feat: allow to use webpki as roots for rustls

It is noteworthy that although this commit will allow user to enable both `rustls-native-roots` and `rustls-webpki-roots` at the same time. `hyper-proxy2` does not currently handle for this scenario and has a compile error if both features are enabled. Does not look like cargo supports disabling dependency's feature by conditionally enabled features.
librespot-org · Nov 24, 2024 · 3dd01e5 · 3dd01e5
1 parent 82076e8
commit 3dd01e5
Show file tree

Hide file tree

Showing 9 changed files with 80 additions and 20 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -32,6 +32,7 @@ version = "0.6.0-dev"
 [dependencies.librespot-core]
 path = "core"
 version = "0.6.0-dev"
+default-features = false
 
 [dependencies.librespot-discovery]
 path = "discovery"
@@ -82,7 +83,10 @@ with-libmdns = ["librespot-discovery/with-libmdns"]
 
 passthrough-decoder = ["librespot-playback/passthrough-decoder"]
 
-default = ["rodio-backend", "with-libmdns"]
+rustls-native-roots = ["librespot-core/rustls-native-roots"]
+rustls-webpki-roots = ["librespot-core/rustls-webpki-roots"]
+
+default = ["rodio-backend", "with-libmdns", "rustls-native-roots"]
 
 [package.metadata.deb]
 maintainer = "librespot-org"

diff --git a/audio/Cargo.toml b/audio/Cargo.toml
@@ -11,6 +11,7 @@ edition = "2021"
 [dependencies.librespot-core]
 path = "../core"
 version = "0.6.0-dev"
+default-features = false
 
 [dependencies]
 aes = "0.8"

diff --git a/connect/Cargo.toml b/connect/Cargo.toml
@@ -23,6 +23,7 @@ tokio-stream = "0.1"
 [dependencies.librespot-core]
 path = "../core"
 version = "0.6.0-dev"
+default-features = false
 
 [dependencies.librespot-playback]
 path = "../playback"

diff --git a/core/Cargo.toml b/core/Cargo.toml
@@ -32,8 +32,8 @@ http = "1.0"
 hyper = { version = "1.3", features = ["http1", "http2"] }
 hyper-util = { version = "0.1", features = ["client"] }
 http-body-util = "0.1.1"
-hyper-proxy2 = { version = "0.1", default-features = false, features = ["rustls"] }
-hyper-rustls = { version = "0.27.2", features = ["http2"] }
+hyper-proxy2 = { version = "0.1", default-features = false }
+hyper-rustls = { version = "0.27.2", default-features = false, features = ["aws-lc-rs", "http1", "logging", "tls12", "http2"] }
 log = "0.4"
 nonzero_ext = "0.3"
 num-bigint = { version = "0.4", features = ["rand"] }
@@ -58,7 +58,7 @@ thiserror = "1.0"
 time = { version = "0.3", features = ["formatting", "parsing"] }
 tokio = { version = "1", features = ["io-util", "macros", "net", "parking_lot", "rt", "sync", "time"] }
 tokio-stream = "0.1"
-tokio-tungstenite = { version = "0.24", default-features = false, features = ["rustls-tls-native-roots"] }
+tokio-tungstenite = { version = "0.24", default-features = false }
 tokio-util = { version = "0.7", features = ["codec"] }
 url = "2"
 uuid = { version = "1", default-features = false, features = ["fast-rng", "v4"] }
@@ -70,3 +70,16 @@ vergen-gitcl = { version = "1.0.0", default-features = false, features = ["build
 
 [dev-dependencies]
 tokio = { version = "1", features = ["macros", "parking_lot"] }
+
+[features]
+default = ["rustls-native-roots"]
+rustls-native-roots = [
+  "hyper-proxy2/rustls",
+  "hyper-rustls/native-tokio",
+  "tokio-tungstenite/rustls-tls-native-roots",
+]
+rustls-webpki-roots = [
+  "hyper-proxy2/rustls-webpki",
+  "hyper-rustls/webpki-tokio",
+  "tokio-tungstenite/rustls-tls-webpki-roots",
+]
diff --git a/core/src/http_client.rs b/core/src/http_client.rs
@@ -145,12 +145,15 @@ impl HttpClient {
 
     fn try_create_hyper_client(proxy_url: Option<&Url>) -> Result<HyperClient, Error> {
         // configuring TLS is expensive and should be done once per process
-        let https_connector = HttpsConnectorBuilder::new()
-            .with_native_roots()?
-            .https_or_http()
-            .enable_http1()
-            .enable_http2()
-            .build();
+
+        // Prefer webpki if both features are enabled, else use native roots
+        #[cfg(all(not(feature = "rustls-webpki-roots"), feature = "rustls-native-roots"))]
+        let tls = HttpsConnectorBuilder::new().with_native_roots()?;
+
+        #[cfg(feature = "rustls-webpki-roots")]
+        let tls = HttpsConnectorBuilder::new().with_webpki_roots();
+
+        let https_connector = tls.https_or_http().enable_http1().enable_http2().build();
 
         // When not using a proxy a dummy proxy is configured that will not intercept any traffic.
         // This prevents needing to carry the Client Connector generics through the whole project

diff --git a/discovery/Cargo.toml b/discovery/Cargo.toml
@@ -35,6 +35,7 @@ zbus = { version = "4", default-features = false, features = ["tokio"], optional
 [dependencies.librespot-core]
 path = "../core"
 version = "0.6.0-dev"
+default-features = false
 
 [dev-dependencies]
 futures = "0.3"

diff --git a/metadata/Cargo.toml b/metadata/Cargo.toml
@@ -21,6 +21,7 @@ serde_json = "1.0"
 [dependencies.librespot-core]
 path = "../core"
 version = "0.6.0-dev"
+default-features = false
 
 [dependencies.librespot-protocol]
 path = "../protocol"

diff --git a/playback/Cargo.toml b/playback/Cargo.toml
@@ -15,6 +15,7 @@ version = "0.6.0-dev"
 [dependencies.librespot-core]
 path = "../core"
 version = "0.6.0-dev"
+default-features = false
 
 [dependencies.librespot-metadata]
 path = "../metadata"