RubyGems - wreq-rb - Versions diffs - 0.5.0 → 0.5.1 - Mend

wreq-rb 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

checksums.yaml +4 -4
data/Cargo.lock +1922 -397
data/LICENSE +203 -0
data/README.md +19 -15
data/ext/wreq_rb/Cargo.toml +4 -6
data/ext/wreq_rb/src/client.rs +41 -48
data/lib/wreq-rb/version.rb +1 -1
data/patches/0001-add-transfer-size-tracking.patch +76 -67
data/vendor/wreq/Cargo.toml +119 -71
data/vendor/wreq/README.md +25 -20
data/vendor/wreq/bench/http1.rs +25 -0
data/vendor/wreq/bench/http1_over_tls.rs +25 -0
data/vendor/wreq/bench/http2.rs +25 -0
data/vendor/wreq/bench/http2_over_tls.rs +25 -0
data/vendor/wreq/bench/support/bench.rs +91 -0
data/vendor/wreq/bench/support/client.rs +217 -0
data/vendor/wreq/bench/support/server.rs +188 -0
data/vendor/wreq/bench/support.rs +56 -0
data/vendor/wreq/examples/cert_store.rs +4 -4
data/vendor/wreq/examples/{emulation.rs → emulate.rs} +2 -2
data/vendor/wreq/examples/http2_websocket.rs +2 -2
data/vendor/wreq/examples/keylog.rs +3 -3
data/vendor/wreq/examples/{request_with_emulation.rs → request_with_emulate.rs} +2 -2
data/vendor/wreq/examples/rt.rs +23 -0
data/vendor/wreq/src/client/body.rs +23 -61
data/vendor/wreq/src/client/emulate.rs +119 -0
data/vendor/wreq/src/client/{http/future.rs → future.rs} +11 -32
data/vendor/wreq/src/client/{http → layer}/client/pool.rs +66 -61
data/vendor/wreq/src/client/{http → layer}/client.rs +416 -270
data/vendor/wreq/src/client/layer/config.rs +27 -6
data/vendor/wreq/src/client/layer/decoder.rs +9 -4
data/vendor/wreq/src/client/layer/redirect/future.rs +6 -3
data/vendor/wreq/src/client/layer/redirect.rs +4 -5
data/vendor/wreq/src/client/layer/retry.rs +8 -5
data/vendor/wreq/src/client/layer/timeout/body.rs +15 -6
data/vendor/wreq/src/client/layer/timeout/future.rs +23 -18
data/vendor/wreq/src/client/layer/timeout.rs +24 -74
data/vendor/wreq/src/client/layer.rs +1 -2
data/vendor/wreq/src/client/multipart.rs +137 -154
data/vendor/wreq/src/client/request.rs +202 -118
data/vendor/wreq/src/client/response.rs +46 -45
data/vendor/wreq/src/client/upgrade.rs +15 -0
data/vendor/wreq/src/client/ws.rs +73 -25
data/vendor/wreq/src/client.rs +1655 -17
data/vendor/wreq/src/config.rs +11 -11
data/vendor/wreq/src/{client/conn → conn}/connector.rs +139 -137
data/vendor/wreq/src/conn/descriptor.rs +143 -0
data/vendor/wreq/src/conn/http.rs +484 -0
data/vendor/wreq/src/conn/net/io.rs +75 -0
data/vendor/wreq/src/conn/net/tcp/compio.rs +71 -0
data/vendor/wreq/src/conn/net/tcp/tokio.rs +57 -0
data/vendor/wreq/src/conn/net/tcp.rs +561 -0
data/vendor/wreq/src/conn/net/uds/compio.rs +60 -0
data/vendor/wreq/src/{client/conn/uds.rs → conn/net/uds/tokio.rs} +18 -12
data/vendor/wreq/src/conn/net/uds.rs +11 -0
data/vendor/wreq/src/conn/net.rs +130 -0
data/vendor/wreq/src/{client/conn → conn}/proxy/socks.rs +2 -9
data/vendor/wreq/src/{client/conn → conn}/proxy/tunnel.rs +21 -56
data/vendor/wreq/src/conn/tls_info.rs +47 -0
data/vendor/wreq/src/{client/conn.rs → conn.rs} +202 -54
data/vendor/wreq/src/cookie.rs +302 -142
data/vendor/wreq/src/dns/gai/compio.rs +77 -0
data/vendor/wreq/src/dns/gai/tokio.rs +90 -0
data/vendor/wreq/src/dns/gai.rs +14 -164
data/vendor/wreq/src/dns/hickory.rs +16 -23
data/vendor/wreq/src/dns/resolve.rs +7 -41
data/vendor/wreq/src/dns.rs +90 -7
data/vendor/wreq/src/error.rs +57 -31
data/vendor/wreq/src/ext.rs +25 -0
data/vendor/wreq/src/group.rs +211 -0
data/vendor/wreq/src/header.rs +100 -112
data/vendor/wreq/src/lib.rs +124 -73
data/vendor/wreq/src/proxy.rs +6 -20
data/vendor/wreq/src/redirect.rs +1 -1
data/vendor/wreq/src/rt.rs +208 -0
data/vendor/wreq/src/sync.rs +97 -98
data/vendor/wreq/src/tls/compress.rs +124 -0
