diff --git a/Cargo.toml b/Cargo.toml index 00d5d656c1..e595ab25f5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -105,6 +105,8 @@ tls-rustls-aws-lc-rs = ["sqlx-core/_tls-rustls-aws-lc-rs", "sqlx-macros?/_tls-ru tls-rustls-ring = ["tls-rustls-ring-webpki"] # For backwards compatibility tls-rustls-ring-webpki = ["sqlx-core/_tls-rustls-ring-webpki", "sqlx-macros?/_tls-rustls-ring-webpki"] tls-rustls-ring-native-roots = ["sqlx-core/_tls-rustls-ring-native-roots", "sqlx-macros?/_tls-rustls-ring-native-roots"] +tls-rustls-aws-lc-rs-native-roots = ["sqlx-core/_tls-rustls-aws-lc-rs-native-roots", "sqlx-macros?/_tls-rustls-aws-lc-rs-native-roots"] +tls-rustls-no-provider-native-roots = ["sqlx-core/_tls-rustls-no-provider-native-roots", "sqlx-macros?/_tls-rustls-no-provider-native-roots"] # No-op feature used by the workflows to compile without TLS enabled. Not meant for general use. tls-none = [] diff --git a/sqlx-core/Cargo.toml b/sqlx-core/Cargo.toml index fff4ef3d24..4c4ccbda15 100644 --- a/sqlx-core/Cargo.toml +++ b/sqlx-core/Cargo.toml @@ -31,6 +31,8 @@ _tls-native-tls = ["native-tls"] _tls-rustls-aws-lc-rs = ["_tls-rustls", "rustls/aws-lc-rs", "webpki-roots"] _tls-rustls-ring-webpki = ["_tls-rustls", "rustls/ring", "webpki-roots"] _tls-rustls-ring-native-roots = ["_tls-rustls", "rustls/ring", "rustls-native-certs"] +_tls-rustls-aws-lc-rs-native-roots = ["_tls-rustls", "rustls/aws-lc-rs", "rustls-native-certs"] +_tls-rustls-no-provider-native-roots = ["_tls-rustls", "rustls-native-certs"] _tls-rustls = ["rustls"] _tls-none = [] diff --git a/sqlx-core/src/net/tls/tls_rustls.rs b/sqlx-core/src/net/tls/tls_rustls.rs index 1ecbbad519..9fca6ca5ab 100644 --- a/sqlx-core/src/net/tls/tls_rustls.rs +++ b/sqlx-core/src/net/tls/tls_rustls.rs @@ -92,9 +92,13 @@ where S: Socket, { #[cfg(all( - feature = "_tls-rustls-aws-lc-rs", + any( + feature = "_tls-rustls-aws-lc-rs", + feature = "_tls-rustls-aws-lc-rs-native-roots" + ), not(feature = "_tls-rustls-ring-webpki"), - not(feature = "_tls-rustls-ring-native-roots") + not(feature = "_tls-rustls-ring-native-roots"), + not(feature = "_tls-rustls-no-provider-native-roots") ))] let provider = Arc::new(rustls::crypto::aws_lc_rs::default_provider()); #[cfg(any( @@ -103,6 +107,18 @@ where ))] let provider = Arc::new(rustls::crypto::ring::default_provider()); + #[cfg(all( + feature = "_tls-rustls-no-provider-native-roots", + not(feature = "_tls-rustls-ring-webpki"), + not(feature = "_tls-rustls-ring-native-roots"), + not(feature = "_tls-rustls-aws-lc-rs"), + not(feature = "_tls-rustls-aws-lc-rs-native-roots"), + ))] + let provider = CryptoProvider::get_default() + .ok_or_else(|| Error::Configuration( + "no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point".into() + ))?.clone(); + // Unwrapping is safe here because we use a default provider. let config = ClientConfig::builder_with_provider(provider.clone()) .with_safe_default_protocol_versions() diff --git a/sqlx-macros-core/Cargo.toml b/sqlx-macros-core/Cargo.toml index 8702555086..97182cebf6 100644 --- a/sqlx-macros-core/Cargo.toml +++ b/sqlx-macros-core/Cargo.toml @@ -21,6 +21,8 @@ _tls-native-tls = ["sqlx-core/_tls-native-tls"] _tls-rustls-aws-lc-rs = ["sqlx-core/_tls-rustls-aws-lc-rs"] _tls-rustls-ring-webpki = ["sqlx-core/_tls-rustls-ring-webpki"] _tls-rustls-ring-native-roots = ["sqlx-core/_tls-rustls-ring-native-roots"] +_tls-rustls-aws-lc-rs-native-roots = ["sqlx-core/_tls-rustls-aws-lc-rs-native-roots"] +_tls-rustls-no-provider-native-roots = ["sqlx-core/_tls-rustls-no-provider-native-roots"] _sqlite = [] diff --git a/sqlx-macros/Cargo.toml b/sqlx-macros/Cargo.toml index 95954d72ef..f9a8b20623 100644 --- a/sqlx-macros/Cargo.toml +++ b/sqlx-macros/Cargo.toml @@ -24,6 +24,8 @@ _tls-native-tls = ["sqlx-macros-core/_tls-native-tls"] _tls-rustls-aws-lc-rs = ["sqlx-macros-core/_tls-rustls-aws-lc-rs"] _tls-rustls-ring-webpki = ["sqlx-macros-core/_tls-rustls-ring-webpki"] _tls-rustls-ring-native-roots = ["sqlx-macros-core/_tls-rustls-ring-native-roots"] +_tls-rustls-aws-lc-rs-native-roots = ["sqlx-macros-core/_tls-rustls-aws-lc-rs-native-roots"] +_tls-rustls-no-provider-native-roots = ["sqlx-macros-core/_tls-rustls-no-provider-native-roots"] # SQLx features derive = ["sqlx-macros-core/derive"]