refactor: move webpki into separate feature, reorder deps

2024-08-09 17:37:16 +04:00 · 2024-08-09 17:37:16 +04:00 · cc8a62c19e
commit cc8a62c19e
parent 6e4722d060
4 changed files with 48 additions and 43 deletions
--- a/src/client/builder.rs
+++ b/src/client/builder.rs
@ -7,12 +7,10 @@ use crate::{
    Client,
 };

-use tokio_rustls::rustls::{
-    self,
-    client::{danger::ServerCertVerifier, WebPkiServerVerifier},
-    pki_types::TrustAnchor,
-    SupportedProtocolVersion,
-};
+use tokio_rustls::rustls::{self, client::danger::ServerCertVerifier, SupportedProtocolVersion};
+
+#[cfg(feature = "webpki")]
+use tokio_rustls::rustls::{client::WebPkiServerVerifier, pki_types::TrustAnchor};

 /// Builder for creating configured [`Client`] instance
 pub struct ClientBuilder {
@ -58,24 +56,32 @@ impl ClientBuilder {
        let tls_config = if let Some(cv) = self.custom_verifier {
            tls_config.dangerous().with_custom_certificate_verifier(cv)
        } else if let Some(ssv) = self.ss_verifier {
+            let webpki_verifier = {
+                #[cfg(feature = "webpki")]
+                if !self.root_certs.is_empty() {
+                    Some(
+                        WebPkiServerVerifier::builder_with_provider(
+                            Arc::new(self.root_certs),
+                            provider.clone(),
+                        )
+                        .build()
+                        // panics only if roots are empty (that is checked above)
+                        // or CRLs couldn't be parsed (we didn't provide any)
+                        .unwrap(),
+                    )
+                } else {
+                    None
+                }
+
+                #[cfg(not(feature = "webpki"))]
+                None
+            };
+
            tls_config
                .dangerous()
                .with_custom_certificate_verifier(Arc::new(CustomCertVerifier {
                    provider: provider.clone(),
-                    webpki_verifier: if !self.root_certs.is_empty() {
-                        Some(
-                            WebPkiServerVerifier::builder_with_provider(
-                                Arc::new(self.root_certs),
-                                provider,
-                            )
-                            .build()
-                            // panics only if roots are empty (that is checked above)
-                            // or CRLs couldn't be parsed (we didn't provide any)
-                            .unwrap(),
-                        )
-                    } else {
-                        None
-                    },
+                    webpki_verifier,
                    ss_allowed: true,
                    ss_verifier: ssv,
                }))
@ -102,6 +108,7 @@ impl ClientBuilder {
    /// Include webpki trust anchors.
    /// Not recommended (useless) as most Gemini capsules use self-signed
    /// TLS certs and properly configured TOFU policy is enough.
+    #[cfg(feature = "webpki")]
    pub fn with_webpki_roots(mut self) -> Self {
        self.root_certs
            .extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
@ -110,6 +117,7 @@ impl ClientBuilder {

    /// Include custom trust anchors.
    /// Not recommended (useless), see note for [`ClientBuilder::with_webpki_roots`].
+    #[cfg(feature = "webpki")]
    pub fn with_custom_roots(
        mut self,
        iter: impl IntoIterator<Item = TrustAnchor<'static>>,