diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4293fb7d..3e440608 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,17 +5,23 @@ version: 2 updates: # Enable version updates for cargo - package-ecosystem: "cargo" - # Look for `Cargo.toml` and `lock` files in the `root` directory directory: "/" - # Check the crates.io for updates every day (weekdays) + schedule: + interval: "daily" + + - package-ecosystem: "cargo" + directory: "/rpxy-bin" + schedule: + interval: "daily" + + - package-ecosystem: "cargo" + directory: "/rpxy-lib" schedule: interval: "daily" # Enable version updates for Docker - package-ecosystem: "docker" - # Look for a `Dockerfile` in the `root` directory - directory: "/" - # Check for updates everyday + directory: "/docker" schedule: interval: "daily" @@ -23,5 +29,4 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - # Check for updates everyday interval: "daily" diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index 0e5f4b4b..98ff827c 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -16,6 +16,7 @@ default = ["http3-quinn", "cache"] http3-quinn = ["rpxy-lib/http3-quinn"] http3-s2n = ["rpxy-lib/http3-s2n"] cache = ["rpxy-lib/cache"] +native-roots = ["rpxy-lib/native-roots"] [dependencies] rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [ diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index f781f0cd..0b0d3ee9 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -17,6 +17,7 @@ http3-quinn = ["quinn", "h3", "h3-quinn", "socket2"] http3-s2n = ["h3", "s2n-quic", "s2n-quic-rustls", "s2n-quic-h3"] sticky-cookie = ["base64", "sha2", "chrono"] cache = ["http-cache-semantics", "lru"] +native-roots = ["hyper-rustls/native-tokio"] [dependencies] rand = "0.8.5" diff --git a/rpxy-lib/src/handler/forwarder.rs b/rpxy-lib/src/handler/forwarder.rs index 43cf098d..369ba564 100644 --- a/rpxy-lib/src/handler/forwarder.rs +++ b/rpxy-lib/src/handler/forwarder.rs @@ -118,18 +118,22 @@ where impl Forwarder, Body> { /// Build forwarder pub async fn new(_globals: &std::sync::Arc>) -> Self { - // let connector = TrustDnsResolver::default().into_rustls_webpki_https_connector(); - let connector = hyper_rustls::HttpsConnectorBuilder::new() - .with_webpki_roots() - .https_or_http() - .enable_http1() - .enable_http2() - .build(); - let connector_h2 = hyper_rustls::HttpsConnectorBuilder::new() - .with_webpki_roots() - .https_or_http() - .enable_http2() - .build(); + #[cfg(feature = "native-roots")] + let builder = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots(); + #[cfg(feature = "native-roots")] + let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots(); + #[cfg(feature = "native-roots")] + info!("Native cert store is used for the connection to backend applications"); + + #[cfg(not(feature = "native-roots"))] + let builder = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots(); + #[cfg(not(feature = "native-roots"))] + let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots(); + #[cfg(not(feature = "native-roots"))] + info!("Mozilla WebPKI root certs is used for the connection to backend applications"); + + let connector = builder.https_or_http().enable_http1().enable_http2().build(); + let connector_h2 = builder_h2.https_or_http().enable_http2().build(); let inner = Client::builder().build::<_, Body>(connector); let inner_h2 = Client::builder().http2_only(true).build::<_, Body>(connector_h2);