data/vendor/wreq/src/tls/conn/ext.rs +54 -45
data/vendor/wreq/src/tls/conn/service.rs +14 -18
data/vendor/wreq/src/tls/conn.rs +169 -241
data/vendor/wreq/src/tls/keylog.rs +68 -5
data/vendor/wreq/src/tls/session.rs +205 -0
data/vendor/wreq/src/tls/{x509 → trust}/identity.rs +4 -21
data/vendor/wreq/src/tls/{x509/parser.rs → trust/parse.rs} +1 -1
data/vendor/wreq/src/tls/{x509 → trust}/store.rs +42 -81
data/vendor/wreq/src/tls/{x509.rs → trust.rs} +8 -2
data/vendor/wreq/src/tls.rs +489 -25
data/vendor/wreq/src/trace.rs +0 -12
data/vendor/wreq/src/util.rs +1 -1
data/vendor/wreq/tests/badssl.rs +10 -10
data/vendor/wreq/tests/client.rs +3 -9
data/vendor/wreq/tests/cookie.rs +6 -8
data/vendor/wreq/tests/{emulation.rs → emulate.rs} +130 -22
data/vendor/wreq/tests/multipart.rs +43 -1
data/vendor/wreq/tests/proxy.rs +1 -1
data/vendor/wreq/tests/support/layer.rs +1 -0
metadata +49 -71
data/patches/0002-add-cancel-connections.patch +0 -181
data/vendor/wreq/src/client/conn/conn.rs +0 -231
data/vendor/wreq/src/client/conn/http.rs +0 -1023
data/vendor/wreq/src/client/conn/tls_info.rs +0 -98
data/vendor/wreq/src/client/core/body/incoming.rs +0 -485
data/vendor/wreq/src/client/core/body/length.rs +0 -118
data/vendor/wreq/src/client/core/body.rs +0 -34
data/vendor/wreq/src/client/core/common/buf.rs +0 -149
data/vendor/wreq/src/client/core/common/rewind.rs +0 -141
data/vendor/wreq/src/client/core/common/watch.rs +0 -76
data/vendor/wreq/src/client/core/common.rs +0 -3
data/vendor/wreq/src/client/core/conn/http1.rs +0 -342
data/vendor/wreq/src/client/core/conn/http2.rs +0 -307
data/vendor/wreq/src/client/core/conn.rs +0 -11
data/vendor/wreq/src/client/core/dispatch.rs +0 -299
data/vendor/wreq/src/client/core/error.rs +0 -435
data/vendor/wreq/src/client/core/ext.rs +0 -201
data/vendor/wreq/src/client/core/http1.rs +0 -178
data/vendor/wreq/src/client/core/http2.rs +0 -483
data/vendor/wreq/src/client/core/proto/h1/conn.rs +0 -988
data/vendor/wreq/src/client/core/proto/h1/decode.rs +0 -1170
data/vendor/wreq/src/client/core/proto/h1/dispatch.rs +0 -684
data/vendor/wreq/src/client/core/proto/h1/encode.rs +0 -580
data/vendor/wreq/src/client/core/proto/h1/io.rs +0 -879
data/vendor/wreq/src/client/core/proto/h1/role.rs +0 -694
data/vendor/wreq/src/client/core/proto/h1.rs +0 -104
data/vendor/wreq/src/client/core/proto/h2/client.rs +0 -650
data/vendor/wreq/src/client/core/proto/h2/ping.rs +0 -539
data/vendor/wreq/src/client/core/proto/h2.rs +0 -379
data/vendor/wreq/src/client/core/proto/headers.rs +0 -138
data/vendor/wreq/src/client/core/proto.rs +0 -58
data/vendor/wreq/src/client/core/rt/bounds.rs +0 -57
data/vendor/wreq/src/client/core/rt/timer.rs +0 -150
data/vendor/wreq/src/client/core/rt/tokio.rs +0 -99
data/vendor/wreq/src/client/core/rt.rs +0 -25
data/vendor/wreq/src/client/core/upgrade.rs +0 -267
data/vendor/wreq/src/client/core.rs +0 -16
data/vendor/wreq/src/client/emulation.rs +0 -161
data/vendor/wreq/src/client/http/client/error.rs +0 -142
data/vendor/wreq/src/client/http/client/exec.rs +0 -29
data/vendor/wreq/src/client/http/client/extra.rs +0 -77
data/vendor/wreq/src/client/http/client/util.rs +0 -104
data/vendor/wreq/src/client/http.rs +0 -1629
data/vendor/wreq/src/client/layer/config/options.rs +0 -156
data/vendor/wreq/src/client/layer/cookie.rs +0 -161
data/vendor/wreq/src/hash.rs +0 -143
data/vendor/wreq/src/tls/conn/cache.rs +0 -123
data/vendor/wreq/src/tls/conn/cert_compression.rs +0 -125
data/vendor/wreq/src/tls/keylog/handle.rs +0 -64
data/vendor/wreq/src/tls/options.rs +0 -464
/data/vendor/wreq/src/client/{http → layer}/client/lazy.rs +0 -0
/data/vendor/wreq/src/{client/conn → conn}/proxy.rs +0 -0
/data/vendor/wreq/src/{client/conn → conn}/verbose.rs +0 -0

