Address review comments

Author: krishvishal

Cargo.toml

@@ -26,7 +26,6 @@ license = "MIT"
 repository = "https://github.com/compio-rs/compio"
 
 [workspace.dependencies]
-compio = { path = "./compio", version = "0.16.0" }
 compio-buf = { path = "./compio-buf", version = "0.7.0" }
 compio-driver = { path = "./compio-driver", version = "0.9.0", default-features = false }
 compio-runtime = { path = "./compio-runtime", version = "0.9.0" }

compio-ws/Cargo.toml

@@ -11,8 +11,8 @@ repository = { workspace = true }
 
 [dependencies]
 rustls = { workspace = true, optional = true, default-features = false }
-rustls-native-certs = { version = "0.8", optional = true }
-tungstenite = "0.27.0"
+rustls-platform-verifier = { version = "0.6.0", optional = true }
+tungstenite = "0.28.0"
 compio-io = { workspace = true }
 compio-net = { workspace = true, optional = true }
 compio-tls = { workspace = true, optional = true, default-features = false, features = [
@@ -27,7 +27,7 @@ log = "0.4"
 default = []
 connect = ["dep:compio-net"]
 rustls = ["connect", "dep:compio-tls", "dep:rustls", "compio-tls/rustls"]
-rustls-native-certs = ["rustls", "dep:rustls-native-certs"]
+rustls-platform-verifier = ["rustls", "dep:rustls-platform-verifier"]
 webpki-roots = ["rustls", "dep:webpki-roots"]
 ring = ["rustls?/ring", "compio-tls?/ring"]
 
@@ -63,3 +63,7 @@ required-features = ["connect", "rustls", "ring"]
 [[example]]
 name = "client_tls"
 required-features = ["connect", "rustls", "ring"]
+
+[[test]]
+name = "websocket"
+required-features = ["connect", "compio-driver/io-uring"]

compio-ws/src/lib.rs

@@ -35,7 +35,6 @@ pub use crate::rustls::{
     connect_async_with_config, connect_async_with_tls_connector,
     connect_async_with_tls_connector_and_config,
 };
-pub use crate::stream::MaybeTlsStream;
 
 pub struct WebSocketStream<S> {
     inner: WebSocket<GrowableSyncStream<S>>,

compio-ws/src/rustls.rs

@@ -1,10 +1,10 @@
-#[cfg(any(feature = "rustls-native-certs", feature = "webpki-roots"))]
+#[cfg(any(feature = "rustls-platform-verifier", feature = "webpki-roots"))]
 use std::sync::Arc;
 
 use compio_io::{AsyncRead, AsyncWrite};
 use compio_net::TcpStream;
 use compio_tls::TlsConnector;
-#[cfg(any(feature = "rustls-native-certs", feature = "webpki-roots"))]
+#[cfg(any(feature = "rustls-platform-verifier", feature = "webpki-roots"))]
 use rustls::{ClientConfig, RootCertStore};
 use tungstenite::{
     Error,
@@ -37,92 +37,93 @@ where
                 let connector = if let Some(connector) = connector {
                     connector
                 } else {
-                    // Only create root_store when we actually have certificate features enabled
-                    #[cfg(any(feature = "rustls-native-certs", feature = "webpki-roots"))]
-                    let root_store = {
-                        let mut store = RootCertStore::empty();
-
-                        #[cfg(feature = "rustls-native-certs")]
-                        {
-                            let cert_result = rustls_native_certs::load_native_certs();
-
-                            // Log any errors that occurred
-                            for err in &cert_result.errors {
-                                log::warn!("Error loading native certificate: {err}");
-                            }
+                    // Create TLS connector with platform verifier when feature is enabled
+                    #[cfg(feature = "rustls-platform-verifier")]
+                    {
+                        use rustls_platform_verifier::BuilderVerifierExt;
 
-                            if !cert_result.certs.is_empty() {
-                                let (added, ignored) =
-                                    store.add_parsable_certificates(cert_result.certs);
+                        // Use platform's native certificate verification
+                        // This provides better security and enterprise integration
+                        let config_result = ClientConfig::builder().with_platform_verifier();
+
+                        match config_result {
+                            Ok(config_builder) => {
                                 log::debug!(
-                                    "Added {added} native root certificates (ignored {ignored})"
+                                    "Using rustls-platform-verifier for certificate validation"
                                 );
+                                TlsConnector::from(Arc::new(config_builder.with_no_client_auth()))
+                            }
+                            Err(e) => {
+                                log::warn!("Error creating platform verifier: {e}");
 
                                 // Only fail if webpki-roots is NOT enabled as fallback
                                 #[cfg(not(feature = "webpki-roots"))]
-                                if added == 0 {
+                                {
                                     return Err(Error::Io(std::io::Error::new(
-                                        std::io::ErrorKind::NotFound,
-                                        "No valid native root certificates found",
+                                        std::io::ErrorKind::Other,
+                                        format!("Failed to create platform verifier: {}", e),
                                     )));
                                 }
-                            } else {
-                                log::warn!("No native root certificates found");
 
