Skip to content

Commit

Permalink
feat: add a feature to use native root store for connection from prox…
Browse files Browse the repository at this point in the history
…y to the backend application
  • Loading branch information
junkurihara committed Oct 11, 2023
1 parent af2bc58 commit 1c84ef7
Show file tree
Hide file tree
Showing 4 changed files with 29 additions and 18 deletions.
17 changes: 11 additions & 6 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,28 @@ version: 2
updates:
# Enable version updates for cargo
- package-ecosystem: "cargo"
# Look for `Cargo.toml` and `lock` files in the `root` directory
directory: "/"
# Check the crates.io for updates every day (weekdays)
schedule:
interval: "daily"

- package-ecosystem: "cargo"
directory: "/rpxy-bin"
schedule:
interval: "daily"

- package-ecosystem: "cargo"
directory: "/rpxy-lib"
schedule:
interval: "daily"

# Enable version updates for Docker
- package-ecosystem: "docker"
# Look for a `Dockerfile` in the `root` directory
directory: "/"
# Check for updates everyday
directory: "/docker"
schedule:
interval: "daily"

# Enable version updates for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
# Check for updates everyday
interval: "daily"
1 change: 1 addition & 0 deletions rpxy-bin/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ default = ["http3-quinn", "cache"]
http3-quinn = ["rpxy-lib/http3-quinn"]
http3-s2n = ["rpxy-lib/http3-s2n"]
cache = ["rpxy-lib/cache"]
native-roots = ["rpxy-lib/native-roots"]

[dependencies]
rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [
Expand Down
1 change: 1 addition & 0 deletions rpxy-lib/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ http3-quinn = ["quinn", "h3", "h3-quinn", "socket2"]
http3-s2n = ["h3", "s2n-quic", "s2n-quic-rustls", "s2n-quic-h3"]
sticky-cookie = ["base64", "sha2", "chrono"]
cache = ["http-cache-semantics", "lru"]
native-roots = ["hyper-rustls/native-tokio"]

[dependencies]
rand = "0.8.5"
Expand Down
28 changes: 16 additions & 12 deletions rpxy-lib/src/handler/forwarder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -118,18 +118,22 @@ where
impl Forwarder<HttpsConnector<HttpConnector>, Body> {
/// Build forwarder
pub async fn new<T: CryptoSource>(_globals: &std::sync::Arc<Globals<T>>) -> Self {
// let connector = TrustDnsResolver::default().into_rustls_webpki_https_connector();
let connector = hyper_rustls::HttpsConnectorBuilder::new()
.with_webpki_roots()
.https_or_http()
.enable_http1()
.enable_http2()
.build();
let connector_h2 = hyper_rustls::HttpsConnectorBuilder::new()
.with_webpki_roots()
.https_or_http()
.enable_http2()
.build();
#[cfg(feature = "native-roots")]
let builder = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots();
#[cfg(feature = "native-roots")]
let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots();
#[cfg(feature = "native-roots")]
info!("Native cert store is used for the connection to backend applications");

#[cfg(not(feature = "native-roots"))]
let builder = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots();
#[cfg(not(feature = "native-roots"))]
let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots();
#[cfg(not(feature = "native-roots"))]
info!("Mozilla WebPKI root certs is used for the connection to backend applications");

let connector = builder.https_or_http().enable_http1().enable_http2().build();
let connector_h2 = builder_h2.https_or_http().enable_http2().build();

let inner = Client::builder().build::<_, Body>(connector);
let inner_h2 = Client::builder().http2_only(true).build::<_, Body>(connector_h2);
Expand Down

0 comments on commit 1c84ef7

Please sign in to comment.