data/vendor/wreq/src/tls/keylog.rs CHANGED Viewed

@@ -6,10 +6,6 @@
 //! The [`KeyLog`] enum lets you control key log behavior, either by respecting the
 //! `SSLKEYLOGFILE` environment variable or by specifying a custom file path. Handles are cached
 //! globally to avoid duplicate file access.
-//!
-//! Use [`KeyLog::handle`] to obtain a [`Handle`] for writing keys.
-mod handle;
 use std::{
     borrow::Cow,
@@ -51,7 +47,7 @@ impl KeyLog {
             .0
             .ok_or_else(|| Error::new(ErrorKind::NotFound, "KeyLog: file path is not specified"))?;
-        let cache = GLOBAL_KEYLOG_CACHE.get_or_init(Default::default);
+        let cache = GLOBAL_KEYLOG_CACHE.get_or_init(RwLock::default);
         if let Some(handle) = cache.read().get(path.as_ref()).cloned() {
             return Ok(handle);
         }
@@ -97,3 +93,70 @@ where
     }
     ret
 }
+mod handle {
+    use std::{
+        fs::OpenOptions,
+        io::{Result, Write},
+        path::Path,
+        sync::{
+            Arc,
+            mpsc::{self, Sender},
+        },
+    };
+    /// Handle for writing to a key log file.
+    #[derive(Debug, Clone)]
+    pub struct Handle {
+        #[allow(unused)]
+        filepath: Arc<Path>,
+        sender: Sender<String>,
+    }
+    impl Handle {
+        /// Create a new [`Handle`] with the specified path and sender.
+        pub fn new(filepath: Arc<Path>) -> Result<Self> {
+            if let Some(parent) = filepath.parent() {
+                std::fs::create_dir_all(parent)?;
+            }
+            let mut file = OpenOptions::new()
+                .create(true)
+                .append(true)
+                .open(&filepath)?;
+            let (sender, receiver) = mpsc::channel::<String>();
+            let _path_name = filepath.clone();
+            std::thread::spawn(move || {
+                trace!(
+                    file = ?_path_name,
+                    "Handle: receiver task up and running",
+                );
+                while let Ok(line) = receiver.recv() {
+                    if let Err(_err) = file.write_all(line.as_bytes()) {
+                        error!(
+                            file = ?_path_name,
+                            error = %_err,
+                            "Handle: failed to write file",
+                        );
+                    }
+                }
+            });
+            Ok(Handle { filepath, sender })
+        }
+        /// Write a line to the keylogger.
+        pub fn write(&self, line: &str) {
+            let line = format!("{line}\n");
+            if let Err(_err) = self.sender.send(line) {
+                error!(
+                    file = ?self.filepath,
+                    error = %_err,
+                    "Handle: failed to send log line for writing",
+                );
+            }
+        }
+    }
+}

