic_auth_sensitive_header() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = Client::new(); let some_url = "https://localhost/"; @@ -869,9 +841,6 @@ mod tests { #[test] fn test_bearer_auth_sensitive_header() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = Client::new(); let some_url = "https://localhost/"; @@ -888,9 +857,6 @@ mod tests { #[test] fn test_explicit_sensitive_header() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = Client::new(); let some_url = "https://localhost/"; @@ -948,9 +914,6 @@ mod tests { #[test] fn builder_split_reassemble() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let builder = { let client = Client::new(); client.get("http://example.com") diff --git a/tests/badssl.rs b/tests/badssl.rs index 5f05ee2ee..6d7b80772 100644 --- a/tests/badssl.rs +++ b/tests/badssl.rs @@ -1,12 +1,7 @@ #![cfg(not(target_arch = "wasm32"))] +#![cfg(not(feature = "rustls-tls-manual-roots-no-provider"))] -#[cfg(all( - feature = "__tls", - not(any( - feature = "rustls-tls-manual-roots", - feature = "rustls-tls-manual-roots-no-provider" - )) -))] +#[cfg(all(feature = "__tls", not(feature = "rustls-tls-manual-roots",)))] #[tokio::test] async fn test_badssl_modern() { let text = reqwest::Client::builder() @@ -49,9 +44,6 @@ async fn test_rustls_badssl_modern() { #[cfg(feature = "__tls")] #[tokio::test] async fn test_badssl_self_signed() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let text = reqwest::Client::builder() .danger_accept_invalid_certs(true) .no_proxy() @@ -71,9 +63,6 @@ async fn test_badssl_self_signed() { #[cfg(feature = "__tls")] #[tokio::test] async fn test_badssl_no_built_in_roots() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let result = reqwest::Client::builder() .tls_built_in_root_certs(false) .no_proxy() diff --git a/tests/client.rs b/tests/client.rs index d6e1d0c90..fb3dfe3df 100644 --- a/tests/client.rs +++ b/tests/client.rs @@ -1,4 +1,5 @@ #![cfg(not(target_arch = "wasm32"))] +#![cfg(not(feature = "rustls-tls-manual-roots-no-provider"))] mod support; use support::server; @@ -11,9 +12,6 @@ use reqwest::Client; #[tokio::test] async fn auto_headers() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let server = server::http(move |req| async move { assert_eq!(req.method(), "GET"); @@ -439,13 +437,7 @@ fn update_json_content_type_if_set_manually() { assert_eq!("application/json", req.headers().get(CONTENT_TYPE).unwrap()); } -#[cfg(all( - feature = "__tls", - not(any( - feature = "rustls-tls-manual-roots", - feature = "rustls-tls-manual-roots-no-provider" - )) -))] +#[cfg(all(feature = "__tls", not(feature = "rustls-tls-manual-roots",)))] #[tokio::test] async fn test_tls_info() { let resp = reqwest::Client::builder() diff --git a/tests/proxy.rs b/tests/proxy.rs index 519f6055b..9231a3267 100644 --- a/tests/proxy.rs +++ b/tests/proxy.rs @@ -1,4 +1,5 @@ #![cfg(not(target_arch = "wasm32"))] +#![cfg(not(feature = "rustls-tls-manual-roots-no-provider"))] mod support; use support::server; @@ -6,9 +7,6 @@ use std::env; #[tokio::test] async fn http_proxy() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let url = "http://hyper.rs/prox"; let server = server::http(move |req| { assert_eq!(req.method(), "GET"); @@ -35,9 +33,6 @@ async fn http_proxy() { #[tokio::test] async fn http_proxy_basic_auth() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let url = "http://hyper.rs/prox"; let server = server::http(move |req| { assert_eq!(req.method(), "GET"); @@ -72,9 +67,6 @@ async fn http_proxy_basic_auth() { #[tokio::test] async fn http_proxy_basic_auth_parsed() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let url = "http://hyper.rs/prox"; let server = server::http(move |req| { assert_eq!(req.method(), "GET"); @@ -105,9 +97,6 @@ async fn http_proxy_basic_auth_parsed() { #[tokio::test] async fn system_http_proxy_basic_auth_parsed() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let url = "http://hyper.rs/prox"; let server = server::http(move |req| { assert_eq!