-                                // Only fail if webpki-roots is NOT enabled as fallback
-                                #[cfg(not(feature = "webpki-roots"))]
-                                return Err(Error::Io(std::io::Error::new(
-                                    std::io::ErrorKind::NotFound,
-                                    "No native root certificates found",
-                                )));
+                                // Fall through to webpki-roots if available
+                                #[cfg(feature = "webpki-roots")]
+                                {
+                                    use log::debug;
+
+                                    let mut root_store = RootCertStore::empty();
+                                    let webpki_certs = webpki_roots::TLS_SERVER_ROOTS.to_vec();
+                                    root_store.extend(webpki_certs);
+                                    debug!(
+                                        "Falling back to {} webpki root certificates",
+                                        webpki_roots::TLS_SERVER_ROOTS.len()
+                                    );
+
+                                    TlsConnector::from(Arc::new(
+                                        ClientConfig::builder()
+                                            .with_root_certificates(root_store)
+                                            .with_no_client_auth(),
+                                    ))
+                                }
                             }
                         }
+                    }
 
-                        // Load webpki-roots whenever the feature is enabled
-                        // This serves as a fallback when native-certs is also enabled
-                        #[cfg(feature = "webpki-roots")]
-                        {
-                            use log::debug;
-
-                            let webpki_certs = webpki_roots::TLS_SERVER_ROOTS.to_vec();
-                            store.extend(webpki_certs);
-                            debug!(
-                                "Added {} webpki root certificates",
-                                webpki_roots::TLS_SERVER_ROOTS.len()
-                            );
-                        }
-
-                        store
-                    };
-
-                    // Check if we have neither feature enabled
-                    #[cfg(not(any(feature = "rustls-native-certs", feature = "webpki-roots")))]
+                    // Use webpki-roots when platform-verifier is not available
+                    // This serves as a fallback or standalone certificate source
+                    #[cfg(all(
+                        feature = "webpki-roots",
+                        not(feature = "rustls-platform-verifier")
+                    ))]
                     {
-                        return Err(Error::Io(std::io::Error::new(
-                            std::io::ErrorKind::NotFound,
-                            "No root certificate features enabled. Enable either \
-                             'rustls-native-certs' or 'webpki-roots'",
-                        )));
-                    }
+                        use log::debug;
 
-                    // Check if root_store is empty (only when features are enabled)
-                    #[cfg(any(feature = "rustls-native-certs", feature = "webpki-roots"))]
-                    if root_store.is_empty() {
-                        return Err(Error::Io(std::io::Error::new(
-                            std::io::ErrorKind::NotFound,
-                            "No root certificates available",
-                        )));
-                    }
+                        let mut root_store = RootCertStore::empty();
+                        let webpki_certs = webpki_roots::TLS_SERVER_ROOTS.to_vec();
+                        root_store.extend(webpki_certs);
+                        debug!(
+                            "Using {} webpki root certificates",
+                            webpki_roots::TLS_SERVER_ROOTS.len()
+                        );
 
-                    // Create the TLS connector (only when features are enabled)
-                    #[cfg(any(feature = "rustls-native-certs", feature = "webpki-roots"))]
-                    {
                         TlsConnector::from(Arc::new(
                             ClientConfig::builder()
                                 .with_root_certificates(root_store)
                                 .with_no_client_auth(),
                         ))
                     }
+
+                    // Check if we have neither feature enabled
+                    #[cfg(not(any(
+                        feature = "rustls-platform-verifier",
+                        feature = "webpki-roots"
+                    )))]
+                    {
+                        return Err(Error::Io(std::io::Error::new(
+                            std::io::ErrorKind::NotFound,
+                            "No root certificate features enabled. Enable either \
+                             'rustls-platform-verifier' or 'webpki-roots'",
+                        )));
+                    }
                 };
 
                 connector

compio-ws/src/stream.rs

@@ -1,11 +1,15 @@
+#[cfg(feature = "rustls")]
 use std::io::Result as IoResult;
 
+#[cfg(feature = "rustls")]
 use compio_buf::{BufResult, IoBuf, IoBufMut};
+#[cfg(feature = "rustls")]
 use compio_io::{AsyncRead, AsyncWrite};
 #[cfg(feature = "rustls")]
 use compio_tls::TlsStream;
 
 /// Stream that can be either plain TCP or TLS-encrypted
+#[cfg(feature = "rustls")]
 #[derive(Debug)]
 #[allow(clippy::large_enum_variant)]
 pub enum MaybeTlsStream<S> {
@@ -16,6 +20,7 @@ pub enum MaybeTlsStream<S> {
     Tls(TlsStream<S>),
 }
 
+#[cfg(feature = "rustls")]
 impl<S> MaybeTlsStream<S> {
     pub fn plain(stream: S) -> Self {
         MaybeTlsStream::Plain(stream)
@@ -38,6 +43,7 @@ impl<S> MaybeTlsStream<S> {
     }
 }
 
+#[cfg(feature = "rustls")]
 impl<S> AsyncRead for MaybeTlsStream<S>
 where
     S: AsyncRead + AsyncWrite + Unpin + 'static,
@@ -51,6 +57,7 @@ where
     }
 }
 
+#[cfg(feature = "rustls")]
 impl<S> AsyncWrite for MaybeTlsStream<S>
 where
     S: AsyncRead + AsyncWrite + Unpin + 'static,
@@ -79,5 +86,3 @@ where
         }
     }
 }
-
-impl<S> Unpin for MaybeTlsStream<S> where S: Unpin {}