From 0cb30bb51e39e36e95870dbd6caa92ce47b73e5b Mon Sep 17 00:00:00 2001 From: Marco Neumann Date: Wed, 8 Nov 2023 16:00:41 +0100 Subject: [PATCH] refactor: change `object_store` CA handling (#5056) Closes #4870. --- object_store/Cargo.toml | 3 ++- object_store/src/lib.rs | 11 +++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/object_store/Cargo.toml b/object_store/Cargo.toml index 7fcb6ce9e3f1..bf8301557df2 100644 --- a/object_store/Cargo.toml +++ b/object_store/Cargo.toml @@ -50,7 +50,7 @@ quick-xml = { version = "0.31.0", features = ["serialize", "overlapped-lists"], serde = { version = "1.0", default-features = false, features = ["derive"], optional = true } serde_json = { version = "1.0", default-features = false, optional = true } rand = { version = "0.8", default-features = false, features = ["std", "std_rng"], optional = true } -reqwest = { version = "0.11", default-features = false, features = ["rustls-tls"], optional = true } +reqwest = { version = "0.11", default-features = false, features = ["rustls-tls-native-roots"], optional = true } ring = { version = "0.17", default-features = false, features = ["std"], optional = true } rustls-pemfile = { version = "1.0", default-features = false, optional = true } tokio = { version = "1.25.0", features = ["sync", "macros", "rt", "time", "io-util"] } @@ -64,6 +64,7 @@ azure = ["cloud"] gcp = ["cloud", "rustls-pemfile"] aws = ["cloud"] http = ["cloud"] +tls-webpki-roots = ["reqwest?/rustls-tls-webpki-roots"] [dev-dependencies] # In alphabetical order tempfile = "3.1.0" diff --git a/object_store/src/lib.rs b/object_store/src/lib.rs index cdd572dd9b3a..f791e65b386c 100644 --- a/object_store/src/lib.rs +++ b/object_store/src/lib.rs @@ -86,6 +86,17 @@ doc = "* [`http`]: [HTTP/WebDAV Storage](https://datatracker.ietf.org/doc/html/rfc2518). See [`HttpBuilder`](http::HttpBuilder)" )] //! +//! # TLS Certificates +//! +//! Stores that use HTTPS/TLS (this is true for most cloud stores) can choose the source of their [CA] +//! certificates. By default the system-bundled certificates are used (see +//! [`rustls-native-certs`]). The `tls-webpki-roots` feature switch can be used to also bundle Mozilla's +//! root certificates with the library/application (see [`webpki-roots`]). +//! +//! [CA]: https://en.wikipedia.org/wiki/Certificate_authority +//! [`rustls-native-certs`]: https://crates.io/crates/rustls-native-certs/ +//! [`webpki-roots`]: https://crates.io/crates/webpki-roots +//! //! # Why not a Filesystem Interface? //! //! Whilst this crate does provide a [`BufReader`], the [`ObjectStore`] interface mirrors the APIs