rust_integration_services/http/client/
http_client_config.rs

1use rustls::{ClientConfig, RootCertStore};
2use webpki_roots::TLS_SERVER_ROOTS;
3
4use crate::http::crypto::Crypto;
5
6pub struct HttpClientConfig {
7    pub tls_config: ClientConfig,
8}
9
10impl HttpClientConfig {
11    /// Creates a new instance with a default set of trusted root CAs.
12    /// 
13    /// By default, the client trusts the system native root certs in addition to Mozilla root certificates provided by the
14    /// [`webpki_roots`](https://docs.rs/webpki-roots) crate.
15    /// 
16    pub fn new() -> Self {
17        let mut root_cert_store = RootCertStore::empty();
18        root_cert_store.extend(TLS_SERVER_ROOTS.iter().cloned());
19        let native_certs = rustls_native_certs::load_native_certs();
20        for cert in native_certs.certs {
21            root_cert_store.add(cert).unwrap();
22        }
23        for error in native_certs.errors {
24            tracing::warn!("failed to load native cert: {:?}", error);
25        }
26
27        if let Err(error) = Crypto::install_crypto_provider() {
28            tracing::warn!("failed to install crypto provider: {:?}", error);
29        }
30
31        let mut tls_config = ClientConfig::builder()
32        .with_root_certificates(root_cert_store.clone())
33        .with_no_client_auth();
34
35        tls_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
36
37        HttpClientConfig {
38            tls_config,
39        }
40    }
41}

rust_integration_services/http/client/http_client_config.rs

rust_integration_services/http/client/
http_client_config.rs