data/vendor/wreq/src/tls/session.rs ADDED Viewed

@@ -0,0 +1,205 @@
+//! TLS session caching and resumption.
+//!
+//! Handshakes are expensive. This module lets you reuse sessions to save
+//! CPU cycles and reduce latency.
+//!
+//! By default, we use an in-memory LRU cache, but you can plug in your own
+//! implementation if you're running at scale or need to share sessions
+//! across multiple instances.
+use std::{
+    borrow::Borrow,
+    collections::{HashMap, hash_map::Entry},
+    hash::{Hash, Hasher},
+    num::NonZeroUsize,
+    sync::Arc,
+};
+use btls::ssl::{SslSession, SslVersion};
+use lru::LruCache;
+use crate::{conn::descriptor::ConnectionId, sync::Mutex, tls::TlsVersion};
+/// An opaque key identifying a TLS session cache entry.
+#[derive(Clone, PartialEq, Eq, Hash)]
+pub struct Key(pub(super) ConnectionId);
+/// A TLS session that can be stored and retrieved from a session cache.
+#[derive(Clone)]
+pub struct TlsSession(pub(super) SslSession);
+/// A trait for cache storing and retrieving TLS sessions.
+///
+/// # TLS 1.3 Session Handling
+///
+/// For TLS 1.3 sessions, implementations **should** remove the session after
+/// retrieval to comply with [RFC 8446 Appendix C.4](https://tools.ietf.org/html/rfc8446#appendix-C.4),
+/// which requires that session tickets are used at most once to prevent
+/// concurrent handshakes from reusing the same session.
+pub trait TlsSessionCache: Send + Sync {
+    /// Store a TLS session associated with the given key.
+    fn put(&self, key: Key, session: TlsSession);
+    /// Retrieve a TLS session for the given key.
+    ///
+    /// For TLS 1.3, the session should be removed from the cache upon retrieval
+    /// to ensure single-use semantics (see [RFC 8446 Appendix C.4]).
+    fn pop(&self, key: &Key) -> Option<TlsSession>;
+}
+impl_into_shared!(
+    /// Trait for converting types into a shared [`TlsSessionCache`].
+    ///
+    /// This allows accepting bare types, `Arc<T>`, or `Arc<dyn TlsSessionCache>`.
+    pub trait IntoTlsSessionCache => TlsSessionCache
+);
+/// The default two-level LRU session cache.
+///
+/// Maintains both forward (key → sessions) and reverse (session → key) lookups
+/// for efficient session storage, retrieval, and cleanup operations.
+///
+/// This is the built-in implementation of [`TlsSessionCache`] used when no
+/// custom session store is configured.
+pub struct LruTlsSessionCache {
+    inner: Mutex<Inner>,
+    per_host_session_capacity: usize,
+}
+struct Inner {
+    reverse: HashMap<TlsSession, Key>,
+    per_host_sessions: HashMap<Key, LruCache<TlsSession, ()>>,
+}
+// ===== impl TlsSession =====
+impl TlsSession {
+    /// Returns the TLS session ID.
+    #[inline]
+    pub fn id(&self) -> &[u8] {
+        self.0.id()
+    }
+    /// Returns the time at which the session was established, in seconds since the Unix epoch.
+    #[inline]
+    pub fn time(&self) -> u64 {
+        self.0.time()
+    }
+    /// Returns the sessions timeout, in seconds.
+    ///
+    /// A session older than this time should not be used for session resumption.
+    #[inline]
+    pub fn timeout(&self) -> u32 {
+        self.0.timeout()
+    }
+    /// Returns the TLS protocol version negotiated for this session.
+    #[inline]
+    pub fn protocol_version(&self) -> TlsVersion {
+        let version = self.0.protocol_version();
+        if version == SslVersion::SSL3 {
