Merge branch 'master' into v0.5.0

Author: jayjamesjay

src/request.rs

@@ -9,6 +9,7 @@ use std::{
     fmt,
     io::{self, Read, Write},
     net::{TcpStream, ToSocketAddrs},
+    path::Path,
     time::Duration,
 };
 
@@ -248,6 +249,7 @@ pub struct Request<'a> {
     connect_timeout: Option<Duration>,
     read_timeout: Option<Duration>,
     write_timeout: Option<Duration>,
+    root_cert_file_pem: Option<&'a Path>,
 }
 
 impl<'a> Request<'a> {
@@ -261,6 +263,7 @@ impl<'a> Request<'a> {
             connect_timeout: Some(Duration::from_secs(60)),
             read_timeout: Some(Duration::from_secs(60)),
             write_timeout: Some(Duration::from_secs(60)),
+            root_cert_file_pem: None,
         }
     }
 
@@ -345,6 +348,12 @@ impl<'a> Request<'a> {
         self
     }
 
+    ///Add a file containing the PEM-encoded certificates that should be added in the trusted root store.
+    pub fn root_cert_file_pem(&mut self, file_path: &'a Path) -> &mut Self {
+        self.root_cert_file_pem = Some(file_path);
+        self
+    }
+
     ///Sends HTTP request.
     ///
     ///Creates `TcpStream` (and wraps it with `TlsStream` if needed). Writes request message
@@ -361,7 +370,12 @@ impl<'a> Request<'a> {
         stream.set_write_timeout(self.write_timeout)?;
 
         if self.inner.uri.scheme() == "https" {
-            let mut stream = tls::Config::default().connect(host, stream)?;
+            let mut cnf = tls::Config::default();
+            let cnf = match self.root_cert_file_pem {
+                Some(p) => cnf.add_root_cert_file_pem(p)?,
+                None => &mut cnf,
+            };
+            let mut stream = cnf.connect(host, stream)?;
             self.inner.send(&mut stream, writer)
         } else {
             self.inner.send(&mut stream, writer)

src/tls.rs

@@ -1,7 +1,15 @@
 //!secure connection over TLS
 
 use crate::error::Error as HttpError;
-use std::io;
+use std::fs::File;
+use std::io::{self, BufReader};
+use std::path::Path;
+
+#[cfg(feature = "native-tls")]
+use std::io::prelude::*;
+
+#[cfg(feature = "rust-tls")]
+use crate::error::ParseErr;
 
 #[cfg(not(any(feature = "native-tls", feature = "rust-tls")))]
 compile_error!("one of the `native-tls` or `rust-tls` features must be enabled");
@@ -50,14 +58,18 @@ impl<S: io::Read + io::Write> io::Write for Conn<S> {
 
 ///client configuration
 pub struct Config {
+    #[cfg(feature = "native-tls")]
+    extra_root_certs: Vec<native_tls::Certificate>,
     #[cfg(feature = "rust-tls")]
     client_config: std::sync::Arc<rustls::ClientConfig>,
 }
 
 impl Default for Config {
     #[cfg(feature = "native-tls")]
     fn default() -> Self {
-        Config {}
+        Config {
+            extra_root_certs: vec![],
+        }
     }
 
     #[cfg(feature = "rust-tls")]
@@ -74,18 +86,53 @@ impl Default for Config {
 }
 
 impl Config {
+    #[cfg(feature = "native-tls")]
+    pub fn add_root_cert_file_pem(&mut self, file_path: &Path) -> Result<&mut Self, HttpError> {
+        let f = File::open(file_path)?;
+        let f = BufReader::new(f);
+        let mut pem_crt = vec![];
+        for line in f.lines() {
+            let line = line?;
+            let is_end_cert = line.contains("-----END");
+            pem_crt.append(&mut line.into_bytes());
+            pem_crt.push(b'\n');
+            if is_end_cert {
+                let crt = native_tls::Certificate::from_pem(&pem_crt)?;
+                self.extra_root_certs.push(crt);
+                pem_crt.clear();
+            }
+        }
+        Ok(self)
+    }
+
     #[cfg(feature = "native-tls")]
     pub fn connect<H, S>(&self, hostname: H, stream: S) -> Result<Conn<S>, HttpError>
     where
         H: AsRef<str>,
         S: io::Read + io::Write,
     {
-        let connector = native_tls::TlsConnector::new()?;
+        let mut connector_builder = native_tls::TlsConnector::builder();
+        for crt in self.extra_root_certs.iter() {
+            connector_builder.add_root_certificate((*crt).clone());
+        }
+        let connector = connector_builder.build()?;
         let stream = connector.connect(hostname.as_ref(), stream)?;
 
         Ok(Conn { stream })
     }
 
+    #[cfg(feature = "rust-tls")]
+    pub fn add_root_cert_file_pem(&mut self, file_path: &Path) -> Result<&mut Self, HttpError> {
+        let f = File::open(file_path)?;
+        let mut f = BufReader::new(f);
+        let config = std::sync::Arc::make_mut(&mut self.client_config);
+        let _ = config
+            .root_store
+            .add_pem_file(&mut f)
+            .map_err(|_| HttpError::from(ParseErr::Invalid))?;
+        Ok(self)
+    }
+
     #[cfg(feature = "rust-tls")]
     pub fn connect<H, S>(&self, hostname: H, stream: S) -> Result<Conn<S>, HttpError>
     where