async_tungstenite/tokio/
rustls.rs1use real_tokio_rustls::rustls::ClientConfig;
2use real_tokio_rustls::{client::TlsStream, TlsConnector};
3use rustls_pki_types::ServerName;
4
5use tungstenite::client::{uri_mode, IntoClientRequest};
6use tungstenite::error::TlsError;
7use tungstenite::handshake::client::Request;
8use tungstenite::stream::Mode;
9use tungstenite::Error;
10
11use std::convert::TryFrom;
12
13use crate::stream::Stream as StreamSwitcher;
14use crate::{client_async_with_config, domain, Response, WebSocketConfig, WebSocketStream};
15
16use super::TokioAdapter;
17
18pub type MaybeTlsStream<S> = StreamSwitcher<TokioAdapter<S>, TokioAdapter<TlsStream<S>>>;
20
21pub type AutoStream<S> = MaybeTlsStream<S>;
22
23pub type Connector = TlsConnector;
24
25async fn wrap_stream<S>(
26 socket: S,
27 domain: String,
28 connector: Option<Connector>,
29 mode: Mode,
30) -> Result<AutoStream<S>, Error>
31where
32 S: 'static + tokio::io::AsyncRead + tokio::io::AsyncWrite + Unpin,
33{
34 match mode {
35 Mode::Plain => Ok(StreamSwitcher::Plain(TokioAdapter::new(socket))),
36 Mode::Tls => {
37 let stream = {
38 let connector = if let Some(connector) = connector {
39 connector
40 } else {
41 #[cfg(feature = "tokio-rustls-manual-roots")]
42 log::error!("tokio-rustls-manual-roots was selected, but no connector was provided! No certificates can be verified in this state.");
43
44 let config_builder = ClientConfig::builder();
45
46 let config_builder = {
47 #[cfg(feature = "tokio-rustls-native-certs")]
48 {
49 use real_tokio_rustls::rustls::RootCertStore;
50
51 let mut root_store = RootCertStore::empty();
52 let mut native_certs = rustls_native_certs::load_native_certs();
53 if let Some(err) = native_certs.errors.drain(..).next() {
54 return Err(
55 std::io::Error::new(std::io::ErrorKind::Other, err).into()
56 );
57 }
58 let native_certs = native_certs.certs;
59 let total_number = native_certs.len();
60 let (number_added, number_ignored) =
61 root_store.add_parsable_certificates(native_certs);
62 log::debug!("Added {number_added}/{total_number} native root certificates (ignored {number_ignored})");
63 config_builder.with_root_certificates(root_store)
64 }
65 #[cfg(feature = "tokio-rustls-platform-verifier")]
66 {
67 use rustls_platform_verifier::BuilderVerifierExt;
68 config_builder
69 .with_platform_verifier()
70 .map_err(|err| Error::Tls(TlsError::Rustls(err.into())))?
71 }
72 #[cfg(feature = "tokio-rustls-manual-roots")]
73 {
74 use real_tokio_rustls::rustls::RootCertStore;
75
76 config_builder.with_root_certificates(RootCertStore::empty())
77 }
78 #[cfg(all(
79 feature = "tokio-rustls-webpki-roots",
80 not(feature = "tokio-rustls-native-certs"),
81 not(feature = "tokio-rustls-platform-verifier"),
82 not(feature = "tokio-rustls-manual-roots")
83 ))]
84 {
85 use real_tokio_rustls::rustls::RootCertStore;
86
87 let mut root_store = RootCertStore::empty();
88 root_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
89 config_builder.with_root_certificates(root_store)
90 }
91 };
92 TlsConnector::from(std::sync::Arc::new(config_builder.with_no_client_auth()))
93 };
94 let domain = ServerName::try_from(domain)
95 .map_err(|_| Error::Tls(TlsError::InvalidDnsName))?;
96 connector.connect(domain, socket).await?
97 };
98 Ok(StreamSwitcher::Tls(TokioAdapter::new(stream)))
99 }
100 }
101}
102
103pub async fn client_async_tls_with_connector_and_config<R, S>(
107 request: R,
108 stream: S,
109 connector: Option<Connector>,
110 config: Option<WebSocketConfig>,
111) -> Result<(WebSocketStream<AutoStream<S>>, Response), Error>
112where
113 R: IntoClientRequest + Unpin,
114 S: 'static + tokio::io::AsyncRead + tokio::io::AsyncWrite + Unpin,
115 AutoStream<S>: Unpin,
116{
117 let request: Request = request.into_client_request()?;
118
119 let domain = domain(&request)?;
120
121 let mode = uri_mode(request.uri())?;
123
124 let stream = wrap_stream(stream, domain, connector, mode).await?;
125 client_async_with_config(request, stream, config).await
126}