From 074661af2ebd516e320cd900371be73e9d0bee3b Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 15 Nov 2021 16:59:03 +0100 Subject: [PATCH] Make it an error to connect to a https URL without TLS --- tonic/src/transport/service/connector.rs | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tonic/src/transport/service/connector.rs b/tonic/src/transport/service/connector.rs index d0625ef0b..31ed3bb31 100644 --- a/tonic/src/transport/service/connector.rs +++ b/tonic/src/transport/service/connector.rs @@ -5,6 +5,7 @@ use super::tls::TlsConnector; use http::Uri; #[cfg(feature = "tls-roots-common")] use std::convert::TryInto; +use std::fmt; use std::task::{Context, Poll}; use tower::make::MakeConnection; use tower_service::Service; @@ -78,9 +79,17 @@ where #[cfg(feature = "tls-roots-common")] let tls = self.tls_or_default(uri.scheme_str(), uri.host()); + let is_https = uri.scheme_str() == Some("https"); let connect = self.inner.make_connection(uri); Box::pin(async move { + #[cfg(not(feature = "tls"))] + { + if is_https { + return Err(HttpsUriWithoutTlsSupport(()).into()); + } + } + let io = connect.await?; #[cfg(feature = "tls")] @@ -88,6 +97,8 @@ where if let Some(tls) = tls { let conn = tls.connect(io).await?; return Ok(BoxedIo::new(conn)); + } else if is_https { + return Err(HttpsUriWithoutTlsSupport(()).into()); } } @@ -95,3 +106,16 @@ where }) } } + +/// Error returned when trying to connect to an HTTPS endpoint without TLS enabled. +#[derive(Debug)] +pub(crate) struct HttpsUriWithoutTlsSupport(()); + +impl fmt::Display for HttpsUriWithoutTlsSupport { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "Connecting to HTTPS without TLS enabled") + } +} + +// std::error::Error only requires a type to impl Debug and Display +impl std::error::Error for HttpsUriWithoutTlsSupport {}