native-tls https fix

ton-anywhere · ton-anywhere · commit 4840954ba49b · 2026-03-20T01:57:17.000+01:00
diff --git a/bitreq/src/connection.rs b/bitreq/src/connection.rs
@@ -29,14 +29,14 @@ use crate::{Error, Method, ResponseLazy};
 
 type UnsecuredStream = TcpStream;
 
-#[cfg(feature = "rustls")]
+#[cfg(any(feature = "rustls", feature = "native-tls"))]
 mod rustls_stream;
-#[cfg(feature = "rustls")]
+#[cfg(any(feature = "rustls", feature = "native-tls"))]
 type SecuredStream = rustls_stream::SecuredStream;
 
 pub(crate) enum HttpStream {
     Unsecured(UnsecuredStream, Option<Instant>),
-    #[cfg(feature = "rustls")]
+    #[cfg(any(feature = "rustls", feature = "native-tls"))]
     Secured(Box<SecuredStream>, Option<Instant>),
     #[cfg(feature = "async")]
     Buffer(std::io::Cursor<Vec<u8>>),
@@ -81,7 +81,7 @@ impl Read for HttpStream {
                 timeout(inner, *timeout_at)?;
                 inner.read(buf)
             }
-            #[cfg(feature = "rustls")]
+            #[cfg(any(feature = "rustls", feature = "native-tls"))]
             HttpStream::Secured(inner, timeout_at) => {
                 timeout(inner.get_ref(), *timeout_at)?;
                 inner.read(buf)
@@ -111,7 +111,7 @@ impl Write for HttpStream {
                 set_socket_write_timeout(inner, *timeout_at)?;
                 inner.write(buf)
             }
-            #[cfg(feature = "rustls")]
+            #[cfg(any(feature = "rustls", feature = "native-tls"))]
             HttpStream::Secured(inner, timeout_at) => {
                 set_socket_write_timeout(inner.get_ref(), *timeout_at)?;
                 inner.write(buf)
@@ -137,7 +137,7 @@ impl Write for HttpStream {
                 set_socket_write_timeout(inner, *timeout_at)?;
                 inner.flush()
             }
-            #[cfg(feature = "rustls")]
+            #[cfg(any(feature = "rustls", feature = "native-tls"))]
             HttpStream::Secured(inner, timeout_at) => {
                 set_socket_write_timeout(inner.get_ref(), *timeout_at)?;
                 inner.flush()
@@ -158,13 +158,13 @@ impl Write for HttpStream {
     }
 }
 
-#[cfg(feature = "tokio-rustls")]
+#[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
 type AsyncSecuredStream = rustls_stream::AsyncSecuredStream;
 
 #[cfg(feature = "async")]
 pub(crate) enum AsyncHttpStream {
     Unsecured(AsyncTcpStream),
-    #[cfg(feature = "tokio-rustls")]
+    #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
     Secured(Box<AsyncSecuredStream>),
 }
 
@@ -177,7 +177,7 @@ impl AsyncRead for AsyncHttpStream {
     ) -> Poll<io::Result<()>> {
         match &mut *self {
             AsyncHttpStream::Unsecured(inner) => Pin::new(inner).poll_read(cx, buf),
-            #[cfg(feature = "tokio-rustls")]
+            #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
             AsyncHttpStream::Secured(inner) => Pin::new(inner).poll_read(cx, buf),
         }
     }
@@ -192,23 +192,23 @@ impl AsyncWrite for AsyncHttpStream {
     ) -> Poll<io::Result<usize>> {
         match &mut *self {
             AsyncHttpStream::Unsecured(inner) => Pin::new(inner).poll_write(cx, buf),
-            #[cfg(feature = "tokio-rustls")]
+            #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
             AsyncHttpStream::Secured(inner) => Pin::new(inner).poll_write(cx, buf),
         }
     }
 
     fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
         match &mut *self {
             AsyncHttpStream::Unsecured(inner) => Pin::new(inner).poll_flush(cx),
-            #[cfg(feature = "tokio-rustls")]
+            #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
             AsyncHttpStream::Secured(inner) => Pin::new(inner).poll_flush(cx),
         }
     }
 
     fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
         match &mut *self {
             AsyncHttpStream::Unsecured(inner) => Pin::new(inner).poll_shutdown(cx),
-            #[cfg(feature = "tokio-rustls")]
+            #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
             AsyncHttpStream::Secured(inner) => Pin::new(inner).poll_shutdown(cx),
         }
     }
@@ -271,10 +271,8 @@ impl AsyncConnection {
             let socket = Self::connect(params).await?;
 
             if params.https {
-                #[cfg(not(feature = "tokio-rustls"))]
-                return Err(Error::HttpsFeatureNotEnabled);
-                #[cfg(feature = "tokio-rustls")]
-                rustls_stream::wrap_async_stream(socket, params.host).await
+                // temp call
+                Self::wrap_async_stream(socket, params.host).await
             } else {
                 Ok(AsyncHttpStream::Unsecured(socket))
             }
@@ -298,6 +296,23 @@ impl AsyncConnection {
         }))))
     }
 
