Make the rustls dependency optional

This commit puts the load_native_certs function
behind a cargo feature that's turned on by default.

Fixes #2

Author: est31

Cargo.toml

@@ -11,14 +11,17 @@ repository = "https://github.com/ctz/rustls-native-certs"
 categories = ["network-programming", "cryptography"]
 
 [dependencies]
-rustls = "0.18.0"
+rustls = { version = "0.18.0", optional = true }
 
 [dev-dependencies]
 webpki = "0.21"
 webpki-roots = "0"
 ring = "0.16.5"
 untrusted = "0.7.0"
 
+[features]
+default = ["rustls"]
+
 [target.'cfg(windows)'.dependencies]
 schannel = "0.1.15"
 

admin/pipelines/cargo-steps.yml

@@ -1,6 +1,8 @@
 steps:
   - script: cargo build
     displayName: "cargo build (debug; default features)"
+  - script: cargo build --no-default-features
+    displayName: "cargo build (debug; no default features)"
   - script: cargo test
     displayName: "cargo test (debug; default features)"
     env: { "RUST_BACKTRACE": "1" }

src/lib.rs

@@ -1,12 +1,14 @@
 //! rustls-native-certs allows rustls to use the platform's native certificate
 //! store when operating as a TLS client.
 //!
-//! It consists of a single function [load_native_certs](fn.load_native_certs.html) which returns a
-//! `rustls::RootCertStore` pre-filled from the native certificate store.
-
-/// Like `Result<T,E>`, but allows for functions that can return partially complete
-/// work alongside an error.
-pub type PartialResult<T, E> = Result<T, (Option<T>, E)>;
+//! It provides the following functions:
+//! * A higher level function [load_native_certs](fn.build_native_certs.html)
+//!   which returns a `rustls::RootCertStore` pre-filled from the native
+//!   certificate store. It is only available if the `rustls` feature is
+//!   enabled.
+//! * A lower level function [build_native_certs](fn.build_native_certs.html)
+//!   that lets callers pass their own certificate parsing logic. It is
+//!   available to all users.
 
 #[cfg(all(unix, not(target_os = "macos")))]
 mod unix;
@@ -23,50 +25,20 @@ mod macos;
 #[cfg(target_os = "macos")]
 use macos as platform;
 
-use rustls::RootCertStore;
-use std::io::{Error, ErrorKind};
+#[cfg(feature = "rustls")]
+mod rustls;
+
+use std::io::Error;
 use std::io::BufRead;
 
+#[cfg(feature = "rustls")]
+pub use crate::rustls::{load_native_certs, PartialResult};
+
 pub trait RootStoreBuilder {
     fn load_der(&mut self, der: Vec<u8>) -> Result<(), Error>;
     fn load_pem_file(&mut self, rd: &mut dyn BufRead) -> Result<(), Error>;
 }
 
-/// Loads root certificates found in the platform's native certificate
-/// store.
-///
-/// On success, this returns a `rustls::RootCertStore` loaded with a
-/// snapshop of the root certificates found on this platform.  This
-/// function fails in a platform-specific way, expressed in a `std::io::Error`.
-///
-/// This function can be expensive: on some platforms it involves loading
-/// and parsing a ~300KB disk file.  It's therefore prudent to call
-/// this sparingly.
-pub fn load_native_certs() -> PartialResult<RootCertStore, Error> {
-    struct RootCertStoreLoader {
-        store: RootCertStore,
-    };
-    impl RootStoreBuilder for RootCertStoreLoader {
-        fn load_der(&mut self, der: Vec<u8>) -> Result<(), Error> {
-            self.store.add(&rustls::Certificate(der))
-                .map_err(|err| Error::new(ErrorKind::InvalidData, err))
-        }
-        fn load_pem_file(&mut self, rd: &mut dyn BufRead) -> Result<(), Error> {
-            self.store.add_pem_file(rd)
-                .map(|_| ())
-                .map_err(|()| Error::new(ErrorKind::InvalidData, format!("could not load PEM file")))
-        }
-    }
-    let mut loader = RootCertStoreLoader {
-        store: RootCertStore::empty(),
-    };
-    match build_native_certs(&mut loader) {
-        Err(err) if loader.store.is_empty() => Err((None, err)),
-        Err(err) => Err((Some(loader.store), err)),
-        Ok(()) => Ok(loader.store),
-    }
-}
-
 /// Loads root certificates found in the platform's native certificate
 /// store, executing callbacks on the provided builder.
 ///

src/rustls.rs

@@ -0,0 +1,47 @@
+use rustls::RootCertStore;
+use std::io::{Error, ErrorKind};
+use std::io::BufRead;
+use crate::RootStoreBuilder;
+
+/// Like `Result<T,E>`, but allows for functions that can return partially complete
+/// work alongside an error.
+///
+/// *This type is available only if the crate is built with the "rustls" feature.*
+pub type PartialResult<T, E> = Result<T, (Option<T>, E)>;
+
+/// Loads root certificates found in the platform's native certificate
+/// store.
+///
+/// On success, this returns a `rustls::RootCertStore` loaded with a
+/// snapshop of the root certificates found on this platform.  This
+/// function fails in a platform-specific way, expressed in a `std::io::Error`.
+///
+/// This function can be expensive: on some platforms it involves loading
+/// and parsing a ~300KB disk file.  It's therefore prudent to call
+/// this sparingly.
+///
+/// *This function is available only if the crate is built with the "rustls" feature.*
+pub fn load_native_certs() -> PartialResult<RootCertStore, Error> {
+    struct RootCertStoreLoader {
+        store: RootCertStore,
+    };
+    impl RootStoreBuilder for RootCertStoreLoader {
+        fn load_der(&mut self, der: Vec<u8>) -> Result<(), Error> {
+            self.store.add(&rustls::Certificate(der))
+                .map_err(|err| Error::new(ErrorKind::InvalidData, err))
+        }
+        fn load_pem_file(&mut self, rd: &mut dyn BufRead) -> Result<(), Error> {
+            self.store.add_pem_file(rd)
+                .map(|_| ())
+                .map_err(|()| Error::new(ErrorKind::InvalidData, format!("could not load PEM file")))
+        }
+    }
+    let mut loader = RootCertStoreLoader {
+        store: RootCertStore::empty(),
+    };
+    match crate::build_native_certs(&mut loader) {
+        Err(err) if loader.store.is_empty() => Err((None, err)),
+        Err(err) => Err((Some(loader.store), err)),
+        Ok(()) => Ok(loader.store),
+    }
+}