Add RequestBuilder methods to accept invalid TLS #40

sbstp · 2020-01-09T02:57:57Z

No description provided.

sbstp · 2020-01-09T02:58:07Z

sbstp · 2020-01-09T03:06:24Z

I did some experiments with badssl.com, and I think that accept_invalid_certs might be a superset of accept_invalid_hostnames, so the third method that sets both would not be required. I'll look further into this.

src/request.rs

adamreichold · 2020-01-09T19:16:44Z

src/streams.rs

@@ -11,6 +11,16 @@ use url::Url;
 use crate::happy;
 use crate::{ErrorKind, Result};

+pub struct ConnectInfo<'u> {


This is nice! 👍

tests/test_invalid_certs.rs

adamreichold · 2020-01-10T15:15:10Z

@sbstp I was thinking about this again and maybe we want to avoid adding nooks and crannies for all possible network scenarios to attohttpc's API, maybe we just need a public trait like

pub trait Streams {
   type Tcp: Read + Write;
   type Tls: Read + Write;

   fn connect_tcp(&mut self, host: &str, port: u16) -> io::Result<Self::Tcp>;
   fn connec_tls(&mut self, host: &str, port: u16) -> io::Result<Self::Tls>;
}

provide a default implementation using happy::connect and native_tls but expose a method like

pub struct PreparedRequest {
  pub fn send_with_streams(&mut self, streams: impl Streams) -> Result<Response> { ... }
}

This way we can remove the connect_timeout and read_timeout API as they can be replaced by this. Same goes for this certificate validation handling. It would even allow to use attohttpc with alternative TLS implementations like rustls and we can use this for testing to replace the BaseStream::Mock variant.

It would also allow third parties to avoid Happy Eyeballs if they do not want for whatever reason or to add request deadlines in any of the ways we discussed so far without making attohttpc itself much more complex. We would just need to provide documentation and example as guidance on how to do that using this trait.

adamreichold · 2020-01-10T18:26:12Z

#41 is another thing that could be resolved using the API.

sbstp · 2020-01-11T00:37:52Z

What I had in mind for this library was more of a turnkey experience, similar to Python's requests. I think there's a finite and reasonable set of features that people might expect to see in a library like this.

I'm not against offering lower level hooks that enable people to customize the library even more, but for now, I don't want to turn people away and tell them to just do it themselves.

For instance to disable tls verification in requests you just set the verify param to False.

Add RequestBuilder methods to accept invalid TLS

272a917

Fix missing cfg attribute

ea58182

adamreichold reviewed Jan 9, 2020

View reviewed changes

src/request.rs Outdated Show resolved Hide resolved

adamreichold reviewed Jan 9, 2020

View reviewed changes

src/request.rs Outdated Show resolved Hide resolved

adamreichold reviewed Jan 9, 2020

View reviewed changes

tests/test_invalid_certs.rs Outdated Show resolved Hide resolved

Fix nits

cd8b283

sbstp merged commit 461bb46 into master Jan 11, 2020

sbstp deleted the allow-insecure branch January 11, 2020 03:12

sbstp mentioned this pull request Jan 11, 2020

Feature: Low-level hooks / custom connectors #42

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add RequestBuilder methods to accept invalid TLS #40

Add RequestBuilder methods to accept invalid TLS #40

sbstp commented Jan 9, 2020

sbstp commented Jan 9, 2020

sbstp commented Jan 9, 2020

adamreichold Jan 9, 2020

adamreichold commented Jan 10, 2020

adamreichold commented Jan 10, 2020

sbstp commented Jan 11, 2020

Add RequestBuilder methods to accept invalid TLS #40

Add RequestBuilder methods to accept invalid TLS #40

Conversation

sbstp commented Jan 9, 2020

sbstp commented Jan 9, 2020

sbstp commented Jan 9, 2020

adamreichold Jan 9, 2020

Choose a reason for hiding this comment

adamreichold commented Jan 10, 2020

adamreichold commented Jan 10, 2020

sbstp commented Jan 11, 2020