+            // SSLv3 (SSL 3.0) is obsolete and insecure, and is not supported by btls.
+            // This branch should never be reached in normal operation. If it is,
+            // it indicates a bug or an unsupported/legacy OpenSSL configuration.
+            unreachable!(
+                "Encountered unsupported protocol: SSLv3 (SSL 3.0) is obsolete and not accepted by btls"
+            );
+        }
+        TlsVersion(version)
+    }
+}
+impl Eq for TlsSession {}
+impl PartialEq for TlsSession {
+    #[inline]
+    fn eq(&self, other: &TlsSession) -> bool {
+        self.0.id() == other.0.id()
+    }
+}
+impl Hash for TlsSession {
+    #[inline]
+    fn hash<H: Hasher>(&self, state: &mut H) {
+        self.0.id().hash(state);
+    }
+}
+impl Borrow<[u8]> for TlsSession {
+    #[inline]
+    fn borrow(&self) -> &[u8] {
+        self.0.id()
+    }
+}
+// ===== impl LruTlsSessionCache =====
+impl LruTlsSessionCache {
+    /// Creates a new [`LruTlsSessionCache`] with the given per-host capacity.
+    pub fn new(per_host_session_capacity: usize) -> Self {
+        LruTlsSessionCache {
+            inner: Mutex::new(Inner {
+                reverse: HashMap::new(),
+                per_host_sessions: HashMap::new(),
+            }),
+            per_host_session_capacity,
+        }
+    }
+}
+impl TlsSessionCache for LruTlsSessionCache {
+    fn put(&self, key: Key, session: TlsSession) {
+        let mut inner = self.inner.lock();
+        let evicted = {
+            let per_host_sessions =
+                inner
+                    .per_host_sessions
+                    .entry(key.clone())
+                    .or_insert_with(|| {
+                        NonZeroUsize::new(self.per_host_session_capacity)
+                            .map_or_else(LruCache::unbounded, LruCache::new)
+                    });
+            // Enforce per-key capacity limit by evicting the least recently used session
+            let evicted = if per_host_sessions.len() >= self.per_host_session_capacity {
+                per_host_sessions.pop_lru().map(|(s, _)| s)
+            } else {
+                None
+            };
+            per_host_sessions.put(session.clone(), ());
+            evicted
+        };
+        if let Some(evicted_session) = evicted {
+            inner.reverse.remove(&evicted_session);
+        }
+        inner.reverse.insert(session, key);
+    }
+    fn pop(&self, key: &Key) -> Option<TlsSession> {
+        let mut inner = self.inner.lock();
+        let session = {
+            let per_host_sessions = inner.per_host_sessions.get_mut(key)?;
+            per_host_sessions.peek_lru()?.0.clone()
+        };
+        // https://tools.ietf.org/html/rfc8446#appendix-C.4
+        // OpenSSL will remove the session from its cache after the handshake completes anyway, but
+        // this ensures that concurrent handshakes don't end up with the same session.
+        if session.protocol_version() == TlsVersion::TLS_1_3 {
+            if let Some(key) = inner.reverse.remove(&session) {
+                if let Entry::Occupied(mut entry) = inner.per_host_sessions.entry(key) {
+                    entry.get_mut().pop(&session);
+                    if entry.get().is_empty() {
+                        entry.remove();
+                    }
+                }
+            }
+        }
+        Some(session)
+    }
+}