(req.method(), "GET"); @@ -150,9 +139,6 @@ async fn system_http_proxy_basic_auth_parsed() { #[tokio::test] async fn test_no_proxy() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let server = server::http(move |req| { assert_eq!(req.method(), "GET"); assert_eq!(req.uri(), "/4"); @@ -212,9 +198,6 @@ async fn test_using_system_proxy() { #[tokio::test] async fn http_over_http() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let url = "http://hyper.rs/prox"; let server = server::http(move |req| { diff --git a/tests/redirect.rs b/tests/redirect.rs index ffa05346b..c496d90d3 100644 --- a/tests/redirect.rs +++ b/tests/redirect.rs @@ -1,4 +1,5 @@ #![cfg(not(target_arch = "wasm32"))] +#![cfg(not(feature = "rustls-tls-manual-roots-no-provider"))] mod support; use http_body_util::BodyExt; use reqwest::Body; @@ -6,9 +7,6 @@ use support::server; #[tokio::test] async fn test_redirect_301_and_302_and_303_changes_post_to_get() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = reqwest::Client::new(); let codes = [301u16, 302, 303]; @@ -46,9 +44,6 @@ async fn test_redirect_301_and_302_and_303_changes_post_to_get() { #[tokio::test] async fn test_redirect_307_and_308_tries_to_get_again() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let client = reqwest::Client::new(); let codes = [307u16, 308]; for &code in &codes { @@ -85,9 +80,6 @@ async fn test_redirect_307_and_308_tries_to_get_again() { #[tokio::test] async fn test_redirect_307_and_308_tries_to_post_again() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let _ = env_logger::try_init(); let client = reqwest::Client::new(); let codes = [307u16, 308]; @@ -177,9 +169,6 @@ fn test_redirect_307_does_not_try_if_reader_cannot_reset() { #[tokio::test] async fn test_redirect_removes_sensitive_headers() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - use tokio::sync::watch; let (tx, rx) = watch::channel::>(None); @@ -227,9 +216,6 @@ async fn test_redirect_removes_sensitive_headers() { #[tokio::test] async fn test_redirect_policy_can_return_errors() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let server = server::http(move |req| async move { assert_eq!(req.uri(), "/loop"); http::Response::builder() @@ -246,9 +232,6 @@ async fn test_redirect_policy_can_return_errors() { #[tokio::test] async fn test_redirect_policy_can_stop_redirects_without_an_error() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let server = server::http(move |req| async move { assert_eq!(req.uri(), "/no-redirect"); http::Response::builder() @@ -275,9 +258,6 @@ async fn test_redirect_policy_can_stop_redirects_without_an_error() { #[tokio::test] async fn test_referer_is_not_set_if_disabled() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let server = server::http(move |req| async move { if req.uri() == "/no-refer" { http::Response::builder() @@ -305,9 +285,6 @@ async fn test_referer_is_not_set_if_disabled() { #[tokio::test] async fn test_invalid_location_stops_redirect_gh484() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let server = server::http(move |_req| async move { http::Response::builder() .status(302) @@ -326,9 +303,6 @@ async fn test_invalid_location_stops_redirect_gh484() { #[tokio::test] async fn test_invalid_scheme_is_rejected() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let server = server::http(move |_req| async move { http::Response::builder() .status(302) diff --git a/tests/timeouts.rs b/tests/timeouts.rs index 9393497e2..c3649ea9f 100644 --- a/tests/timeouts.rs +++ b/tests/timeouts.rs @@ -1,4 +1,5 @@ #![cfg(not(target_arch = "wasm32"))] +#![cfg(not(feature = "rustls-tls-manual-roots-no-provider"))] mod support; use support::server; @@ -6,9 +7,6 @@ use std::time::Duration; #[tokio::test] async fn client_timeout() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let _ = env_logger::try_init(); let server = server::http(move |_req| { @@ -36,9 +34,6 @@ async fn client_timeout() { #[tokio::test] async fn request_timeout() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let _ = env_logger::try_init(); let server = server::http(move |_req| { @@ -72,9 +67,6 @@ async fn request_timeout() { #[cfg(not(target_arch = "wasm32"))] #[tokio::test] async fn connect_timeout() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let _ = env_logger::try_init(); let client = reqwest::Client::builder() @@ -98,9 +90,6 @@ async fn connect_timeout() { #[cfg(not(target_arch = "wasm32"))] #[tokio::test] async fn connect_many_timeout_succeeds() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let _ = env_logger::try_init(); let server = server::http(move |_req| async { http::Response::default() }); @@ -128,9 +117,6 @@ async fn connect_many_timeout_succeeds() { #[cfg(not(target_arch = "wasm32"))] #[tokio::test] async fn connect_many_timeout() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let _ = env_logger::try_init(); let client = reqwest::Client::builder() @@ -192,9 +178,6 @@ async fn response_timeout() { #[tokio::test] async fn read_timeout_applies_to_headers() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let _ = env_logger::try_init(); let server = server::http(move |_req| { @@ -423,9 +406,6 @@ fn write_timeout_large_body() { #[tokio::test] async fn response_body_timeout_forwards_size_hint() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let _ = env_logger::try_init(); let server = server::http(move |_req| async { http::Response::new(b"hello".to_vec().into()) }); diff --git a/tests/upgrade.rs b/tests/upgrade.rs index a678609a7..7a67c0457 100644 --- a/tests/upgrade.rs +++ b/tests/upgrade.rs @@ -1,13 +1,11 @@ #![cfg(not(target_arch = "wasm32"))] +#![cfg(not(feature = "rustls-tls-manual-roots-no-provider"))] mod support; use support::server; use tokio::io::{AsyncReadExt, AsyncWriteExt}; #[tokio::test] async fn http_upgrade() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let server = server::http(move |req| { assert_eq!(req.method(), "GET"); assert_eq!(req.headers()["connection"], "upgrade"); From aa1c9d3f2d384b690247e698b45379a058c5aecc Mon Sep 17 00:00:00 2001 From: asonix Date: Mon, 3 Jun 2024 14:53:24 -0500 Subject: [PATCH 6/7] tests: remove provider from ignored test --- src/async_impl/client.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/async_impl/client.rs b/src/async_impl/client.rs index 6a5c3d819..edc122ef9 100644 --- a/src/async_impl/client.rs +++ b/src/async_impl/client.rs @@ -2781,9 +2781,6 @@ mod tests { /// https://github.com/seanmonstar/reqwest/issues/668 #[tokio::test] async fn execute_request_rejects_invalid_hostname() { - #[cfg(all(feature = "__rustls", not(feature = "__rustls-ring")))] - let _ = rustls::crypto::ring::default_provider().install_default(); - let url_str = "https://{{hostname}}/"; let url = url::Url::parse(url_str).unwrap(); let result = crate::get(url.clone()).await; From 2a44d7094752687ce2845fca6ebcc646830b3e77 Mon Sep 17 00:00:00 2001 From: asonix Date: Mon, 3 Jun 2024 14:54:43 -0500 Subject: [PATCH 7/7] tests: remove introduced commas --- tests/badssl.rs | 2 +- tests/client.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/badssl.rs b/tests/badssl.rs index 6d7b80772..e889e864f 100644 --- a/tests/badssl.rs +++ b/tests/badssl.rs @@ -1,7 +1,7 @@ #![cfg(not(target_arch = "wasm32"))] #![cfg(not(feature = "rustls-tls-manual-roots-no-provider"))] -#[cfg(all(feature = "__tls", not(feature = "rustls-tls-manual-roots",)))] +#[cfg(all(feature = "__tls", not(feature = "rustls-tls-manual-roots")))] #[tokio::test] async fn test_badssl_modern() { let text = reqwest::Client::builder() diff --git a/tests/client.rs b/tests/client.rs index fb3dfe3df..f97b26302 100644 --- a/tests/client.rs +++ b/tests/client.rs @@ -437,7 +437,7 @@ fn update_json_content_type_if_set_manually() { assert_eq!("application/json", req.headers().get(CONTENT_TYPE).unwrap()); } -#[cfg(all(feature = "__tls", not(feature = "rustls-tls-manual-roots",)))] +#[cfg(all(feature = "__tls", not(feature = "rustls-tls-manual-roots")))] #[tokio::test] async fn test_tls_info() { let resp = reqwest::Client::builder()