Skip to content

Commit

Permalink
perf: load TLS certs only for https (#7450)
Browse files Browse the repository at this point in the history
  • Loading branch information
DaniPopes authored Mar 19, 2024
1 parent af8685f commit a064b63
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 17 deletions.
4 changes: 3 additions & 1 deletion crates/common/src/provider/runtime_transport.rs
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,9 @@ impl RuntimeTransport {

/// Connects to an HTTP [alloy_transport_http::Http] transport.
async fn connect_http(&self) -> Result<InnerTransport, RuntimeTransportError> {
let mut client_builder = reqwest::Client::builder().timeout(self.timeout);
let mut client_builder = reqwest::Client::builder()
.timeout(self.timeout)
.tls_built_in_root_certs(self.url.scheme() == "https");
let mut headers = reqwest::header::HeaderMap::new();

// If there's a JWT, add it to the headers if we can decode it.
Expand Down
36 changes: 20 additions & 16 deletions crates/config/src/etherscan.rs
Original file line number Diff line number Diff line change
Expand Up @@ -306,32 +306,29 @@ impl ResolvedEtherscanConfig {
let (mainnet_api, mainnet_url) = NamedChain::Mainnet.etherscan_urls().expect("exist; qed");

let cache = chain
.or_else(|| {
if api_url == mainnet_api {
// try to match against mainnet, which is usually the most common target
Some(NamedChain::Mainnet.into())
} else {
None
}
})
// try to match against mainnet, which is usually the most common target
.or_else(|| (api_url == mainnet_api).then(Chain::mainnet))
.and_then(Config::foundry_etherscan_chain_cache_dir);

if let Some(ref cache_path) = cache {
if let Some(cache_path) = &cache {
// we also create the `sources` sub dir here
if let Err(err) = std::fs::create_dir_all(cache_path.join("sources")) {
warn!("could not create etherscan cache dir: {:?}", err);
}
}

let api_url = into_url(&api_url)?;
let client = reqwest::Client::builder()
.user_agent(ETHERSCAN_USER_AGENT)
.tls_built_in_root_certs(api_url.scheme() == "https")
.build()?;
foundry_block_explorers::Client::builder()
.with_client(reqwest::Client::builder().user_agent(ETHERSCAN_USER_AGENT).build()?)
.with_client(client)
.with_api_key(api_key)
.with_api_url(api_url.as_str())?
.with_url(
// the browser url is not used/required by the client so we can simply set the
// mainnet browser url here
browser_url.as_deref().unwrap_or(mainnet_url),
)?
.with_api_url(api_url)?
// the browser url is not used/required by the client so we can simply set the
// mainnet browser url here
.with_url(browser_url.as_deref().unwrap_or(mainnet_url))?
.with_cache(cache, Duration::from_secs(24 * 60 * 60))
.build()
}
Expand Down Expand Up @@ -419,6 +416,13 @@ impl fmt::Display for EtherscanApiKey {
}
}

/// This is a hack to work around `IntoUrl`'s sealed private functions, which can't be called
/// normally.
#[inline]
fn into_url(url: impl reqwest::IntoUrl) -> std::result::Result<reqwest::Url, reqwest::Error> {
url.into_url()
}

#[cfg(test)]
mod tests {
use super::*;
Expand Down

0 comments on commit a064b63

Please sign in to comment.