[bitreq] Bitreq client builder

[APonce911]

Summary

This PR addresses issue #473 by creating a Client Builder able to receive custom root certificates at runtime.
The ClientBuilder requires the same features as Client (async-https-rustls).

Changes

• Add Client Builder pattern.
• Creates Certificates wrapper module
• Append certificate using with_root_certificate builder method.
• Include example.

[tcharding]

Holla if you want/need any review mate. Otherwise, for me at least, while there are WIP commits I'll assume you are happily working on it still.

[tcharding]

Holla at me also if you want me to kick CI into action for you. Once you have a patch merged CI will run automatically. You could just do a basic fix somewhere else in the repo if this is going to be long running work.

[APonce911]

Thanks @tcharding. My idea with this draft was to give a bit of visibility of where we're at and to guarantee that the solution is in the right path. No formal code review is needed yet.

Thanks for the tip about the CI, so far it's ok not to run.

[APonce911]

same as wrap_async_stream but with additional parameter custom_client_config

[APonce911]

@tcharding hey mate, can you please run the CI once? It's ready for review.

[TheBlueMatt]

Obv needs docs, but at a high level looks good to me.

[TheBlueMatt]

Its pretty awkward that we don't error here but then just ignore certs silently. IMO we kinda need to actually make this fallible, store a root cert store in ClientConfig, and pass that around instead. We'll have to have an abstract root cert store in rustls_stream (or somewhere), but that should be pretty straightforward.

[APonce911]

@TheBlueMatt makes sense. Will work on that tomorrow! Thanks

[APonce911]

@TheBlueMatt updated the PR with your suggestion. I moved the new certificates logic to a new module. We still have lots of stuff in the rustls_stream module, but I thought refactoring that would make this PR too large.

[TheBlueMatt]

This still looks like its currently infallible and not parsing the cert? We should validate the cert here.

[APonce911]

Hi @TheBlueMatt. Currently the method is fallible, it panics on expect() if certificate appending fails. However, I intentionally kept the return type as Self (not Result<Self, Error>) to maintain fluent builder chaining without requiring callers to handle Result at every step. Would you prefer that I return Result<Self, Error> here?

About parsing, I don't know if I understand you're question well, I'm sorry. But we're currently parsing it on the new Certificates module. I tried to keep this Client interface simple and more details about certificate management inside this module.

https://github.com/rust-bitcoin/corepc/pull/502/changes#diff-4501e006f554583aacf6f0039d2c12e149a90447ec1af22f3c68d74820932c5fR28

[tcharding]

Just an FYI, you can use just to run build commands in this repo mate.

https://github.com/casey/just

[DanGould]

Great start here that's gonna solve a real problem for me. Saw something that's nice to have when we're dealing with loose types. Use cert_der: Vec<u8> if the type signature expects DER encoding please

[DanGould]

Since this is just a Vec<u8> tell me what format you're expecting input both in the param name and docstring

Suggested change

	pub(crate) fn new(certificate: Option<&Vec<u8>>) -> Result<Self, Error> {
	/// Pass a new certificate in DER [?] format
	pub(crate) fn new(certificate_der: Option<&Vec<u8>>) -> Result<Self, Error> {

[APonce911]

@DanGould Great catch. Yes, you're correct. We must receive a DER encoded certificate.
I've updated the variable to cert_der to give more clarity. About the doc, I've written on the Client class since it's public.

https://github.com/rust-bitcoin/corepc/pull/502/changes#diff-21f18a8053f4d7bce98cbe0c84adc7e943caf49c0a245be26096be8ce461ae64R100-R127

What do you think?

[TheBlueMatt]

We need support for native-tls, too.

[TheBlueMatt]

This still looks like its currently infallible and not parsing the cert? We should validate the cert here.