Skip to content

feat: introduce fetch_tls crate#450

Open
martintmk wants to merge 24 commits into
mainfrom
fetch_tls
Open

feat: introduce fetch_tls crate#450
martintmk wants to merge 24 commits into
mainfrom
fetch_tls

Conversation

@martintmk
Copy link
Copy Markdown
Member

@martintmk martintmk commented May 26, 2026

No description provided.

martintmk and others added 12 commits May 25, 2026 20:55
@martintmk
feat(fetch_tls): add new TLS abstraction crate
a9e0d7b 
Introduce the etch_tls crate providing a unified TLS configuration API with pluggable backends for rustls and native-tls. Includes client identity handling, connection options, and test utilities.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@martintmk
fixes
1746395
@martintmk
cleanup and improvements
04aea94
@martintmk
cleanup grammar
87eb858
@martintmk
adop fetch_tls in fetch_hyper
fded4d2
@martintmk
Update builder.rs
978017d
@martintmk
Update Cargo.lock
4554be8
@martintmk
cleanup
6c3dc82
@martintmk
icons
d0d89bb
@martintmk
Update options.rs
868a964
@martintmk
docs
4837e5d
@martintmk
Update backend.rs
f21272a
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 26, 2026
edited
Loading

⚠️ Breaking Changes Detected


--- failure enum_missing: pub enum removed or renamed ---

Description:
A publicly-visible enum cannot be imported by its prior path. A `pub use` may have been removed, or the enum itself may have been renamed or removed entirely.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#item-remove
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.46.0/src/lints/enum_missing.ron

Failed in:
  enum fetch_hyper::TlsBackend, previously in file /home/runner/work/oxidizer/oxidizer/target/semver-checks/git-origin_main/f41130f5e3579781a04ee224211f1f2188d65394/crates/fetch_hyper/src/tls/mod.rs:24

error: failed to retrieve local crate data from git revision

Caused by:
    0: failed to retrieve manifest file from git revision source
    1: possibly due to errors: [
         failed to parse /home/runner/work/oxidizer/oxidizer/target/semver-checks/git-origin_main/f41130f5e3579781a04ee224211f1f2188d65394/Cargo.toml: no `package` table,
         failed when reading /home/runner/work/oxidizer/oxidizer/target/semver-checks/git-origin_main/f41130f5e3579781a04ee224211f1f2188d65394/scripts/crate-template/Cargo.toml: TOML parse error at line 9, column 26
         |
       9 | keywords = ["oxidizer", {{CRATE_KEYWORDS}}]
         |                          ^
       missing key for inline table element, expected key
       : TOML parse error at line 9, column 26
         |
       9 | keywords = ["oxidizer", {{CRATE_KEYWORDS}}]
         |                          ^
       missing key for inline table element, expected key
       ,
       ]
    2: package `fetch_tls` not found in /home/runner/work/oxidizer/oxidizer/target/semver-checks/git-origin_main/f41130f5e3579781a04ee224211f1f2188d65394

Stack backtrace:
   0: anyhow::error::<impl anyhow::Error>::msg
   1: cargo_semver_checks::rustdoc_gen::RustdocFromProjectRoot::get_crate_source
   2: cargo_semver_checks::rustdoc_gen::StatefulRustdocGenerator<cargo_semver_checks::rustdoc_gen::CoupledState>::prepare_generator
   3: cargo_semver_checks::Check::check_release::{{closure}}
   4: cargo_semver_checks::Check::check_release
   5: cargo_semver_checks::exit_on_error
   6: cargo_semver_checks::main
   7: std::sys::backtrace::__rust_begin_short_backtrace
   8: main
   9: <unknown>
  10: __libc_start_main
  11: _start

If the breaking changes are intentional then everything is fine - this message is merely informative.

Remember to apply a version number bump with the correct severity when publishing a version with breaking changes (1.x.x -> 2.x.x or 0.1.x -> 0.2.x).

@codecov
Copy link
Copy Markdown

codecov Bot commented May 26, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 93.50181% with 18 lines in your changes missing coverage. Please review.
✅ Project coverage is 99.9%. Comparing base (7e8108f) to head (4cf881a).
⚠️ Report is 9 commits behind head on main.

