diff --git a/Cargo.toml b/Cargo.toml index 1ccefe4693..78caca439d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -107,6 +107,7 @@ tls-rustls-ring = ["tls-rustls-ring-webpki"] # For backwards compatibility tls-rustls-ring-webpki = ["sqlx-core/_tls-rustls-ring-webpki", "sqlx-macros?/_tls-rustls-ring-webpki"] tls-rustls-ring-native-roots = ["tls-rustls-ring-platform-verifier"] # For backwards compatibility tls-rustls-ring-platform-verifier = ["sqlx-core/_tls-rustls-aws-lc-rs-platform-verifier", "sqlx-macros?/_tls-rustls-aws-lc-rs-platform-verifier"] +tls-rustls-no-provider-platform-verifier = ["sqlx-core/_tls-rustls-no-provider-platform-verifier", "sqlx-macros?/_tls-rustls-no-provider-platform-verifier"] # No-op feature used by the workflows to compile without TLS enabled. Not meant for general use. tls-none = [] diff --git a/sqlx-core/Cargo.toml b/sqlx-core/Cargo.toml index f52174a8b7..d46842f9e6 100644 --- a/sqlx-core/Cargo.toml +++ b/sqlx-core/Cargo.toml @@ -32,6 +32,7 @@ _tls-rustls-aws-lc-rs = ["_tls-rustls", "rustls/aws-lc-rs", "webpki-roots"] _tls-rustls-aws-lc-rs-platform-verifier = ["_tls-rustls", "rustls/aws-lc-rs", "rustls-platform-verifier"] _tls-rustls-ring-webpki = ["_tls-rustls", "rustls/ring", "webpki-roots"] _tls-rustls-ring-platform-verifier = ["_tls-rustls", "rustls/ring", "rustls-platform-verifier"] +_tls-rustls-no-provider-platform-verifier = ["_tls-rustls", "rustls-platform-verifier"] _tls-rustls = ["rustls"] _tls-none = [] diff --git a/sqlx-core/src/net/tls/tls_rustls.rs b/sqlx-core/src/net/tls/tls_rustls.rs index 0c61a3e2be..7d207c7992 100644 --- a/sqlx-core/src/net/tls/tls_rustls.rs +++ b/sqlx-core/src/net/tls/tls_rustls.rs @@ -95,6 +95,7 @@ where ), not(feature = "_tls-rustls-ring-webpki"), not(feature = "_tls-rustls-ring-platform-verifier"), + not(feature = "_tls-rustls-no-provider-platform-verifier"), ))] let provider = Arc::new(rustls::crypto::aws_lc_rs::default_provider()); #[cfg(any( @@ -103,6 +104,18 @@ where ))] let provider = Arc::new(rustls::crypto::ring::default_provider()); + #[cfg(all( + feature = "_tls-rustls-no-provider-platform-verifier", + not(feature = "_tls-rustls-aws-lc-rs"), + not(feature = "_tls-rustls-aws-lc-rs-platform-verifier"), + not(feature = "_tls-rustls-ring-webpki"), + not(feature = "_tls-rustls-ring-platform-verifier"), + ))] + let provider = CryptoProvider::get_default() + .ok_or_else(|| Error::Configuration( + "no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point".into() + ))?.clone(); + // Unwrapping is safe here because we use a default provider. let config = ClientConfig::builder_with_provider(provider.clone()) .with_safe_default_protocol_versions() diff --git a/sqlx-macros-core/Cargo.toml b/sqlx-macros-core/Cargo.toml index e7c6a74895..527da6e9b2 100644 --- a/sqlx-macros-core/Cargo.toml +++ b/sqlx-macros-core/Cargo.toml @@ -22,6 +22,7 @@ _tls-rustls-aws-lc-rs = ["sqlx-core/_tls-rustls-aws-lc-rs"] _tls-rustls-aws-lc-rs-platform-verifier = ["sqlx-core/_tls-rustls-aws-lc-rs-platform-verifier"] _tls-rustls-ring-webpki = ["sqlx-core/_tls-rustls-ring-webpki"] _tls-rustls-ring-platform-verifier = ["sqlx-core/_tls-rustls-aws-lc-rs-platform-verifier"] +_tls-rustls-no-provider-platform-verifier = ["sqlx-core/_tls-rustls-no-provider-platform-verifier"] _sqlite = [] diff --git a/sqlx-macros/Cargo.toml b/sqlx-macros/Cargo.toml index 17b154d3f4..0a26e0c9a7 100644 --- a/sqlx-macros/Cargo.toml +++ b/sqlx-macros/Cargo.toml @@ -25,6 +25,7 @@ _tls-rustls-aws-lc-rs = ["sqlx-macros-core/_tls-rustls-aws-lc-rs"] _tls-rustls-aws-lc-rs-platform-verifier = ["sqlx-macros-core/_tls-rustls-aws-lc-rs-platform-verifier"] _tls-rustls-ring-webpki = ["sqlx-macros-core/_tls-rustls-ring-webpki"] _tls-rustls-ring-platform-verifier = ["sqlx-macros-core/_tls-rustls-aws-lc-rs-platform-verifier"] +_tls-rustls-no-provider-platform-verifier = ["sqlx-macros-core/_tls-rustls-no-provider-platform-verifier"] # SQLx features derive = ["sqlx-macros-core/derive"]