Switch from OpenSSL to Rustls (#19104)

This PR also includes a downgrade of our async_tungstenite version to 0.24 Release Notes: - N/A
2024-10-11 18:18:09 -07:00 · 2024-10-11 18:18:09 -07:00 · c85a3cc117
commit c85a3cc117
parent 22ac178f9d
8 changed files with 118 additions and 106 deletions
--- a/crates/reqwest_client/Cargo.toml
+++ b/crates/reqwest_client/Cargo.toml
@ -28,7 +28,7 @@ serde.workspace = true
 smol.workspace = true
 log.workspace = true
 tokio = { workspace = true, features = ["rt", "rt-multi-thread"] }
-reqwest = { workspace = true, features = ["rustls-tls-manual-roots", "stream"] }
+reqwest.workspace = true

 [dev-dependencies]
 gpui.workspace = true
--- a/crates/reqwest_client/src/reqwest_client.rs
+++ b/crates/reqwest_client/src/reqwest_client.rs
@ -2,7 +2,7 @@ use std::{any::type_name, borrow::Cow, io::Read, mem, pin::Pin, sync::OnceLock,

 use anyhow::anyhow;
 use bytes::{BufMut, Bytes, BytesMut};
-use futures::{AsyncRead, TryStreamExt};
+use futures::{AsyncRead, TryStreamExt as _};
 use http_client::{http, ReadTimeout, RedirectPolicy};
 use reqwest::{
    header::{HeaderMap, HeaderValue},
@ -11,6 +11,7 @@ use reqwest::{
 use smol::future::FutureExt;

 const DEFAULT_CAPACITY: usize = 4096;
+static RUNTIME: OnceLock<tokio::runtime::Runtime> = OnceLock::new();

 pub struct ReqwestClient {
    client: reqwest::Client,
@ -20,20 +21,29 @@ pub struct ReqwestClient {

 impl ReqwestClient {
    pub fn new() -> Self {
-        reqwest::Client::new().into()
+        reqwest::Client::builder()
+            .use_rustls_tls()
+            .build()
+            .expect("Failed to initialize HTTP client")
+            .into()
    }

    pub fn user_agent(agent: &str) -> anyhow::Result<Self> {
        let mut map = HeaderMap::new();
        map.insert(http::header::USER_AGENT, HeaderValue::from_str(agent)?);
-        let client = reqwest::Client::builder().default_headers(map).build()?;
+        let client = reqwest::Client::builder()
+            .default_headers(map)
+            .use_rustls_tls()
+            .build()?;
        Ok(client.into())
    }

    pub fn proxy_and_user_agent(proxy: Option<http::Uri>, agent: &str) -> anyhow::Result<Self> {
        let mut map = HeaderMap::new();
        map.insert(http::header::USER_AGENT, HeaderValue::from_str(agent)?);
-        let mut client = reqwest::Client::builder().default_headers(map);
+        let mut client = reqwest::Client::builder()
+            .use_rustls_tls()
+            .default_headers(map);
        if let Some(proxy) = proxy.clone() {
            client = client.proxy(reqwest::Proxy::all(proxy.to_string())?);
        }
@ -44,8 +54,6 @@ impl ReqwestClient {
    }
 }

-static RUNTIME: OnceLock<tokio::runtime::Runtime> = OnceLock::new();
-
 impl From<reqwest::Client> for ReqwestClient {
    fn from(client: reqwest::Client) -> Self {
        let handle = tokio::runtime::Handle::try_current().unwrap_or_else(|_| {