Add crypto feature for ech

Cargo.toml

@@ -61,15 +61,19 @@ tokio-util = { version = "0.7.15", features = ["io"] }
 [target.'cfg(target_family = "unix")'.dependencies]
 tokio-fd = "0.3.0"
 
-[target.'cfg(all(any(target_os = "linux", target_os = "macos"), any(target_arch = "x86_64", target_arch = "aarch64")))'.dependencies]
-tokio-rustls = { version = "0.26.2", features = [] }
-rcgen = { version = "0.13.2", default-features = false, features = ["aws_lc_rs"] }
-hickory-resolver = { version = "0.25.2", features = ["tls-aws-lc-rs", "https-aws-lc-rs", "tokio", "rustls-platform-verifier"] }
+#[target.'cfg(all(any(target_os = "linux", target_os = "macos"), any(target_arch = "x86_64", target_arch = "aarch64")))'.dependencies]
+#tokio-rustls = { version = "0.26.2", features = [] }
+#rcgen = { version = "0.13.2", default-features = false, features = ["aws_lc_rs"] }
+#hickory-resolver = { version = "0.25.2", features = ["tls-aws-lc-rs", "https-aws-lc-rs", "tokio", "rustls-platform-verifier"] }
+#
+#[target.'cfg(not(all(any(target_os = "linux", target_os = "macos"), any(target_arch = "x86_64", target_arch = "aarch64"))))'.dependencies]
+#tokio-rustls = { version = "0.26.2", default-features = false, features = ["logging", "tls12", "ring"] }
+#rcgen = { version = "0.13.2", default-features = false, features = ["ring"] }
+#hickory-resolver = { version = "0.25.2", features = ["tls-ring", "https-ring", "tokio", "rustls-platform-verifier"] }
 
-[target.'cfg(not(all(any(target_os = "linux", target_os = "macos"), any(target_arch = "x86_64", target_arch = "aarch64"))))'.dependencies]
-tokio-rustls = { version = "0.26.2", default-features = false, features = ["logging", "tls12", "ring"] }
-rcgen = { version = "0.13.2", default-features = false, features = ["ring"] }
-hickory-resolver = { version = "0.25.2", features = ["tls-ring", "https-ring", "tokio", "rustls-platform-verifier"] }
+tokio-rustls = { version = "0.26.2", default-features = false, features = ["logging", "tls12"] }
+rcgen = { version = "0.13.2", default-features = false, features = [] }
+hickory-resolver = { version = "0.25.2", default-features = false, features = ["system-config", "tokio", "rustls-platform-verifier"] }
 
 [dev-dependencies]
 testcontainers = "0.24.0"
@@ -81,8 +85,10 @@ derive_more = { version = "2.0.1", features = ["from"] }
 get_if_addrs = "0.5.3"
 
 [features]
-# Implements clap::Subcommand on config::Client and config::Server
+default = ["aws-lc-rs"]
 clap = ["dep:clap"]
+aws-lc-rs = ["tokio-rustls/aws-lc-rs", "rcgen/aws_lc_rs", "hickory-resolver/tls-aws-lc-rs", "hickory-resolver/https-aws-lc-rs"]
+ring = ["tokio-rustls/ring", "rcgen/ring", "hickory-resolver/tls-ring", "hickory-resolver/https-ring"]
 
 [profile.release]
 lto = "fat"

src/protocols/dns/resolver.rs

@@ -4,8 +4,6 @@ use anyhow::{Context, anyhow};
 use futures_util::{FutureExt, TryFutureExt};
 use hickory_resolver::config::{LookupIpStrategy, NameServerConfig, ResolverConfig, ResolverOpts};
 use hickory_resolver::name_server::GenericConnector;
-use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue};
-use hickory_resolver::proto::rr::{RData, RecordType};
 use hickory_resolver::proto::runtime::iocompat::AsyncIoTokioAsStd;
 use hickory_resolver::proto::runtime::{RuntimeProvider, TokioHandle, TokioRuntimeProvider, TokioTime};
 use hickory_resolver::proto::xfer::Protocol;
@@ -18,7 +16,6 @@ use std::sync::Arc;
 use std::time::Duration;
 use tokio::net::{TcpStream, UdpSocket};
 use tokio_rustls::rustls::client::EchConfig;
-use tokio_rustls::rustls::pki_types::EchConfigListBytes;
 use url::{Host, Url};
 
 // Interleave v4 and v6 addresses as per RFC8305.
@@ -68,7 +65,18 @@ impl DnsResolver {
         Ok(addrs)
     }
 
+    #[cfg(not(feature = "aws-lc-rs"))]
+    pub async fn lookup_ech_config(&self, _domain: &Host) -> Result<Option<EchConfig>, ResolveError> {
+        Ok(None)
+    }
+
+    #[cfg(feature = "aws-lc-rs")]
     pub async fn lookup_ech_config(&self, domain: &Host) -> Result<Option<EchConfig>, ResolveError> {
+        use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue};
+        use hickory_resolver::proto::rr::{RData, RecordType};
+        use tokio_rustls::rustls::crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES;
+        use tokio_rustls::rustls::pki_types::EchConfigListBytes;
+
         let resolver = match self {
             DnsResolver::TrustDns { resolver, .. } => resolver,
             _ => {
@@ -81,7 +89,6 @@ impl DnsResolver {
             _ => return Ok(None),
         };
 
-        use tokio_rustls::rustls::crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES;
         let lookup = resolver.lookup(domain, RecordType::HTTPS).await?;
 
         let ech_config = lookup

wstunnel-cli/Cargo.toml

@@ -10,13 +10,15 @@ fdlimit = "0.3.0"
 tokio = { version = "1.45.0", features = ["full"] }
 tracing = { version = "0.1.41", features = ["log"] }
 tracing-subscriber = { version = "0.3.19", features = ["env-filter", "fmt", "local-time"] }
-wstunnel = { path = ".." , features = ["clap"] }
+wstunnel = { path = ".." , default-features = false, features = ["clap"] }
 
 tikv-jemallocator = {  version = "0.6", optional = true }
 
 [features]
-default = []
+default = ["aws-lc-rs"]
 jemalloc = ["dep:tikv-jemallocator"]
+aws-lc-rs = ["wstunnel/aws-lc-rs"]
+ring = ["wstunnel/ring"]
 
 [[bin]]
 name = "wstunnel"