kbs_protocol: use rusttls when rust-crypto feature is enabled

reqwest uses the platform's native TLS stack by default, also when rusttls is enabled. Force reqwest Client to use rustls TLS stack when rust-crypto feature is enabled. This is what users most likely expect to get. Signed-off-by: Mikko Ylinen <[email protected]>
confidential-containers · Aug 3, 2023 · a86a7ea · a86a7ea
1 parent 562f1af
commit a86a7ea
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/attestation-agent/kbs_protocol/src/lib.rs b/attestation-agent/kbs_protocol/src/lib.rs
@@ -285,6 +285,10 @@ fn build_http_client(kbs_root_certs_pem: Vec<String>) -> Result<reqwest::Client>
         client_builder = client_builder.add_root_certificate(cert);
     }
 
+    if cfg!(feature = "rust-crypto") {
+        client_builder = client_builder.use_rustls_tls();
+    }
+
     client_builder
         .build()
         .map_err(|e| anyhow!("Build KBS http client failed: {:?}", e))