data/vendor/wreq/src/tls/{x509 → trust}/identity.rs RENAMED Viewed

@@ -1,4 +1,4 @@
-use boring2::{
+use btls::{
     pkcs12::Pkcs12,
     pkey::{PKey, Private},
     x509::X509,
@@ -9,9 +9,9 @@ use crate::Error;
 /// Represents a private key and X509 cert as a client certificate.
 #[derive(Debug, Clone)]
 pub struct Identity {
-    pkey: PKey<Private>,
-    cert: X509,
-    chain: Vec<X509>,
+    pub(in crate::tls) pkey: PKey<Private>,
+    pub(in crate::tls) cert: X509,
+    pub(in crate::tls) chain: Vec<X509>,
 }
 impl Identity {
@@ -87,23 +87,6 @@ impl Identity {
         let chain = cert_chain.collect();
         Ok(Identity { pkey, cert, chain })
     }
-    pub(crate) fn add_to_tls(
-        &self,
-        connector: &mut boring2::ssl::SslConnectorBuilder,
-    ) -> crate::Result<()> {
-        connector.set_certificate(&self.cert).map_err(Error::tls)?;
-        connector.set_private_key(&self.pkey).map_err(Error::tls)?;
-        for cert in self.chain.iter() {
-            // https://www.openssl.org/docs/manmaster/man3/SSL_CTX_add_extra_chain_cert.html
-            // specifies that "When sending a certificate chain, extra chain certificates are
-            // sent in order following the end entity certificate."
-            connector
-                .add_extra_chain_cert(cert.clone())
-                .map_err(Error::tls)?;
-        }
-        Ok(())
-    }
 }
 #[cfg(test)]

data/vendor/wreq/src/tls/{x509/parser.rs → trust/parse.rs} RENAMED Viewed

@@ -1,4 +1,4 @@
-use boring2::x509::store::{X509Store, X509StoreBuilder};
+use btls::x509::store::{X509Store, X509StoreBuilder};
 use super::{Certificate, CertificateInput};
 use crate::{Error, Result};