+    /// Temp Method implementation
+    #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
+    async fn wrap_async_stream(
+        socket: AsyncTcpStream,
+        host: &str,
+    ) -> Result<AsyncHttpStream, Error> {
+        rustls_stream::wrap_async_stream(socket, host).await
+    }
+
+    /// Temp Method implementation
+    #[cfg(not(any(feature = "tokio-rustls", feature = "tokio-native-tls")))]
+    async fn wrap_async_stream(
+        _socket: AsyncTcpStream,
+        _host: &str,
+    ) -> Result<AsyncHttpStream, Error> {
+        Err(Error::HttpsFeatureNotEnabled)
+    }
     async fn tcp_connect(host: &str, port: u16) -> Result<AsyncTcpStream, Error> {
         #[cfg(feature = "log")]
         log::trace!("Looking up host {host}");
@@ -653,13 +668,10 @@ impl Connection {
         let socket = Self::connect(params, timeout_at)?;
 
         let stream = if params.https {
-            #[cfg(not(feature = "rustls"))]
+            #[cfg(not(any(feature = "rustls", feature = "native-tls")))]
             return Err(Error::HttpsFeatureNotEnabled);
-            #[cfg(feature = "rustls")]
-            {
-                let tls = rustls_stream::wrap_stream(socket, params.host)?;
-                HttpStream::Secured(Box::new(tls), timeout_at)
-            }
+            #[cfg(any(feature = "rustls", feature = "native-tls"))]
+            rustls_stream::wrap_stream(socket, params.host)?
         } else {
             HttpStream::create_unsecured(socket, timeout_at)
         };
diff --git a/bitreq/src/connection/rustls_stream.rs b/bitreq/src/connection/rustls_stream.rs
@@ -5,6 +5,7 @@
 use alloc::sync::Arc;
 #[cfg(feature = "rustls")]
 use core::convert::TryFrom;
+#[cfg(any(feature = "rustls", feature = "native-tls"))]
 use std::io;
 use std::net::TcpStream;
 use std::sync::OnceLock;
@@ -20,9 +21,12 @@ use tokio_rustls::{client::TlsStream, TlsConnector};
 #[cfg(feature = "rustls-webpki")]
 use webpki_roots::TLS_SERVER_ROOTS;
 
-#[cfg(feature = "tokio-rustls")]
-use super::{AsyncHttpStream, AsyncTcpStream};
-#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+#[cfg(any(feature = "rustls", feature = "native-tls"))]
+use super::HttpStream;
+#[cfg(any(
+    all(feature = "native-tls", feature = "tokio-native-tls"),
+    all(feature = "rustls", feature = "tokio-rustls")
+))]
 use super::{AsyncHttpStream, AsyncTcpStream};
 use crate::Error;
 
@@ -64,7 +68,7 @@ fn build_client_config() -> Arc<ClientConfig> {
 }
 
 #[cfg(feature = "rustls")]
-pub(super) fn wrap_stream(tcp: TcpStream, host: &str) -> Result<SecuredStream, Error> {
+pub(super) fn wrap_stream(tcp: TcpStream, host: &str) -> Result<HttpStream, Error> {
     #[cfg(feature = "log")]
     log::trace!("Setting up TLS parameters for {host}.");
     let dns_name = match ServerName::try_from(host) {
@@ -73,10 +77,12 @@ pub(super) fn wrap_stream(tcp: TcpStream, host: &str) -> Result<SecuredStream, E
     };
     let sess = ClientConnection::new(CONFIG.get_or_init(build_client_config).clone(), dns_name)
         .map_err(Error::RustlsCreateConnection)?;
+    let tls = StreamOwned::new(sess, tcp);
 
     #[cfg(feature = "log")]
     log::trace!("Establishing TLS session to {host}.");
-    Ok(StreamOwned::new(sess, tcp))
+
+    Ok(HttpStream::Secured(Box::new(tls), None))
 }
 
 // Async rustls TLS implementation
@@ -115,7 +121,7 @@ static CONNECTOR: OnceLock<Result<TlsConnector, Error>> = OnceLock::new();
 #[cfg(all(feature = "native-tls", not(feature = "rustls")))]
 fn native_tls_err<S>(e: HandshakeError<S>) -> Error {
     match e {
-        HandshakeError::Failure(e) => Error::NativeTlsError(e),
+        HandshakeError::Failure(err) => Error::NativeTlsCreateConnection(err),
         HandshakeError::WouldBlock(_) => {
             debug_assert!(false, "We shouldn't hit a blocking error");
             Error::Other("Got a WouldBlock error from native-tls")
@@ -125,22 +131,27 @@ fn native_tls_err<S>(e: HandshakeError<S>) -> Error {
 
 #[cfg(all(feature = "native-tls", not(feature = "rustls")))]
 fn build_tls_connector() -> Result<TlsConnector, Error> {
-    TlsConnector::builder().build().map_err(Error::NativeTlsError)
+    TlsConnector::builder().build().map_err(Error::from)
 }
 
