seanmonstar
Use `rustls` default provider unless specified
Starting from rustls 0.23, the backend provider is aws-lc-rs. However, request hard coded many rings, especially the default rustls-tls feature. Will this change in the future to use the default setup from rustls unless some more other features specified?
I hope that ring would still remain an option even if aws-lc-rs becomes available as a feature. For those without compliance need, ring is much more lightweight.
I hope that ring would still remain an option even if aws-lc-rs. For those without compliance need, ring is much more lightweight.
I think the library should not eliminate the potential to have another choice. ring may be lightweight but was-lc could have other benefits.
My current implementation is to build the requester myself:
use std::sync::OnceLock;
use reqwest::Client;
use rustls::{ClientConfig, RootCertStore};
use webpki_roots::TLS_SERVER_ROOTS;
static HTTP_CLIENT: OnceLock<Client> = OnceLock::new();
pub fn client() -> Client {
HTTP_CLIENT.get_or_init(init_client).clone()
}
fn init_client() -> Client {
static USER_AGENT: &str = concat!(env!("CARGO_PKG_NAME"), "/", env!("CARGO_PKG_VERSION"),);
let cert_store: RootCertStore = TLS_SERVER_ROOTS.iter().cloned().collect();
let mut tls = ClientConfig::builder().with_root_certificates(cert_store).with_no_client_auth();
tls.enable_early_data = true;
tls.alpn_protocols = vec!["h2".into(), "http/1.1".into()];
let client = Client::builder().use_preconfigured_tls(tls).user_agent(USER_AGENT).build();
match client {
Ok(client) => client,
Err(e) => {
log::error!("{e}");
panic!("{e}");
}
}
}
Most of the code to build the Client is copied from reqwest, and no hard coding ring or was_lc_rs. However, install_default() should be called before the client initialized.
ring may be lightweight but aws-lc could have other benefits.
Seems to be covered well here: https://www.reddit.com/r/rust/comments/1de13y6/ring_vs_awslcrs/