data/vendor/wreq/src/tls/{x509 → trust}/store.rs RENAMED Viewed

@@ -1,24 +1,51 @@
 use std::sync::Arc;
-use boring2::{
-    ssl::SslConnectorBuilder,
-    x509::store::{X509Store, X509StoreBuilder},
-};
+use btls::x509::store::{X509Store, X509StoreBuilder};
 use super::{
     Certificate, CertificateInput,
-    parser::{filter_map_certs, parse_certs, parse_certs_with_stack, process_certs},
+    parse::{filter_map_certs, parse_certs, parse_certs_with_stack, process_certs},
 };
 use crate::{Error, Result};
-/// A builder for constructing a `CertStore`.
+/// A builder for constructing a [`CertStore`].
 pub struct CertStoreBuilder {
     builder: Result<X509StoreBuilder>,
 }
-// ====== impl CertStoreBuilder ======
 impl CertStoreBuilder {
+    fn parse_cert<'c, C, P>(mut self, cert: C, parser: P) -> Self
+    where
+        C: Into<CertificateInput<'c>>,
+        P: Fn(&'c [u8]) -> Result<Certificate>,
+    {
+        if let Ok(ref mut builder) = self.builder {
+            let input = cert.into();
+            let result = input
+                .with_parser(parser)
+                .and_then(|cert| builder.add_cert(cert.0).map_err(Error::tls));
+            if let Err(err) = result {
+                self.builder = Err(err);
+            }
+        }
+        self
+    }
+    fn parse_certs<'c, I>(mut self, certs: I, parser: fn(&'c [u8]) -> Result<Certificate>) -> Self
+    where
+        I: IntoIterator,
+        I::Item: Into<CertificateInput<'c>>,
+    {
+        if let Ok(ref mut builder) = self.builder {
+            let certs = filter_map_certs(certs, parser);
+            if let Err(err) = process_certs(certs, builder) {
+                self.builder = Err(err);
+            }
+        }
+        self
+    }
     /// Adds a DER-encoded certificate to the certificate store.
     #[inline]
     pub fn add_der_cert<'c, C>(self, cert: C) -> Self
@@ -87,9 +114,9 @@ impl CertStoreBuilder {
         self
     }
-    /// Constructs the `CertStore`.
+    /// Constructs the [`CertStore`].
     ///
-    /// This method finalizes the builder and constructs the `CertStore`
+    /// This method finalizes the builder and constructs the [`CertStore`]
     /// containing all the added certificates.
     #[inline]
     pub fn build(self) -> Result<CertStore> {
@@ -100,40 +127,6 @@ impl CertStoreBuilder {
     }
 }
-impl CertStoreBuilder {
-    fn parse_cert<'c, C, P>(mut self, cert: C, parser: P) -> Self
-    where
-        C: Into<CertificateInput<'c>>,
-        P: Fn(&'c [u8]) -> Result<Certificate>,
-    {
-        if let Ok(ref mut builder) = self.builder {
-            let input = cert.into();
-            let result = input
-                .with_parser(parser)
-                .and_then(|cert| builder.add_cert(cert.0).map_err(Error::tls));
-            if let Err(err) = result {
-                self.builder = Err(err);
-            }
-        }
-        self
-    }
-    fn parse_certs<'c, I>(mut self, certs: I, parser: fn(&'c [u8]) -> Result<Certificate>) -> Self
-    where
-        I: IntoIterator,
-        I::Item: Into<CertificateInput<'c>>,
-    {
-        if let Ok(ref mut builder) = self.builder {
-            let certs = filter_map_certs(certs, parser);
-            if let Err(err) = process_certs(certs, builder) {
-                self.builder = Err(err);
-            }
-        }
-        self
-    }
-}
 /// A thread-safe certificate store for TLS connections.
 ///
 /// [`CertStore`] manages a collection of trusted certificates used for verifying peer identities.
@@ -148,12 +141,10 @@ impl CertStoreBuilder {
 /// [`Rc`]: std::rc::Rc
 /// [`Arc`]: std::sync::Arc
 #[derive(Clone)]
-pub struct CertStore(Arc<X509Store>);
-// ====== impl CertStore ======
+pub struct CertStore(pub(in crate::tls) Arc<X509Store>);
 impl CertStore {
-    /// Creates a new `CertStoreBuilder`.
+    /// Creates a new [`CertStoreBuilder`].
     #[inline]
     pub fn builder() -> CertStoreBuilder {
         CertStoreBuilder {
@@ -161,7 +152,7 @@ impl CertStore {
         }
     }
-    /// Creates a new `CertStore` from a collection of DER-encoded certificates.
+    /// Creates a new [`CertStore`] from a collection of DER-encoded certificates.
     #[inline]
     pub fn from_der_certs<'c, C>(certs: C) -> Result<CertStore>
     where
@@ -173,7 +164,7 @@ impl CertStore {
             .map(CertStore)
     }
-    /// Creates a new `CertStore` from a collection of PEM-encoded certificates.
+    /// Creates a new [`CertStore`] from a collection of PEM-encoded certificates.
     #[inline]
     pub fn from_pem_certs<'c, C>(certs: C) -> Result<CertStore>
     where
@@ -185,7 +176,7 @@ impl CertStore {
             .map(CertStore)
     }
-    /// Creates a new `CertStore` from a PEM-encoded certificate stack.
+    /// Creates a new [`CertStore`] from a PEM-encoded certificate stack.
     #[inline]
     pub fn from_pem_stack<C>(certs: C) -> Result<CertStore>
     where
@@ -196,33 +187,3 @@ impl CertStore {
             .map(CertStore)
     }
 }
-impl CertStore {
-    #[inline]
-    pub(crate) fn add_to_tls(&self, tls: &mut SslConnectorBuilder) {
-        tls.set_cert_store_ref(&self.0);
-    }
-}
-impl Default for CertStore {
-    fn default() -> Self {
-        #[cfg(feature = "webpki-roots")]
-        static LOAD_CERTS: std::sync::LazyLock<CertStore> = std::sync::LazyLock::new(|| {
-            CertStore::builder()
-                .add_der_certs(webpki_root_certs::TLS_SERVER_ROOT_CERTS)
-                .build()
-                .expect("failed to load default cert store")
-        });
-        #[cfg(not(feature = "webpki-roots"))]
-        {
-            CertStore::builder()
-                .set_default_paths()
-                .build()
-                .expect("failed to load default cert store")
-        }
-        #[cfg(feature = "webpki-roots")]
-        LOAD_CERTS.clone()
-    }
-}

data/vendor/wreq/src/tls/{x509.rs → trust.rs} RENAMED Viewed

@@ -1,8 +1,14 @@
+//! TLS Trust and Identity management.
+//!
+//! Handles server certificate verification, mTLS identity, and CA
+//! bundle management. Provides DER/PEM parsing for BoringSSL and
+//! supports both system and custom trust stores.
 mod identity;
-mod parser;
+mod parse;
 mod store;
-use boring2::x509::X509;
+use btls::x509::X509;
 pub use self::{
     identity::Identity,