wip

src/transport/smtp/client/tls/boring_tls.rs

@@ -24,14 +24,14 @@ impl Debug for Certificate {
 #[derive(Clone)]
 pub struct Identity {
     pub(super) chain: boring::x509::X509,
-    pub(super) key: PKey<boring::pkey::Private>,
+    pub(super) key: boring::pkey::PKey<boring::pkey::Private>,
 }
 
 impl Identity {
     pub fn from_pem(pem: &[u8], key: &[u8]) -> Result<Self, Error> {
-        let cert = boring::x509::X509::from_pem(pem).map_err(error::tls)?;
+        let chain = boring::x509::X509::from_pem(pem).map_err(error::tls)?;
         let key = boring::pkey::PKey::private_key_from_pem(key).map_err(error::tls)?;
-        Ok(Self { cert, key })
+        Ok(Self { chain, key })
     }
 }
 

src/transport/smtp/client/tls/deprecated.rs

@@ -4,7 +4,6 @@ use std::sync::Arc;
 
 #[cfg(feature = "boring-tls")]
 use boring::{
-    pkey::PKey,
     ssl::{SslConnector, SslVersion},
     x509::store::X509StoreBuilder,
 };
@@ -441,16 +440,16 @@ impl TlsParametersBuilder {
             let cert_store = tls_builder.cert_store_mut();
 
             for cert in self.root_certs {
-                cert_store.add_cert(cert.boring_tls).map_err(error::tls)?;
+                cert_store.add_cert(cert.boring_tls.0).map_err(error::tls)?;
             }
         }
 
         if let Some(identity) = self.identity {
             tls_builder
-                .set_certificate(identity.boring_tls.0.as_ref())
+                .set_certificate(identity.boring_tls.chain.as_ref())
                 .map_err(error::tls)?;
             tls_builder
-                .set_private_key(identity.boring_tls.1.as_ref())
+                .set_private_key(identity.boring_tls.key.as_ref())
                 .map_err(error::tls)?;
         }
 

src/transport/smtp/client/tls/mod.rs

@@ -8,3 +8,58 @@ pub mod native_tls;
 #[cfg(feature = "rustls")]
 #[cfg_attr(docsrs, doc(cfg(feature = "rustls")))]
 pub mod rustls;
+
+pub trait TlsBackend: private::Sealed {
+    type Certificate;
+    type Identity;
+}
+
+#[cfg(feature = "boring-tls")]
+#[cfg_attr(docsrs, doc(cfg(feature = "boring-tls")))]
+#[non_exhaustive]
+pub struct BoringTls;
+
+#[cfg(feature = "boring-tls")]
+#[cfg_attr(docsrs, doc(cfg(feature = "boring-tls")))]
+impl TlsBackend for BoringTls {
+    type Certificate = self::boring_tls::Certificate;
+    type Identity = self::boring_tls::Identity;
+}
+
+#[cfg(feature = "native-tls")]
+#[cfg_attr(docsrs, doc(cfg(feature = "native-tls")))]
+#[non_exhaustive]
+pub struct NativeTls;
+
+#[cfg(feature = "native-tls")]
+#[cfg_attr(docsrs, doc(cfg(feature = "native-tls")))]
+impl TlsBackend for NativeTls {
+    type Certificate = self::native_tls::Certificate;
+    type Identity = self::native_tls::Identity;
+}
+
+#[cfg(feature = "rustls")]
+#[cfg_attr(docsrs, doc(cfg(feature = "rustls")))]
+#[non_exhaustive]
+pub struct Rustls;
+
+#[cfg(feature = "rustls")]
+#[cfg_attr(docsrs, doc(cfg(feature = "rustls")))]
+impl TlsBackend for Rustls {
+    type Certificate = self::rustls::Certificate;
+    type Identity = self::rustls::Identity;
+}
+
+mod private {
+    // FIXME: this should be `pub(super)` but the `private_bounds` lint doesn't like it
+    pub trait Sealed {}
+
+    #[cfg(feature = "boring-tls")]
+    impl Sealed for super::BoringTls {}
+
+    #[cfg(feature = "native-tls")]
+    impl Sealed for super::NativeTls {}
+
+    #[cfg(feature = "rustls")]
+    impl Sealed for super::Rustls {}
+}