Files with missing lines Patch % Lines
crates/fetch_tls/src/rustls.rs 87.6% 11 Missing ⚠️
crates/fetch_tls/src/backend.rs 90.3% 3 Missing ⚠️
crates/fetch_tls/src/client_identity.rs 96.7% 2 Missing ⚠️
crates/fetch_hyper/src/tls/connector.rs 50.0% 1 Missing ⚠️
crates/fetch_tls/src/native_tls.rs 97.9% 1 Missing ⚠️

❌ Your project check has failed because the head coverage (99.9%) is below the target coverage (100.0%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files 
@@           Coverage Diff            @@
##             main    #450     +/-   ##
========================================
- Coverage   100.0%   99.9%   -0.1%     
========================================
  Files         305     309      +4     
  Lines       23707   23965    +258     
========================================
+ Hits        23707   23947    +240     
- Misses          0      18     +18

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@martintmk martintmk marked this pull request as ready for review May 30, 2026 16:00
Copilot AI review requested due to automatic review settings May 30, 2026 16:00
Copilot AI reviewed May 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extracts the TLS backend abstraction from fetch_hyper into a new workspace crate, fetch_tls, that provides a backend-agnostic TlsOptions/TlsOptionsBuilder API plus a fully-materialized TlsBackend enum (rustls or native-tls). fetch_hyper now depends on fetch_tls and forwards its TLS features, while internally adapting to the new Arc<rustls::ClientConfig>-based TlsBackend. The new crate adds support for backend-agnostic mTLS via ClientIdentity, a rustls ResolvesClientCert integration, a ServerCertVerifierFactory, and per-backend ALPN derivation from supported HTTP versions.

Changes:

  • New fetch_tls crate with TlsOptions/TlsOptionsBuilder, rustls/native-tls option builders, TlsBackend, TlsBackendDefaults, and ClientIdentity (PEM/DER, mTLS).
  • fetch_hyper migrated to consume fetch_tls::TlsBackend; rustls variant now stores Arc<ClientConfig>, and the TLS feature flags forward to fetch_tls.
  • Workspace updates: new fetch_tls workspace entry, new base64/rustls-pki-types/rustls-symcrypt workspace deps, hyper/hyper-util minor version bumps, spelling list and root CHANGELOG additions.

Reviewed changes

Copilot reviewed 24 out of 25 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
crates/fetch_tls/Cargo.toml New crate manifest with feature-gated rustls/native-tls deps and allowed external types.
crates/fetch_tls/src/lib.rs Crate root docs and module/export wiring with feature/test gates.
crates/fetch_tls/src/backend.rs Defines TlsBackend, TlsBackendDefaults, RustlsDefaults, and backend selection enum.
crates/fetch_tls/src/options.rs TlsOptions/TlsOptionsBuilder and build_backend dispatch including auto-selection logic.
crates/fetch_tls/src/rustls.rs Rustls backend builder, verifier factory, client identity resolver path.
crates/fetch_tls/src/native_tls.rs Native TLS backend builder and ALPN mapping from HTTP versions.
crates/fetch_tls/src/client_identity.rs Backend-agnostic mTLS identity (PEM/DER) plus native-tls PEM re-encoding.
crates/fetch_tls/src/testing.rs Test-only AcceptAllServerCertVerifier and NoClientCertResolver.
crates/fetch_tls/src/snapshots/*.snap Insta snapshot for verifier factory debug output.
crates/fetch_tls/README.md / CHANGELOG.md / logo.png / favicon.ico Generated README, empty changelog, and LFS-tracked assets.
crates/fetch_hyper/Cargo.toml Adds fetch_tls dependency and forwards rustls/native-tls features.
crates/fetch_hyper/src/lib.rs Drops TlsBackend re-export now that the type lives in fetch_tls.
crates/fetch_hyper/src/tls/mod.rs Removes the old TlsBackend enum, conversions, and tests.
crates/fetch_hyper/src/tls/connector.rs Switches to fetch_tls::TlsBackend and adapts Arc<ClientConfig> via as_ref().clone().
crates/fetch_hyper/src/builder.rs Uses fetch_tls::TlsBackend; updates doctest import.
crates/fetch_hyper/src/connection/hyper_handler.rs Test imports updated to fetch_tls::TlsBackend.
crates/fetch_hyper/src/testing.rs Test imports updated to fetch_tls::TlsBackend.
crates/fetch_hyper/tests/smoke.rs Smoke test imports updated.
Cargo.toml Adds fetch_tls, base64, rustls-pki-types, rustls-symcrypt workspace deps; bumps hyper/hyper-util.
Cargo.lock Lockfile updates for new crate and hyper bump.
CHANGELOG.md Adds fetch_tls to crate list.
.spelling Allows crypto, rustls, TLS, verifier, Verifier.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/fetch_hyper/src/tls/mod.rs
Comment on lines 7 to 9

mod connector;
pub(crate) use connector::TlsConnector;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martintmk