Skip to content

Commit

Permalink
Make it an error to connect to a https URL without TLS
Browse files Browse the repository at this point in the history
  • Loading branch information
djc committed Jan 13, 2022
1 parent c62f382 commit dcca865
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions tonic/src/transport/service/connector.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ use super::io::BoxedIo;
#[cfg(feature = "tls")]
use super::tls::TlsConnector;
use http::Uri;
use std::fmt;
use std::task::{Context, Poll};
use tower::make::MakeConnection;
use tower_service::Service;
Expand Down Expand Up @@ -80,20 +81,43 @@ where
#[cfg(feature = "tls-roots-common")]
let tls = self.tls_or_default(uri.scheme_str(), uri.host());

let is_https = uri.scheme_str() == Some("https");
let connect = self.inner.make_connection(uri);

Box::pin(async move {
#[cfg(not(feature = "tls"))]
{
if is_https {
return Err(NoTlsSupport(()).into());
}
}

let io = connect.await?;

#[cfg(feature = "tls")]
{
if let Some(tls) = tls {
let conn = tls.connect(io).await?;
return Ok(BoxedIo::new(conn));
} else if is_https {
return Err(NoTlsSupport(()).into());
}
}

Ok(BoxedIo::new(io))
})
}
}

/// Error returned when trying to connect to an HTTPS endpoint without TLS enabled.
#[derive(Debug)]
pub(crate) struct NoTlsSupport(());

impl fmt::Display for NoTlsSupport {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
write!(f, "Connecting to HTTPS without TLS enabled")
}
}

// std::error::Error only requires a type to impl Debug and Display
impl std::error::Error for NoTlsSupport {}

0 comments on commit dcca865

Please sign in to comment.