implement client builder for native-tls

ton-anywhere · ton-anywhere · commit 1ad18eb9b4c4 · 2026-03-07T00:15:47.000+01:00
diff --git a/bitreq/src/client.rs b/bitreq/src/client.rs
@@ -9,32 +9,47 @@
 use std::collections::{hash_map, HashMap, VecDeque};
 use std::sync::{Arc, Mutex};
 
-#[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+#[cfg(any(
+    all(feature = "native-tls", feature = "tokio-native-tls"),
+    all(feature = "rustls", feature = "tokio-rustls")
+))]
 use crate::connection::certificates::{Certificates, CertificatesBuilder};
 use crate::connection::AsyncConnection;
 use crate::request::{OwnedConnectionParams as ConnectionKey, ParsedRequest};
 use crate::{Error, Request, Response};
 
 #[derive(Clone)]
 pub(crate) struct ClientConfig {
-    #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+    #[cfg(any(
+        all(feature = "native-tls", feature = "tokio-native-tls"),
+        all(feature = "rustls", feature = "tokio-rustls")
+    ))]
     pub(crate) tls: Option<TlsConfig>,
 }
 
-#[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+#[cfg(any(
+    all(feature = "native-tls", feature = "tokio-native-tls"),
+    all(feature = "rustls", feature = "tokio-rustls")
+))]
 #[derive(Clone)]
 pub(crate) struct TlsConfig {
     pub(crate) certificates: Certificates,
 }
 
-#[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+#[cfg(any(
+    all(feature = "native-tls", feature = "tokio-native-tls"),
+    all(feature = "rustls", feature = "tokio-rustls")
+))]
 impl TlsConfig {
     fn new(certificates: Certificates) -> Self { Self { certificates } }
 }
 
 pub struct ClientBuilder {
     capacity: usize,
-    #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+    #[cfg(any(
+        all(feature = "native-tls", feature = "tokio-native-tls"),
+        all(feature = "rustls", feature = "tokio-rustls")
+    ))]
     certificates: Option<CertificatesBuilder>,
 }
 
@@ -56,11 +71,17 @@ pub struct ClientBuilder {
 /// ```
 impl ClientBuilder {
     /// Creates a new `ClientBuilder` with a default pool capacity of 10.
-    #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+    #[cfg(any(
+        all(feature = "native-tls", feature = "tokio-native-tls"),
+        all(feature = "rustls", feature = "tokio-rustls")
+    ))]
     pub fn new() -> Self { Self { capacity: 10, certificates: None } }
 
     /// Creates a new `ClientBuilder` with a default pool capacity of 10.
-    #[cfg(not(all(feature = "rustls", feature = "tokio-rustls")))]
+    #[cfg(not(any(
+        all(feature = "native-tls", feature = "tokio-native-tls"),
+        all(feature = "rustls", feature = "tokio-rustls")
+    )))]
     pub fn new() -> Self { Self { capacity: 10 } }
 
     /// Sets the maximum number of connections to keep in the pool.
@@ -69,7 +90,10 @@ impl ClientBuilder {
         self
     }
 
-    #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+    #[cfg(any(
+        all(feature = "native-tls", feature = "tokio-native-tls"),
+        all(feature = "rustls", feature = "tokio-rustls")
+    ))]
     /// Builds the `Client` with the configured settings.
     pub fn build(self) -> Result<Client, Error> {
         let build_config = if let Some(builder) = self.certificates {
@@ -92,7 +116,10 @@ impl ClientBuilder {
     }
 
     /// Builds the `Client` with the configured settings.
-    #[cfg(not(any(all(feature = "rustls", feature = "tokio-rustls"))))]
+    #[cfg(not(any(
+        all(feature = "native-tls", feature = "tokio-native-tls"),
+        all(feature = "rustls", feature = "tokio-rustls")
+    )))]
     pub fn build(self) -> Result<Client, Error> {
         Ok(Client {
             r#async: Arc::new(Mutex::new(ClientImpl {
@@ -122,7 +149,10 @@ impl ClientBuilder {
     /// # Ok(())
     /// # }
     /// ```
-    #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+    #[cfg(any(
+        all(feature = "native-tls", feature = "tokio-native-tls"),
+        all(feature = "rustls", feature = "tokio-rustls")
+    ))]
     pub fn with_root_certificate<T: Into<Vec<u8>>>(mut self, cert_der: T) -> Result<Self, Error> {
         let cert_der = cert_der.into();
         if let Some(ref mut certificates) = self.certificates {
@@ -137,7 +167,10 @@ impl ClientBuilder {
 
