Skip to content

Bitreq client builder (rustls + native-tls)#516

Open
APonce911 wants to merge 65 commits intorust-bitcoin:masterfrom
APonce911:bitreq-client-builder-native-tls
Open

Bitreq client builder (rustls + native-tls)#516
APonce911 wants to merge 65 commits intorust-bitcoin:masterfrom
APonce911:bitreq-client-builder-native-tls

Conversation

@APonce911
Copy link

@APonce911 APonce911 commented Feb 23, 2026

Summary

This PR addresses issue #473 by creating a Client Builder able to receive custom root certificates at runtime.
The ClientBuilder requires async-https-rustls or async-https-native-tls features.

Changes

  • Add Client Builder pattern.
  • Creates Certificates wrapper module.
  • Append certificate using with_root_certificate builder method.
  • Load certificates once per client instead of per connection.
  • Include example.

This PR substitutes the 502

@APonce911
update test_https to use local http server
13e0cfd
@APonce911
add test_https_with_client
e879020
@APonce911
WIP: add ClientBuilder for configuring Client instances
182e5fb
@APonce911
WIP: pass ClientConfig struct to tls layer
92ca975
@APonce911
WIP: include feature on ClientConfig import
5af7539
@APonce911
WIP append custom cert
b6650ba
@APonce911
WIP: update tests
bf1735d
@APonce911
rename TlsConfig cert attribute
da22cf9
@APonce911
remove comment
a01979a
@APonce911
style adjustment
d89f559
@APonce911
add example
04a1c3a
@APonce911
Code review adjustment: Use AsyncConnection::new instead of new_with_…
7011045 
…configs
@APonce911
WIP: include certificates on TlsConfig struct
deb5397
@APonce911
style adjustment
5a97e80
@APonce911
make rustls_stream mod public temporarily
a61b1ec
@APonce911
WIP: create Certificates wrapper on rustls_stream mod
8000c6c
@APonce911
WIP use custom error when appending a certificate
9b4a839
@APonce911
WIP remove moved code
8d7ff6c
@APonce911
WIP remove unused field from TlsConfig
0538906
@APonce911
add Certificates module
5fc031b
@APonce911
adjust privacy on structs
9c11211
@APonce911
add new docs
22c2b2f
@APonce911
update doc and example
97b5d56
@APonce911
remove comment
4a08c7d
@APonce911
Adjust custom_cert example feature
2cf40aa
@APonce911
fix: correct feature flag for CustomClientConfig import
937e3ba
@APonce911
List adjustments
e682f92
@APonce911
fix Cargo fmt adjustments
fd47ea1
@APonce911
Rename certificate to cert_der
728ceb4
@APonce911
take ownership of cert_der on append_certificate
c9d941d
@APonce911
Merge branch bitreq-client-builder
5bb6df5
@APonce911
Improve error handling
d3470a9
@APonce911
remove connector caching with client_config - always create new conne…
05f8e5d 
…ctor
@APonce911
Improve code organization: Move Client and ClientImpl declarations be…
2ef687e 
…low ClientBuilder
@APonce911
wrap ClientConfig with Arc smart pointer to reduce memory usage
bfe2763
@APonce911
Merge branch 'master' into bitreq-client-builder
b2fe156
@APonce911
Merge branch ´bitreq-client-builder´
8c5c9f4
@APonce911
remove connector caching with client_config - create new connector
1a6fcc3
@APonce911
use Arc clone instead of option clone
f3851fb
@APonce911
Merge branch 'bitreq-client-builder' into bitreq-client-builder-nativ…
53391ef 
…e-tls
@APonce911
Wrap Certificates with arc and inject from Client - load root_certs o…
6ac03d7 
…nce per client instead of per connection.
@APonce911
Merge branch 'bitreq-client-builder' into bitreq-client-builder-nativ…
66769f4 
…e-tls
@APonce911
Adjust gates on Client
0ccf01a
@APonce911
format adjustment
c6d6ccd
@APonce911
bump default Client default connection pool(capacity) to 10
bf3a952
@APonce911
Merge branch 'bitreq-client-builder' into bitreq-client-builder-nativ…
5d0d0c1 
…e-tls
@APonce911 APonce911 marked this pull request as ready for review February 23, 2026 23:06
@APonce911 APonce911 mentioned this pull request Feb 23, 2026
Open
@tcharding
Copy link
Member

tcharding commented Feb 24, 2026
edited
Loading

Hi @APonce911, little comment on dev process. Its better if you rebase on master instead of merging if you want review. With 65 patches reviewers are not going to know where to look. Many of us review by pulling down the PR and reading each patch in our terminals.

