Allow the server_name_resolver to be overriden

Author: 0xIO32

src/async_impl/client.rs

@@ -185,6 +185,8 @@ struct Config {
     tls_built_in_certs_native: bool,
     #[cfg(feature = "__rustls")]
     crls: Vec<CertificateRevocationList>,
+    #[cfg(feature = "__rustls")]
+    server_name_resolver: Arc<dyn hyper_rustls::ResolveServerName + Send + Sync>,
     #[cfg(feature = "__tls")]
     min_tls_version: Option<tls::Version>,
     #[cfg(feature = "__tls")]
@@ -308,6 +310,8 @@ impl ClientBuilder {
                 identity: None,
                 #[cfg(feature = "__rustls")]
                 crls: vec![],
+                #[cfg(feature = "__rustls")]
+                server_name_resolver: Arc::new(hyper_rustls::DefaultServerNameResolver::default()),
                 #[cfg(feature = "__tls")]
                 min_tls_version: None,
                 #[cfg(feature = "__tls")]
@@ -657,6 +661,7 @@ impl ClientBuilder {
                         config.interface.as_deref(),
                         config.nodelay,
                         config.tls_info,
+                        config.server_name_resolver,
                     )
                 }
                 #[cfg(feature = "__rustls")]
@@ -862,6 +867,7 @@ impl ClientBuilder {
                         config.interface.as_deref(),
                         config.nodelay,
                         config.tls_info,
+                        config.server_name_resolver,
                     )
                 }
                 #[cfg(any(feature = "native-tls", feature = "__rustls",))]
@@ -1691,6 +1697,16 @@ impl ClientBuilder {
         self
     }
 
+    /// Sets the server name resolver. Defaults to `hyper_rustls::DefaultServerNameResolver`
+    ///
+    /// This requires the `rustls-tls(-...)` Cargo feature enabled.
+    #[cfg(feature = "__rustls")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls")))]
+    pub fn with_server_name_resolver(mut self, server_name_resolver: Arc<dyn hyper_rustls::ResolveServerName + Send + Sync>) -> ClientBuilder {
+        self.config.server_name_resolver = server_name_resolver;
+        self
+    }
+
     // TLS options
 
     /// Add a custom root certificate.

src/connect.rs

@@ -330,6 +330,7 @@ where {
         interface: Option<&str>,
         nodelay: bool,
         tls_info: bool,
+        server_name_resolver: Arc<dyn hyper_rustls::ResolveServerName + Send + Sync>,
     ) -> ConnectorBuilder
     where
         T: Into<Option<IpAddr>>,
@@ -367,6 +368,7 @@ where {
                 http,
                 tls,
                 tls_proxy,
+                server_name_resolver,
             },
             proxies,
             verbose: verbose::OFF,
@@ -458,6 +460,7 @@ enum Inner {
         http: HttpConnector,
         tls: Arc<rustls::ClientConfig>,
         tls_proxy: Arc<rustls::ClientConfig>,
+        server_name_resolver: Arc<dyn hyper_rustls::ResolveServerName + Send + Sync>,
     },
 }
 
@@ -579,7 +582,7 @@ impl ConnectorService {
                 }
             }
             #[cfg(feature = "__rustls")]
-            Inner::RustlsTls { http, tls, .. } => {
+            Inner::RustlsTls { http, tls, server_name_resolver, .. } => {
                 let mut http = http.clone();
 
                 // Disable Nagle's algorithm for TLS handshake
@@ -589,7 +592,7 @@ impl ConnectorService {
                     http.set_nodelay(true);
                 }
 
-                let mut http = hyper_rustls::HttpsConnector::from((http, tls.clone()));
+                let mut http = hyper_rustls::HttpsConnector::from((http, tls.clone(), server_name_resolver));
                 let io = http.call(dst).await?;
 
                 if let hyper_rustls::MaybeHttpsStream::Https(stream) = io {
@@ -675,10 +678,9 @@ impl ConnectorService {
                 http,
                 tls,
                 tls_proxy,
+                server_name_resolver: name_resolver,
             } => {
                 if dst.scheme() == Some(&Scheme::HTTPS) {
-                    use rustls_pki_types::ServerName;
-                    use std::convert::TryFrom;
                     use tokio_rustls::TlsConnector as RustlsConnector;
 
                     log::trace!("tunneling HTTPS over proxy");
@@ -701,9 +703,8 @@ impl ConnectorService {
                     // We don't wrap this again in an HttpsConnector since that uses Maybe,
                     // and we know this is definitely HTTPS.
                     let tunneled = tunnel.call(dst.clone()).await?;
-                    let host = dst.host().ok_or("no host in url")?.to_string();
-                    let server_name = ServerName::try_from(host.as_str().to_owned())
-                        .map_err(|_| "Invalid Server Name")?;
+
+                    let server_name = name_resolver.resolve(&dst)?;
                     let io = RustlsConnector::from(tls.clone())
                         .connect(server_name, TokioIo::new(tunneled))
                         .await?;

src/lib.rs

@@ -287,6 +287,10 @@ pub use self::error::{Error, Result};
 pub use self::into_url::IntoUrl;
 pub use self::response::ResponseBuilderExt;
 
+#[cfg(feature = "__rustls")]
+#[cfg_attr(docsrs, doc(cfg(feature = "rustls-tls")))]
+pub use hyper_rustls::ResolveServerName;
+
 /// Shortcut method to quickly make a `GET` request.
 ///
 /// See also the methods on the [`reqwest::Response`](./struct.Response.html)