-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add tls_info
/ TlsInfo
for access to peer's leaf certificate
#1938
Conversation
New to the feature combinatorics hell in Rust — is there a better way to run tests in all relevant feature combinations at-desk than to manually run cargo with all feature combos that seem relevant? |
I'm not sure, it is very unfortunate, sorry. But that is why that one CI job exists, to test all the things I'd never try locally. |
The MSRV failure looks unrelated to this change. |
Very cool. I was thinking of making a change like this myself today, but found this PR first. Hopefully the tls version, cipher suite, and raw certificate can make it into the extension. |
https_info
/ HttpsInfo
for access to peer's leaf certificatetls_info
/ TlsInfo
for access to peer's leaf certificate
src/lib.rs
Outdated
@@ -326,6 +326,8 @@ if_hyper! { | |||
#[cfg(feature = "multipart")] | |||
pub use self::async_impl::multipart; | |||
|
|||
#[cfg(feature = "__tls")] | |||
pub use self::tls::TlsInfo; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I'd suggest leaving this re-export out, and then I think we can ship this!
Bumps reqwest from 0.11.20 to 0.11.21. Release notes Sourced from reqwest's releases. v0.11.21 What's Changed Add automatically detecting macOS proxy settings. Add ClientBuilder::tls_info(bool), which will put tls::TlsInfo into the response extensions. Fix trust-dns resolver from possible hangs. Fix connect timeout to be split among multiple IP addresses. New Contributors @SpeedReach made their first contribution in seanmonstar/reqwest#1960 @jefflloyd made their first contribution in seanmonstar/reqwest#1955 @droe made their first contribution in seanmonstar/reqwest#1938 @conradludgate made their first contribution in seanmonstar/reqwest#1940 Changelog Sourced from reqwest's changelog. v0.11.21 Add automatically detecting macOS proxy settings. Add ClientBuilder::tls_info(bool), which will put tls::TlsInfo into the response extensions. Fix trust-dns resolver from possible hangs. Fix connect timeout to be split among multiple IP addresses. Commits d050e60 v0.11.21 2a881fb fix: split connect timeout for multiple IPs (#1940) 17c893f Bump actions/checkout from 3 to 4 (#1968) 10d9d23 Add tls_info / TlsInfo for access to peer's leaf certificate (#1938) d3d95a5 Optimize TrustDnsResolver (#1967) 0292486 dep: Upgrade trust-dns-resolver from v0.22 to v0.23 (#1965) 70d100c Feature: auto detect MacOS proxy settings (#1955) 34f6c70 Added wasm in the docs. (#1960) See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
This adds a
HttpsInfo
extension into responses when configuring a client withhttps_info(true)
. The extension can be obtained by callers to get access to the peer's leaf certificate. Works with both native and rustls TLS. Fixes #1428.Not sure if this is the best way to solve it, but it works, doesn't expose TLS connector specific types, and should not cause overhead unless enabled. Happy to refactor and clean up as much as needed for this to go in.