Make rustls-tls an optional feature for reqwest.

rustls-tls includes a dependency that has a license considered copyleft (MPL-2.0). To make this library more sound to use under the MIT license, make rustls-tls an optional feature. This removes the ability to specify client certs when the `rustls-tls` feature is disabled. However, tls is enabled with reqwests defaults by default.
readysettech · Jan 23, 2022 · e45e600 · e45e600
1 parent 0198daf
commit e45e600
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -20,7 +20,7 @@ base64 = "0.13.0"
 consulrs_derive = { version = "0.1.0", path = "consulrs_derive" }
 derive_builder = "0.10.2"
 http = "0.2.5"
-reqwest = { version = "0.11.4", default-features = false, features = ["rustls-tls"] }
+reqwest = { version = "0.11.4", default-features = false }
 rustify = "0.5.2"
 rustify_derive = "0.5.2"
 serde = "1.0.130"
@@ -38,3 +38,7 @@ test-log = { version = "0.2.8", features = ["trace"] }
 tokio = { version = "1.12.0", features = ["full"] }
 tokio-test = "0.4.2"
 tracing-subscriber = {version = "0.2.17", default-features = false, features = ["env-filter", "fmt"]}
+
+[features]
+default = ["reqwest/default-tls"]
+rustls-tls = ["reqwest/rustls-tls"]
diff --git a/src/client.rs b/src/client.rs
@@ -80,7 +80,8 @@ impl ConsulClient {
             http_client = http_client.add_root_certificate(cert);
         }
 
-        // Add client certificate
+        // Add support for client certificates if rustls-tls is enabled.
+        #[cfg(feature = "rustls-tls")]
         if let (Some(cert), Some(key)) = (&settings.client_cert, &settings.client_key) {
             let cert_content =
                 std::fs::read_to_string(&cert).map_err(|e| ClientError::FileReadError {
@@ -122,8 +123,8 @@ impl ConsulClient {
 ///
 /// * `address`: CONSUL_HTTP_ADDR
 /// * `ca_certs`: CONSUL_CACERT / CONSUL_CAPATH
-/// * `client_cert`: CONSUL_CLIENT_CERT
-/// * `client_key`: CONSUL_CLIENT_KEY
+/// * `client_cert`: CONSUL_CLIENT_CERT, requires `rustls-tls` feature.
+/// * `client_key`: CONSUL_CLIENT_KEY, requires `rustls-tls` feature.
 /// * `token`: CONSUL_HTTP_TOKEN
 /// * `verify`: CONSUL_HTTP_SSL_VERIFY
 ///
@@ -136,8 +137,10 @@ pub struct ConsulClientSettings {
     pub address: String,
     #[builder(default = "self.default_ca_certs()")]
     pub ca_certs: Vec<String>,
+    #[cfg(feature = "rustls-tls")]
     #[builder(default = "self.default_client_cert()")]
     pub client_cert: Option<String>,
+    #[cfg(feature = "rustls-tls")]
     #[builder(default = "self.default_client_key()")]
     pub client_key: Option<String>,
     #[builder(setter(into), default = "self.default_token()")]
@@ -182,6 +185,7 @@ impl ConsulClientSettingsBuilder {
         paths
     }
 
+    #[cfg(feature = "rustls-tls")]
     fn default_client_cert(&self) -> Option<String> {
         match env::var("CONSUL_CLIENT_CERT") {
             Ok(s) => {
@@ -195,6 +199,7 @@ impl ConsulClientSettingsBuilder {
         }
     }
 
+    #[cfg(feature = "rustls-tls")]
     fn default_client_key(&self) -> Option<String> {
         match env::var("CONSUL_CLIENT_KEY") {
             Ok(s) => {