hickory_proto/rustls/
mod.rs

1// Copyright 2015-2021 Benjamin Fry <benjaminfry@me.com>
2//
3// Licensed under the Apache License, Version 2.0, <LICENSE-APACHE or
4// https://apache.org/licenses/LICENSE-2.0> or the MIT license <LICENSE-MIT or
5// https://opensource.org/licenses/MIT>, at your option. This file may not be
6// copied, modified, or distributed except according to those terms.
7
8//! TLS protocol related components for DNS over TLS
9
10use alloc::sync::Arc;
11
12#[cfg(not(feature = "rustls-platform-verifier"))]
13use rustls::RootCertStore;
14use rustls::{
15    ClientConfig,
16    crypto::{self, CryptoProvider},
17};
18#[cfg(feature = "rustls-platform-verifier")]
19use rustls_platform_verifier::BuilderVerifierExt;
20
21pub mod tls_client_stream;
22pub mod tls_stream;
23
24pub use self::tls_client_stream::{
25    TlsClientStream, tls_client_connect, tls_client_connect_with_bind_addr,
26};
27pub use self::tls_stream::{TlsStream, tls_connect, tls_connect_with_bind_addr, tls_from_stream};
28
29/// Make a new [`ClientConfig`] with the default settings
30pub fn client_config() -> ClientConfig {
31    let builder = ClientConfig::builder_with_provider(Arc::new(default_provider()))
32        .with_safe_default_protocol_versions()
33        .unwrap();
34
35    #[cfg(feature = "rustls-platform-verifier")]
36    let builder = builder.with_platform_verifier();
37    #[cfg(not(feature = "rustls-platform-verifier"))]
38    let builder = builder.with_root_certificates({
39        #[cfg_attr(not(feature = "webpki-roots"), allow(unused_mut))]
40        let mut root_store = RootCertStore::empty();
41        #[cfg(feature = "webpki-roots")]
42        root_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
43        root_store
44    });
45
46    builder.with_no_client_auth()
47}
48
49/// Instantiate a new [`CryptoProvider`] for use with rustls
50#[cfg(all(feature = "tls-aws-lc-rs", not(feature = "tls-ring")))]
51pub fn default_provider() -> CryptoProvider {
52    crypto::aws_lc_rs::default_provider()
53}
54
55/// Instantiate a new [`CryptoProvider`] for use with rustls
56#[cfg(feature = "tls-ring")]
57pub fn default_provider() -> CryptoProvider {
58    crypto::ring::default_provider()
59}