     /// Disables default root certificates for TLS connections.
     /// Returns [`Error::InvalidTlsConfig`] if TLS has not been configured.
-    #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+    #[cfg(any(
+        all(feature = "native-tls", feature = "tokio-native-tls"),
+        all(feature = "rustls", feature = "tokio-rustls")
+    ))]
     pub fn disable_default_certificates(mut self) -> Result<Self, Error> {
         match self.certificates {
             Some(ref mut certificates) => certificates.disable_default()?,
diff --git a/bitreq/src/connection.rs b/bitreq/src/connection.rs
@@ -31,8 +31,10 @@ use crate::{Error, Method, ResponseLazy};
 
 type UnsecuredStream = TcpStream;
 
-
-#[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+#[cfg(any(
+    all(feature = "native-tls", feature = "tokio-native-tls"),
+    all(feature = "rustls", feature = "tokio-rustls")
+))]
 pub(crate) mod certificates;
 #[cfg(any(feature = "rustls", feature = "native-tls"))]
 mod rustls_stream;
diff --git a/bitreq/src/connection/certificates.rs b/bitreq/src/connection/certificates.rs
@@ -1,8 +1,12 @@
 #[cfg(any(feature = "rustls", feature = "native-tls"))]
 use std::sync::Arc;
 
+#[cfg(all(feature = "native-tls", not(feature = "rustls")))]
+use native_tls::{Certificate, TlsConnector, TlsConnectorBuilder};
 #[cfg(feature = "rustls")]
 use rustls::RootCertStore;
+#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+use tokio_native_tls::TlsConnector as AsyncTlsConnector;
 #[cfg(feature = "rustls-webpki")]
 use webpki_roots::TLS_SERVER_ROOTS;
 
@@ -14,6 +18,11 @@ pub(crate) struct CertificatesBuilder {
     pub(crate) disable_default: bool,
 }
 
+#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+pub(crate) struct CertificatesBuilder {
+    pub(crate) inner: TlsConnectorBuilder,
+}
+
 impl CertificatesBuilder {
     #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
     pub(crate) fn new(cert_der: Option<Vec<u8>>) -> Result<Self, Error> {
@@ -26,13 +35,41 @@ impl CertificatesBuilder {
         Ok(certificates)
     }
 
+    #[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+    pub(crate) fn new(cert_der: Option<Vec<u8>>) -> Result<Self, Error> {
+        let builder = TlsConnector::builder();
+        let mut certificates = Self { inner: builder };
+
+        if let Some(cert_der) = cert_der {
+            certificates.append_certificate(cert_der)?;
+        }
+
+        Ok(certificates)
+    }
+
     #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
     pub(crate) fn append_certificate(&mut self, cert_der: Vec<u8>) -> Result<&mut Self, Error> {
         self.inner.add(&rustls::Certificate(cert_der)).map_err(Error::RustlsAppendCert)?;
 
         Ok(self)
     }
 
+    #[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+    pub(crate) fn append_certificate(&mut self, cert_der: Vec<u8>) -> Result<&mut Self, Error> {
+        let certificate = Certificate::from_der(&cert_der)?;
+        self.inner.add_root_certificate(certificate);
+
+        Ok(self)
+    }
+
+    #[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+    pub(crate) fn build(self) -> Result<Certificates, Error> {
+        let connector = self.inner.build()?;
+        let async_connector = AsyncTlsConnector::from(connector);
+
+        Ok(Certificates(Arc::new(async_connector)))
+    }
+
     #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
     pub(crate) fn build(mut self) -> Result<Certificates, Error> {
         if !self.disable_default {
@@ -74,8 +111,18 @@ impl CertificatesBuilder {
         self.disable_default = true;
         Ok(self)
     }
+
+    #[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+    pub(crate) fn disable_default(&mut self) -> Result<&mut Self, Error> {
+        self.inner.disable_built_in_roots(true);
+        Ok(self)
+    }
 }
 
 #[derive(Clone)]
 #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
 pub(crate) struct Certificates(pub(crate) Arc<RootCertStore>);
+
+#[derive(Clone)]
+#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+pub(crate) struct Certificates(pub(crate) Arc<AsyncTlsConnector>);
diff --git a/bitreq/src/connection/rustls_stream.rs b/bitreq/src/connection/rustls_stream.rs
@@ -28,7 +28,10 @@ use super::HttpStream;
     all(feature = "rustls", feature = "tokio-rustls")
 ))]
 use super::{AsyncHttpStream, AsyncTcpStream};
-#[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+#[cfg(any(
+    all(feature = "native-tls", feature = "tokio-native-tls"),
+    all(feature = "rustls", feature = "tokio-rustls")
+))]
 use crate::connection::certificates::Certificates;
 use crate::Error;
 
