refactor: pass ALPN around as &str

2026-04-26 01:46:34 +03:00 · 2024-11-09 20:54:06 +00:00
parent 0ab10f99fd
commit 460d2f3c2a
6 changed files with 28 additions and 19 deletions
--- a/src/net/http.rs
+++ b/src/net/http.rs
@@ -76,11 +76,11 @@ where
                let proxy_stream = proxy_config
                    .connect(context, host, port, load_cache)
                    .await?;
-                let tls_stream = wrap_rustls(host, &[], proxy_stream).await?;
+                let tls_stream = wrap_rustls(host, "", proxy_stream).await?;
                Box::new(tls_stream)
            } else {
                let tcp_stream = crate::net::connect_tcp(context, host, port, load_cache).await?;
-                let tls_stream = wrap_rustls(host, &[], tcp_stream).await?;
+                let tls_stream = wrap_rustls(host, "", tcp_stream).await?;
                Box::new(tls_stream)
            }
        }
--- a/src/net/proxy.rs
+++ b/src/net/proxy.rs
@@ -429,7 +429,7 @@ impl ProxyConfig {
                    load_cache,
                )
                .await?;
-                let tls_stream = wrap_rustls(&https_config.host, &[], tcp_stream).await?;
+                let tls_stream = wrap_rustls(&https_config.host, "", tcp_stream).await?;
                let auth = if let Some((username, password)) = &https_config.user_password {
                    Some((username.as_str(), password.as_str()))
                } else {
--- a/src/net/tls.rs
+++ b/src/net/tls.rs
@@ -8,7 +8,7 @@ use crate::net::session::SessionStream;
 pub async fn wrap_tls<'a>(
    strict_tls: bool,
    hostname: &str,
-    alpn: &[&str],
+    alpn: &str,
    stream: impl SessionStream + 'static,
 ) -> Result<impl SessionStream + 'a> {
    if strict_tls {
@@ -19,9 +19,14 @@ pub async fn wrap_tls<'a>(
        // We use native_tls because it accepts 1024-bit RSA keys.
        // Rustls does not support them even if
        // certificate checks are disabled: <https://github.com/rustls/rustls/issues/234>.
+        let alpns = if alpn.is_empty() {
+            Box::from([])
+        } else {
+            Box::from([alpn])
+        };
        let tls = async_native_tls::TlsConnector::new()
            .min_protocol_version(Some(async_native_tls::Protocol::Tlsv12))
-            .request_alpns(alpn)
+            .request_alpns(&alpns)
            .danger_accept_invalid_hostnames(true)
            .danger_accept_invalid_certs(true);
        let tls_stream = tls.connect(hostname, stream).await?;
@@ -32,7 +37,7 @@ pub async fn wrap_tls<'a>(

 pub async fn wrap_rustls<'a>(
    hostname: &str,
-    alpn: &[&str],
+    alpn: &str,
    stream: impl SessionStream + 'a,
 ) -> Result<impl SessionStream + 'a> {
    let mut root_cert_store = tokio_rustls::rustls::RootCertStore::empty();
@@ -41,7 +46,11 @@ pub async fn wrap_rustls<'a>(
    let mut config = tokio_rustls::rustls::ClientConfig::builder()
        .with_root_certificates(root_cert_store)
        .with_no_client_auth();
-    config.alpn_protocols = alpn.iter().map(|s| s.as_bytes().to_vec()).collect();
+    config.alpn_protocols = if alpn.is_empty() {
+        vec![]
+    } else {
+        vec![alpn.as_bytes().to_vec()]
+    };

    let tls = tokio_rustls::TlsConnector::from(Arc::new(config));
    let name = rustls_pki_types::ServerName::try_from(hostname)?.to_owned();