actix · robjtede · Oct 20, 2021 · Oct 20, 2021 · Oct 20, 2021
diff --git a/actix-tls/CHANGES.md b/actix-tls/CHANGES.md
@@ -3,6 +3,13 @@
 ## Unreleased - 2021-xx-xx
 
 
+## 3.0.0-beta.7 - 2021-10-20
+* Add `webpki_roots_cert_store()` to get rustls compatible webpki roots cert store. [#401]
+* Alias `connect::ssl` to `connect::tls`. [#401]
+
+[#401]: https://github.com/actix/actix-net/pull/401
+
+
 ## 3.0.0-beta.6 - 2021-10-19
 * Update `tokio-rustls` to `0.23` which uses `rustls` `0.20`. [#396]
 * Removed a re-export of `Session` from `rustls` as it no longer exist. [#396]

diff --git a/actix-tls/Cargo.toml b/actix-tls/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "actix-tls"
-version = "3.0.0-beta.6"
+version = "3.0.0-beta.7"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "TLS acceptor and connector services for Actix ecosystem"
 keywords = ["network", "tls", "ssl", "async", "transport"]
@@ -55,7 +55,7 @@ tokio-openssl = { version = "0.6", optional = true }
 
 # rustls
 tokio-rustls = { version = "0.23", optional = true }
-webpki-roots = { version = "0.21", optional = true }
+webpki-roots = { version = "0.22", optional = true }
 
 # native-tls
 tokio-native-tls = { version = "0.3", optional = true }
@@ -64,7 +64,7 @@ tokio-native-tls = { version = "0.3", optional = true }
 actix-rt = "2.2.0"
 actix-server = "2.0.0-beta.6"
 bytes = "1"
-env_logger = "0.8"
+env_logger = "0.9"
 futures-util = { version = "0.3.7", default-features = false, features = ["sink"] }
 log = "0.4"
 rustls-pemfile = "0.2.1"

diff --git a/actix-tls/src/connect/mod.rs b/actix-tls/src/connect/mod.rs
@@ -21,7 +21,9 @@ mod connector;
 mod error;
 mod resolve;
 mod service;
-pub mod ssl;
+pub mod tls;
+#[doc(hidden)]
+pub use tls as ssl;
 #[cfg(feature = "uri")]
 mod uri;
 

diff --git a/actix-tls/src/connect/ssl/mod.rs → actix-tls/src/connect/tls/mod.rs b/actix-tls/src/connect/ssl/mod.rs → actix-tls/src/connect/tls/mod.rs
@@ -1,4 +1,4 @@
-//! SSL Services
+//! TLS Services
 
 #[cfg(feature = "openssl")]
 pub mod openssl;

diff --git a/actix-tls/src/connect/ssl/native_tls.rs → actix-tls/src/connect/tls/native_tls.rs b/actix-tls/src/connect/ssl/native_tls.rs → actix-tls/src/connect/tls/native_tls.rs
diff --git a/actix-tls/src/connect/ssl/openssl.rs → actix-tls/src/connect/tls/openssl.rs b/actix-tls/src/connect/ssl/openssl.rs → actix-tls/src/connect/tls/openssl.rs
diff --git a/actix-tls/src/connect/ssl/rustls.rs → actix-tls/src/connect/tls/rustls.rs b/actix-tls/src/connect/ssl/rustls.rs → actix-tls/src/connect/tls/rustls.rs
@@ -14,11 +14,26 @@ use actix_rt::net::ActixStream;
 use actix_service::{Service, ServiceFactory};
 use futures_core::{future::LocalBoxFuture, ready};
 use log::trace;
-use tokio_rustls::rustls::client::ServerName;
+use tokio_rustls::rustls::{client::ServerName, OwnedTrustAnchor, RootCertStore};
 use tokio_rustls::{Connect, TlsConnector};
 
 use crate::connect::{Address, Connection};
 
+/// Returns standard root certificates from `webpki-roots` crate as a rustls certificate store.
+pub fn webpki_roots_cert_store() -> RootCertStore {
+    let mut root_certs = RootCertStore::empty();
+    for cert in TLS_SERVER_ROOTS.0 {
+        let cert = OwnedTrustAnchor::from_subject_spki_name_constraints(
+            cert.subject,
+            cert.spki,
+            cert.name_constraints,
+        );
+        let certs = vec![cert].into_iter();
+        root_certs.add_server_trust_anchors(certs);
+    }
+    root_certs
+}
+
 /// Rustls connector factory
 pub struct RustlsConnector {
     connector: Arc<ClientConfig>,