@@ -217,21 +220,21 @@ pub(super) async fn wrap_async_stream(
     Ok(AsyncHttpStream::Secured(Box::new(tls)))
 }
 
-// #[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
-// pub(super) async fn wrap_async_stream_with_configs(
-//     tcp: AsyncTcpStream,
-//     host: &str,
-//     client_configs: Certificates,
-// ) -> Result<AsyncHttpStream, Error> {
-//     #[cfg(feature = "log")]
-//     log::trace!("Setting up TLS parameters for {host}.");
+#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+pub(super) async fn wrap_async_stream_with_configs(
+    tcp: AsyncTcpStream,
+    host: &str,
+    client_configs: Certificates,
+) -> Result<AsyncHttpStream, Error> {
+    #[cfg(feature = "log")]
+    log::trace!("Setting up TLS parameters for {host}.");
 
-//     let async_connector = client_configs.0;
+    let async_connector = client_configs.0;
 
-//     #[cfg(feature = "log")]
-//     log::trace!("Establishing TLS session to {host}.");
+    #[cfg(feature = "log")]
+    log::trace!("Establishing TLS session to {host}.");
 
-//     let tls = async_connector.connect(host, tcp).await?;
+    let tls = async_connector.connect(host, tcp).await?;
 
-//     Ok(AsyncHttpStream::Secured(Box::new(tls)))
-// }
+    Ok(AsyncHttpStream::Secured(Box::new(tls)))
+}
diff --git a/bitreq/src/error.rs b/bitreq/src/error.rs
@@ -28,6 +28,9 @@ pub enum Error {
     #[cfg(feature = "native-tls")]
     /// Ran into a native-tls error while creating the connection.
     NativeTlsCreateConnection(native_tls::Error),
+    #[cfg(feature = "native-tls")]
+    /// Ran into a native-tls error while appending a certificate.
+    NativeTlsAppendCert,
     #[cfg(any(feature = "rustls", feature = "native-tls"))]
     /// The current TLS configuration is invalid.
     InvalidTlsConfig,
@@ -114,6 +117,8 @@ impl fmt::Display for Error {
             RustlsAppendCert(err) => write!(f, "error appending certificate: {}", err),
             #[cfg(feature = "native-tls")]
             NativeTlsCreateConnection(err) => write!(f, "error creating native-tls connection: {}", err),
+            #[cfg(feature = "native-tls")]
+            NativeTlsAppendCert => write!(f, "error appending certificate"),
             #[cfg(any(feature = "rustls", feature = "native-tls"))]
             InvalidTlsConfig => write!(f, "error disabling default certificates. Must have custom cert."),
             MalformedChunkLength => write!(f, "non-usize chunk length with transfer-encoding: chunked"),
diff --git a/bitreq/tests/main.rs b/bitreq/tests/main.rs
@@ -52,6 +52,15 @@ async fn test_https_with_client_builder() {
     assert_eq!(response.status_code, 200);
 }
 
+#[tokio::test]
+#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+async fn test_https_with_client_builder() {
+    setup();
+    let client = bitreq::Client::builder().build().unwrap();
+    let response = client.send_async(bitreq::get("https://example.com")).await.unwrap();
+    assert_eq!(response.status_code, 200);
+}
+
 #[tokio::test]
 #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
 async fn test_https_with_client_builder_and_cert() {
@@ -66,6 +75,39 @@ async fn test_https_with_client_builder_and_cert() {
     assert_eq!(response.status_code, 200);
 }
 
+#[tokio::test]
+#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+async fn test_https_with_client_builder_and_cert() {
+    setup();
+    let cert_der = include_bytes!("test_cert.der");
+    let client = bitreq::Client::builder()
+        .with_root_certificate(cert_der.as_slice())
+        .unwrap()
+        .build()
+        .unwrap();
+    let response = client.send_async(bitreq::get("https://example.com")).await.unwrap();
+    assert_eq!(response.status_code, 200);
+}
+
+#[tokio::test]
+#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+async fn test_https_with_multiple_certs() {
+    setup();
+    let cert_der = include_bytes!("test_cert.der");
+    let ca_der = include_bytes!("ca_cert.der");
+
+    let client = bitreq::Client::builder()
+        .with_root_certificate(cert_der.as_slice())
+        .unwrap()
+        .with_root_certificate(ca_der.as_slice())
+        .unwrap()
+        .build()
+        .unwrap();
+
+    let response = client.send_async(bitreq::get("https://example.com")).await.unwrap();
+    assert_eq!(response.status_code, 200);
+}
+
 #[tokio::test]
 #[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
 async fn test_https_with_multiple_certs() {