Different folk treat things differently but to me if a PR is 'open' it is a request to merge so it should be in a mergable state. We use the process where each commit should be a single logical change. There shouldn't be WIP commits and 'fix something I did three commits ago' commits. The whole set of commits (aka the 'patch set') should be clean and reviewable as stand alone changes. Each described in the commit log.

@APonce911
Copy link
Author

APonce911 commented Feb 24, 2026

@tcharding thanks for the feedback. That's something I'll keep in mind! As I've told you, I'm not used to open source so every bit of insight of how you do things is helpful. The process is a bit different than what I'm used to but I'm more than happy to adapt.

About those patches and then small subsequent fixes, I've had a hard time trying to replicate the CI suite locally, it didn't catch some corner cases. I could have reset some commits, but didn't think about it by that time.

@tcharding
Copy link
Member

tcharding commented Feb 24, 2026

In a perfect world every commit builds and passes CI cleanly. We do not however check each commit in CI. But locally during dev you should really, in my opinion, be trying to make sure that at least cargo test --all-features and cargo test --no-default-features run cleanly on each commit [0]. That is the commands I default to and I tend to rely on CI to catch my other mistakes. Your mileage may vary. I don't even run just sane in bitcoin because I'm too impatient, but I more-or-less have a gut feel for what sorts of changes will break what test commands so I amend them if I need to (adding features ect.) Its not a perfect system by any means.

[0] I have shell alias' for these

@tcharding
Copy link
Member

tcharding commented Feb 24, 2026

If you want to get past the ci-doesn't-run-for-first-time-contributors just throw up a quick docs fix PR and I'll merge it.

@APonce911
Copy link
Author

APonce911 commented Feb 24, 2026

@tcharding will definitely do that! However I will be off for a few days and won't be able to proceed with the rebase adjustments and doc pr until next week. Thanks for you time again!

TheBlueMatt
TheBlueMatt reviewed Feb 25, 2026
View reviewed changes
bitreq/examples/custom_cert.rs
@@ -0,0 +1,39 @@
//! This example demonstrates the client builder with custom DER certificate.
Copy link
Member

@TheBlueMatt TheBlueMatt Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the value of this? Should it not either be a test or a doctest so that its visible to devs?

bitreq/src/client.rs
all(feature = "native-tls", feature = "tokio-native-tls"),
all(feature = "rustls", feature = "tokio-rustls")
)))]
mod disabled {
Copy link
Member

@TheBlueMatt TheBlueMatt Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please just have one instance of ClientConfig. You can cfg the field in it but there's no reason to have two fully written out instances.

bitreq/src/client.rs
Comment on lines +195 to +207
/// # Arguments
///
/// * `capacity` - Maximum number of cached connections
///
/// # Example
///
/// ```no_run
/// # use bitreq::Client;
/// let client = Client::builder()
/// .with_capacity(10)
/// .build()
/// .unwrap();
/// ```
Copy link
Member

@TheBlueMatt TheBlueMatt Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please reduce the verbosity of the docs here and elsewhere. LLMs lovvveeeee to generate output, but more often than not half of it is totally useless and doesn't provide any meaningful information.

bitreq/src/client.rs
/// that can be converted into a `Vec<u8>`, such as `Vec<u8>`, `&[u8]`, or arrays.
/// This is useful when connecting to servers using self-signed certificates
/// or custom Certificate Authorities.
///
Copy link
Member

@TheBlueMatt TheBlueMatt Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs should clarify whether this overrides default trust store or not (probably should).

bitreq/src/connection/certificates.rs

#[cfg(feature = "rustls")]
pub(crate) fn append_certificate(mut self, cert_der: Vec<u8>) -> Result<Self, Error> {
let certificates = Arc::make_mut(&mut self.inner);
Copy link
Member

@TheBlueMatt TheBlueMatt Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Arc::make_mut screams "I shouldn't be an Arc".

bitreq/src/connection/certificates.rs
}

#[cfg(feature = "rustls")]
pub(crate) fn append_certificate(mut self, cert_der: Vec<u8>) -> Result<Self, Error> {
Copy link
Member

@TheBlueMatt TheBlueMatt Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like we should avoid taking by ownership so the caller isn't constantly cloneing the cert store as we go.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TheBlueMatt TheBlueMatt TheBlueMatt left review comments

@oleonardolima oleonardolima Awaiting requested review from oleonardolima oleonardolima is a code owner

@tnull tnull Awaiting requested review from tnull tnull is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@APonce911 @tcharding @TheBlueMatt