 #[cfg(all(feature = "native-tls", not(feature = "rustls")))]
-pub(super) fn wrap_stream(tcp: TcpStream, host: &str) -> Result<SecuredStream, Error> {
+pub(super) fn wrap_stream(tcp: TcpStream, host: &str) -> Result<HttpStream, Error> {
     #[cfg(feature = "log")]
     log::trace!("Setting up TLS parameters for {host}.");
 
     // TODO: Once we can `get_or_try_init`, so that instead
     // https://github.com/rust-lang/rust/issues/109737
-    let connector = CONNECTOR.get_or_init(build_tls_connector)?;
+    let connector = match CONNECTOR.get_or_init(build_tls_connector) {
+        Ok(c) => c.clone(),
+        Err(err) => return Err(Error::IoError(io::Error::new(io::ErrorKind::Other, err))),
+    };
 
     #[cfg(feature = "log")]
     log::trace!("Establishing TLS session to {host}.");
 
-    connector.connect(host, tcp).map_err(native_tls_err)
+    let tls = connector.connect(host, tcp).map_err(native_tls_err)?;
+
+    Ok(HttpStream::Secured(Box::new(tls), None))
 }
 
 #[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
@@ -156,12 +167,36 @@ pub(super) async fn wrap_async_stream(
 
     // TODO: Once we can `get_or_try_init`, so that instead
     // https://github.com/rust-lang/rust/issues/109737
-    let connector = AsyncTlsConnector::from(CONNECTOR.get_or_init(build_tls_connector)?.clone());
+    let sync_connector = match CONNECTOR.get_or_init(build_tls_connector) {
+        Ok(c) => c.clone(),
+        Err(err) => return Err(Error::IoError(io::Error::new(io::ErrorKind::Other, err))),
+    };
+
+    let async_connector = AsyncTlsConnector::from(sync_connector);
 
     #[cfg(feature = "log")]
     log::trace!("Establishing TLS session to {host}.");
 
-    let tls = connector.connect(host, tcp).await.map_err(native_tls_err)?;
+    let tls = async_connector.connect(host, tcp).await?;
 
     Ok(AsyncHttpStream::Secured(Box::new(tls)))
 }
+
+// #[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+// pub(super) async fn wrap_async_stream_with_configs(
+//     tcp: AsyncTcpStream,
+//     host: &str,
+//     client_configs: Certificates,
+// ) -> Result<AsyncHttpStream, Error> {
+//     #[cfg(feature = "log")]
+//     log::trace!("Setting up TLS parameters for {host}.");
+
+//     let async_connector = client_configs.0;
+
+//     #[cfg(feature = "log")]
+//     log::trace!("Establishing TLS session to {host}.");
+
+//     let tls = async_connector.connect(host, tcp).await?;
+
+//     Ok(AsyncHttpStream::Secured(Box::new(tls)))
+// }
diff --git a/bitreq/src/error.rs b/bitreq/src/error.rs
@@ -105,7 +105,7 @@ impl fmt::Display for Error {
             #[cfg(feature = "rustls")]
             RustlsCreateConnection(err) => write!(f, "error creating rustls connection: {}", err),
             #[cfg(feature = "native-tls")]
-            NativeTlsCreateConnection(err) => write!(f, "error creating native-tls connection: {err}"),
+            NativeTlsCreateConnection(err) => write!(f, "error creating native-tls connection: {}", err),
             MalformedChunkLength => write!(f, "non-usize chunk length with transfer-encoding: chunked"),
             MalformedChunkEnd => write!(f, "chunk did not end after reading the expected amount of bytes"),
             MalformedContentLength => write!(f, "non-usize content length"),
@@ -160,3 +160,8 @@ impl From<io::Error> for Error {
 impl From<UrlParseError> for Error {
     fn from(other: UrlParseError) -> Error { Error::InvalidUrl(other) }
 }
+
+#[cfg(feature = "native-tls")]
+impl From<native_tls::Error> for Error {
+    fn from(err: native_tls::Error) -> Error { Error::NativeTlsCreateConnection(err) }
+}
diff --git a/bitreq/tests/main.rs b/bitreq/tests/main.rs
@@ -16,6 +16,33 @@ async fn test_https() {
     assert_eq!(get_status_code(bitreq::get("https://example.com")).await, 200);
 }
 
+#[tokio::test]
+#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+async fn test_https() {
+    // TODO: Implement this locally.
+    assert_eq!(get_status_code(bitreq::get("https://example.com")).await, 200);
+    // Test reusing the existing connection in client:
+    assert_eq!(get_status_code(bitreq::get("https://example.com")).await, 200);
+}
+
+#[tokio::test]
+#[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+async fn test_https_with_client() {
+    setup();
+    let client = bitreq::Client::new(1);
+    let response = client.send_async(bitreq::get("https://example.com")).await.unwrap();
+    assert_eq!(response.status_code, 200);
+}
+
+#[tokio::test]
+#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+async fn test_https_with_client() {
+    setup();
+    let client = bitreq::Client::new(1);
+    let response = client.send_async(bitreq::get("https://example.com")).await.unwrap();
+    assert_eq!(response.status_code, 200);
+}
+
 #[tokio::test]
 #[cfg(feature = "json-using-serde")]
 async fn test_json_using_serde() {
