-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use rustls
default provider unless specified
#2423
Comments
I hope that ring would still remain an option even if aws-lc-rs becomes available as a feature. For those without compliance need, ring is much more lightweight. |
I think the library should not eliminate the potential to have another choice. ring may be lightweight but was-lc could have other benefits. My current implementation is to build the requester myself: use std::sync::OnceLock;
use reqwest::Client;
use rustls::{ClientConfig, RootCertStore};
use webpki_roots::TLS_SERVER_ROOTS;
static HTTP_CLIENT: OnceLock<Client> = OnceLock::new();
pub fn client() -> Client {
HTTP_CLIENT.get_or_init(init_client).clone()
}
fn init_client() -> Client {
static USER_AGENT: &str = concat!(env!("CARGO_PKG_NAME"), "/", env!("CARGO_PKG_VERSION"),);
let cert_store: RootCertStore = TLS_SERVER_ROOTS.iter().cloned().collect();
let mut tls = ClientConfig::builder().with_root_certificates(cert_store).with_no_client_auth();
tls.enable_early_data = true;
tls.alpn_protocols = vec!["h2".into(), "http/1.1".into()];
let client = Client::builder().use_preconfigured_tls(tls).user_agent(USER_AGENT).build();
match client {
Ok(client) => client,
Err(e) => {
log::error!("{e}");
panic!("{e}");
}
}
} Most of the code to build the |
Seems to be covered well here: https://www.reddit.com/r/rust/comments/1de13y6/ring_vs_awslcrs/ |
Starting from
rustls
0.23, the backend provider isaws-lc-rs
. However,request
hard coded manyring
s, especially the defaultrustls-tls
feature. Will this change in the future to use the default setup fromrustls
unless some more other features specified?The text was updated successfully, but these errors were encountered: