refactor: rename CaRootsConfig to CaTlsConfig

Author: Frando

iroh-dns-server/benches/write.rs

@@ -4,7 +4,7 @@ use iroh::{
     address_lookup::pkarr::PkarrRelayClient,
     dns::DnsResolver,
     endpoint_info::EndpointInfo,
-    tls::{CaRootsConfig, default_provider},
+    tls::{CaTlsConfig, default_provider},
 };
 use iroh_dns_server::{Server, config::Config};
 use rand::RngExt;
@@ -29,7 +29,7 @@ fn benchmark_dns_server(c: &mut Criterion) {
                     let secret_key = SecretKey::from_bytes(&rng.random());
                     let endpoint_id = secret_key.public();
 
-                    let tls_config = CaRootsConfig::default()
+                    let tls_config = CaTlsConfig::default()
                         .client_config(default_provider())
                         .expect("infallible");
                     let pkarr_relay = LOCALHOST_PKARR.parse().expect("valid url");

iroh-dns-server/examples/publish.rs

@@ -10,7 +10,7 @@ use iroh::{
     },
     dns::DnsResolver,
     endpoint_info::EndpointInfo,
-    tls::{CaRootsConfig, default_provider},
+    tls::{CaTlsConfig, default_provider},
 };
 use iroh_dns::IROH_TXT_NAME;
 use n0_error::{Result, StackResultExt};
@@ -105,7 +105,7 @@ async fn main() -> Result<()> {
     println!();
     println!("publish to {pkarr_relay_url} ...");
 
-    let tls_config = CaRootsConfig::default()
+    let tls_config = CaTlsConfig::default()
         .client_config(default_provider())
         .expect("infallible");
     let pkarr = PkarrRelayClient::new(pkarr_relay_url, tls_config, DnsResolver::default());

iroh-dns-server/src/http.rs

@@ -319,7 +319,7 @@ mod tests {
         RelayUrl, SecretKey,
         address_lookup::{EndpointInfo, PkarrRelayClient},
         dns::DnsResolver,
-        tls::{CaRootsConfig, default_provider},
+        tls::{CaTlsConfig, default_provider},
     };
     use n0_error::StdResultExt;
     use n0_tracing_test::traced_test;
@@ -357,7 +357,7 @@ mod tests {
         };
 
         let http_url = server.http_url().expect("http is bound");
-        let tls_config = CaRootsConfig::default()
+        let tls_config = CaTlsConfig::default()
             .client_config(default_provider())
             .expect("infallible");
         let pkarr = PkarrRelayClient::new(

iroh-dns-server/src/lib.rs

@@ -47,7 +47,7 @@ mod tests {
         address_lookup::PkarrRelayClient,
         dns::DnsResolver,
         endpoint_info::EndpointInfo,
-        tls::{CaRootsConfig, default_provider},
+        tls::{CaTlsConfig, default_provider},
     };
     use iroh_dns::pkarr::SignedPacket;
     use mainline::{DhtBuilder, MutableItem, Testnet};
@@ -151,7 +151,7 @@ mod tests {
         let signed_packet = SignedPacket::from_bytes(&raw).anyerr()?;
 
         // Publish via relay
-        let tls_config = CaRootsConfig::default()
+        let tls_config = CaTlsConfig::default()
             .client_config(default_provider())
             .expect("infallible");
         let pkarr_client =
@@ -220,7 +220,7 @@ mod tests {
 
         let secret_key = SecretKey::from_bytes(&rng.random());
         let endpoint_id = secret_key.public();
-        let tls_config = CaRootsConfig::default()
+        let tls_config = CaTlsConfig::default()
             .client_config(default_provider())
             .expect("infallible");
         let pkarr = PkarrRelayClient::new(pkarr_relay, tls_config, DnsResolver::default());

