Add a rustls-webpki feature, to use webpki-roots

When rusoto creates a hyper-rustls HttpsConnector, it currently calls HttpsConnector::with_native_roots directly, which hardcodes the use of rustls-native-certs. For applications that want to deploy as self-contained minimal binaries and not depend on a system certificate store, add a rustls-webpki feature, which uses webpki-roots instead.
rusoto · Jun 29, 2021 · 806a7e1 · 806a7e1
1 parent 6a2d350
commit 806a7e1
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/rusoto/core/Cargo.toml b/rusoto/core/Cargo.toml
@@ -60,6 +60,7 @@ encoding = ["flate2"]
 nightly-testing = ["rusoto_credential/nightly-testing"]
 native-tls = ["hyper-tls"]
 rustls = ["hyper-rustls"]
+rustls-webpki = ["hyper-rustls/webpki-tokio"]
 unstable = []
 
 [package.metadata.docs.rs]

diff --git a/rusoto/core/src/request.rs b/rusoto/core/src/request.rs
@@ -223,9 +223,12 @@ impl HttpClient {
         #[cfg(feature = "native-tls")]
         let connector = HttpsConnector::new();
 
-        #[cfg(feature = "rustls")]
+        #[cfg(all(feature = "rustls", not(feature = "rustls-webpki")))]
         let connector = HttpsConnector::with_native_roots();
 
+        #[cfg(feature = "rustls-webpki")]
+        let connector = HttpsConnector::with_webpki_roots();
+
         Ok(Self::from_connector(connector))
     }
 
@@ -234,9 +237,12 @@ impl HttpClient {
         #[cfg(feature = "native-tls")]
         let connector = HttpsConnector::new();
 
-        #[cfg(feature = "rustls")]
+        #[cfg(all(feature = "rustls", not(feature = "rustls-webpki")))]
         let connector = HttpsConnector::with_native_roots();
 
+        #[cfg(feature = "rustls-webpki")]
+        let connector = HttpsConnector::with_webpki_roots();
+
         Ok(Self::from_connector_with_config(connector, config))
     }