From ad58096f70419458780c611827ecbaf2da5082c9 Mon Sep 17 00:00:00 2001 From: Eric Seppanen Date: Wed, 24 May 2023 17:19:32 -0700 Subject: [PATCH 1/2] fail Client build if Identity + default backend + !cfg(native-tls) If ClientBuilder::build encounters a TlsBackend::Default, and cfg(native-tls) is not enabled, it doesn't know how to load the client certificate. Rather than silently ignore the attempt to use a client identity, return an error. --- src/async_impl/client.rs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/async_impl/client.rs b/src/async_impl/client.rs index 559e5f365..bfcdbf488 100644 --- a/src/async_impl/client.rs +++ b/src/async_impl/client.rs @@ -319,6 +319,13 @@ impl ClientBuilder { id.add_to_native_tls(&mut tls)?; } } + #[cfg(feature = "__rustls")] + { + // Default backend + rustls Identity doesn't work. + if let Some(_id) = config.identity { + return Err(crate::error::builder("incompatible TLS identity type")); + } + } if let Some(min_tls_version) = config.min_tls_version { let protocol = min_tls_version.to_native_tls().ok_or_else(|| { From d5eb2b57e393f28509b532b140bd6570fe12219b Mon Sep 17 00:00:00 2001 From: Eric Seppanen Date: Thu, 25 May 2023 10:13:41 -0700 Subject: [PATCH 2/2] ClientBuilder: fix build when rustls and native-tls are both enabled --- src/async_impl/client.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/async_impl/client.rs b/src/async_impl/client.rs index bfcdbf488..149f0a822 100644 --- a/src/async_impl/client.rs +++ b/src/async_impl/client.rs @@ -319,7 +319,7 @@ impl ClientBuilder { id.add_to_native_tls(&mut tls)?; } } - #[cfg(feature = "__rustls")] + #[cfg(all(feature = "__rustls", not(feature = "native-tls")))] { // Default backend + rustls Identity doesn't work. if let Some(_id) = config.identity {