iroh-relay/README.md

@@ -74,7 +74,7 @@ iroh = { version = "0.95", features = ["test-utils"] }
 ```
 - Spawn a relay server by calling [`iroh::test_utils::run_relay_server().await`](https://docs.rs/iroh/latest/iroh/test_utils/fn.run_relay_server.html)
 This will start a relay server with a self-signed TLS certificate, listening on a localhost port, and return the server's URL.
-- For the iroh endpoints to successfully connect to the relay, disable TLS certificate verification by calling [`Endpoint::ca_roots_config`](https://docs.rs/iroh/latest/iroh/endpoint/struct.Builder.html#method.ca_roots_config) with  `CaRootConfig::insecure_skip_verify()`.
+- For the iroh endpoints to successfully connect to the relay, disable TLS certificate verification by calling [`Endpoint::ca_tls_config`](https://docs.rs/iroh/latest/iroh/endpoint/struct.Builder.html#method.ca_tls_config) with  `CaRootConfig::insecure_skip_verify()`.
 
 # License
 

iroh-relay/src/client.rs

@@ -188,22 +188,22 @@ impl ClientBuilder {
     /// This is a required option.
     ///
     /// You can construct a [`rustls::ClientConfig`] by combining a [`rustls::crypto::CryptoProvider`]
-    /// with a [`tls::CaRootsConfig`] using [`tls::CaRootsConfig::client_config`], for example:
+    /// with a [`tls::CaTlsConfig`] using [`tls::CaTlsConfig::client_config`], for example:
     ///
     /// ```no_run
     /// use std::sync::Arc;
     ///
-    /// use iroh_relay::tls::CaRootsConfig;
+    /// use iroh_relay::tls::CaTlsConfig;
     ///
     /// let crypto_provider: rustls::crypto::CryptoProvider = todo!();
-    /// let client_config = CaRootsConfig::default().client_config(Arc::new(crypto_provider));
+    /// let client_config = CaTlsConfig::default().client_config(Arc::new(crypto_provider));
     /// ```
     ///
     /// If you enable the tls-ring or tls-aws-lc-rs feature, you can use the enabled crypto provider
     /// by using [`tls::default_provider`].
     ///
-    /// [`tls::CaRootsConfig`]: crate::tls::CaRootsConfig
-    /// [`tls::CaRootsConfig::client_config`]: crate::tls::CaRootsConfig::client_config
+    /// [`tls::CaTlsConfig`]: crate::tls::CaTlsConfig
+    /// [`tls::CaTlsConfig::client_config`]: crate::tls::CaTlsConfig::client_config
     /// [`tls::default_provider`]: crate::tls::default_provider
     pub fn tls_client_config(mut self, tls_config: rustls::ClientConfig) -> Self {
         self.tls_config = Some(tls_config);

iroh-relay/src/server.rs

@@ -1177,7 +1177,7 @@ mod tests {
             handshake,
             relay::{ClientToRelayMsg, Datagrams, RelayToClientMsg},
         },
-        tls::{CaRootsConfig, default_provider},
+        tls::{CaTlsConfig, default_provider},
     };
 
     /// An [`AccessControl`] backed by a closure, for tests.
@@ -1314,7 +1314,7 @@ mod tests {
         let relay_url = format!("http://{}", server.http_addr().unwrap());
         let relay_url: RelayUrl = relay_url.parse()?;
 
-        let client_config = CaRootsConfig::default()
+        let client_config = CaTlsConfig::default()
             .client_config(default_provider())
             .unwrap();
 
@@ -1379,7 +1379,7 @@ mod tests {
         let current_span = tracing::info_span!("this is a test");
         let _guard = current_span.enter();
 
-        let client_config = CaRootsConfig::default()
+        let client_config = CaTlsConfig::default()
             .client_config(default_provider())
             .unwrap();
 
@@ -1468,7 +1468,7 @@ mod tests {
         const TOKEN: &str = "secret-token";
 
         let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(0u64);
-        let client_config = CaRootsConfig::default()
+        let client_config = CaTlsConfig::default()
             .client_config(default_provider())
             .unwrap();
 
@@ -1535,7 +1535,7 @@ mod tests {
         let relay_url = format!("http://{}", server.http_addr().unwrap());
         let relay_url: RelayUrl = relay_url.parse().unwrap();
 
-        let client_config = CaRootsConfig::default()
+        let client_config = CaTlsConfig::default()
             .client_config(default_provider())
             .unwrap();
 

iroh-relay/src/server/http_server.rs

@@ -1197,7 +1197,7 @@ mod tests {
     use crate::{
         client::{Client, ClientBuilder, ConnectError, conn::Conn},
         protos::relay::{ClientToRelayMsg, Datagrams, RelayToClientMsg},
-        tls::{CaRootsConfig, default_provider},
+        tls::{CaTlsConfig, default_provider},
     };
 
     pub(crate) fn make_tls_config() -> TlsConfig {
@@ -1303,7 +1303,7 @@ mod tests {
     ) -> Result<(PublicKey, Client), ConnectError> {
         let public_key = key.public();
         let client = ClientBuilder::new(server_url, key, DnsResolver::new()).tls_client_config(
-            CaRootsConfig::insecure_skip_verify()
+            CaTlsConfig::insecure_skip_verify()
                 .client_config(default_provider())
                 .expect("infallible"),
         );

iroh-relay/src/tls.rs

@@ -19,7 +19,7 @@ use webpki_types::CertificateDer;
 /// CAs don't need to be trusted for the integrity or authenticity of native
 /// iroh connections, which rely on iroh's own cryptographic authentication mechanisms.
 #[derive(Debug, Clone)]
-pub struct CaRootsConfig {
+pub struct CaTlsConfig {
     mode: Mode,
     extra_roots: Vec<CertificateDer<'static>>,
 }
@@ -54,7 +54,7 @@ enum Mode {
     },
 }
 
-impl Default for CaRootsConfig {
+impl Default for CaTlsConfig {
     fn default() -> Self {
         Self {
             mode: Mode::EmbeddedWebPki,
@@ -63,7 +63,7 @@ impl Default for CaRootsConfig {
     }
 }
 
-impl CaRootsConfig {
+impl CaTlsConfig {
     /// Uses the operating system's certificate facilities for verifying the validity of TLS certificates.
     ///
     /// See [`rustls_platform_verifier`] for details how trust anchors are retrieved on different platforms.
@@ -107,7 +107,7 @@ impl CaRootsConfig {
         }
     }
 
-    /// Creates a [`CaRootsConfig`] that uses a callback function to create a [`ServerCertVerifier`].
+    /// Creates a [`CaTlsConfig`] that uses a callback function to create a [`ServerCertVerifier`].
     ///
     /// This is an advanced feature and you should only use this if none of the other constructor
     /// functions cover your needs. Wrongly implementing the callback may lead to insecure connections
@@ -121,13 +121,13 @@ impl CaRootsConfig {
     ///
     /// ```rust
     /// # use std::{io, sync::Arc};
-    /// # use iroh_relay::tls::CaRootsConfig;
+    /// # use iroh_relay::tls::CaTlsConfig;
     /// # use rustls::client::WebPkiServerVerifier;
     /// let root_store = Arc::new(rustls::RootCertStore {
     ///     roots: webpki_roots::TLS_SERVER_ROOTS.to_vec(),
     /// });
-    /// let ca_roots_config =
-    ///     CaRootsConfig::custom_server_cert_verifier(Arc::new(move |crypto_provider| {
+    /// let ca_tls_config =
+    ///     CaTlsConfig::custom_server_cert_verifier(Arc::new(move |crypto_provider| {
     ///         let mut root_store = rustls::RootCertStore {
     ///             roots: webpki_roots::TLS_SERVER_ROOTS.to_vec(),
     ///         };

iroh-relay/tests/relay_axum.rs

@@ -39,7 +39,7 @@ use iroh_relay::{
         AllowAll, ClientRequest, DynAccessControl, Metrics, client::Config, clients::Clients,
         streams::RelayedStream,
     },
-    tls::{CaRootsConfig, default_provider},
+    tls::{CaTlsConfig, default_provider},
 };
 use n0_error::{AnyError, Result, StdResultExt};
 use n0_future::{Sink, Stream, task::AbortOnDropHandle};
@@ -217,7 +217,7 @@ async fn relay_embed_axum() -> Result<()> {
     // Connect a relay client to `/relay` on the same axum-fronted port.
     let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(0u64);
     let relay_url: RelayUrl = format!("http://{addr}").parse()?;
-    let tls_config = CaRootsConfig::default().client_config(default_provider())?;
+    let tls_config = CaTlsConfig::default().client_config(default_provider())?;
     tokio::time::timeout(
         Duration::from_secs(5),
         ClientBuilder::new(