Skip to content

Commit

Permalink
Merge pull request #198 from dnaka91/rustls-0.20
Browse files Browse the repository at this point in the history 
Upgrade to rustls 0.20
  • Loading branch information
@daniel-abramov
daniel-abramov committed Nov 15, 2021
2 parents b40114e + ec14883 commit 7a520c2
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 19 deletions.
12 changes: 6 additions & 6 deletions Cargo.toml
View file
Expand Up @@ -31,7 +31,7 @@ futures-util = { version = "0.3", default-features = false, features = ["sink",
tokio = { version = "1.0.0", default-features = false, features = ["io-util"] }

[dependencies.tungstenite]
version = "0.15.0"
version = "0.16.0"
default-features = false

[dependencies.native-tls-crate]
Expand All @@ -41,27 +41,27 @@ version = "0.2.7"

[dependencies.rustls]
optional = true
version = "0.19.0"
version = "0.20.0"

[dependencies.rustls-native-certs]
optional = true
version = "0.5.0"
version = "0.6.1"

[dependencies.tokio-native-tls]
optional = true
version = "0.3.0"

[dependencies.tokio-rustls]
optional = true
version = "0.22.0"
version = "0.23.0"

[dependencies.webpki]
optional = true
version = "0.21.4"
version = "0.22.0"

[dependencies.webpki-roots]
optional = true
version = "0.21.0"
version = "0.22.1"

[dev-dependencies]
futures-channel = "0.3"
Expand Down
4 changes: 2 additions & 2 deletions src/lib.rs
View file
Expand Up @@ -226,7 +226,7 @@ impl<S> WebSocketStream<S> {
{
trace!("{}:{} WebSocketStream.with_context", file!(), line!());
if let Some((kind, ctx)) = ctx {
self.inner.get_mut().set_waker(kind, &ctx.waker());
self.inner.get_mut().set_waker(kind, ctx.waker());
}
f(&mut self.inner)
}
Expand All @@ -236,7 +236,7 @@ impl<S> WebSocketStream<S> {
where
S: AsyncRead + AsyncWrite + Unpin,
{
&self.inner.get_ref().get_ref()
self.inner.get_ref().get_ref()
}

/// Returns a mutable reference to the inner stream.
Expand Down
38 changes: 27 additions & 11 deletions src/tls.rs
View file
Expand Up @@ -64,9 +64,10 @@ mod encryption {
#[cfg(feature = "__rustls-tls")]
pub mod rustls {
pub use rustls::ClientConfig;
use tokio_rustls::{webpki::DNSNameRef, TlsConnector as TokioTlsConnector};
use rustls::{RootCertStore, ServerName};
use tokio_rustls::TlsConnector as TokioTlsConnector;

use std::sync::Arc;
use std::{convert::TryFrom, sync::Arc};
use tokio::io::{AsyncRead, AsyncWrite};

use tungstenite::{error::TlsError, stream::Mode, Error};
Expand All @@ -89,23 +90,38 @@ mod encryption {
Some(config) => config,
None => {
#[allow(unused_mut)]
let mut config = ClientConfig::new();
let mut root_store = RootCertStore::empty();
#[cfg(feature = "rustls-tls-native-roots")]
{
config.root_store = rustls_native_certs::load_native_certs()
.map_err(|(_, err)| err)?;
for cert in rustls_native_certs::load_native_certs()? {
root_store
.add(&rustls::Certificate(cert.0))
.map_err(TlsError::Webpki)?;
}
}
#[cfg(feature = "rustls-tls-webpki-roots")]
{
config
.root_store
.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
root_store.add_server_trust_anchors(
webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
ta.subject,
ta.spki,
ta.name_constraints,
)
})
);
}

Arc::new(config)
Arc::new(
ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(root_store)
.with_no_client_auth(),
)
}
};
let domain = DNSNameRef::try_from_ascii_str(&domain).map_err(TlsError::Dns)?;
let domain = ServerName::try_from(domain.as_str())
.map_err(|_| TlsError::InvalidDnsName)?;
let stream = TokioTlsConnector::from(config);
let connected = stream.connect(domain, socket).await;

Expand Down Expand Up @@ -177,7 +193,7 @@ where
let domain = crate::domain(&request)?;

// Make sure we check domain and mode first. URL must be valid.
let mode = uri_mode(&request.uri())?;
let mode = uri_mode(request.uri())?;

let stream = match connector {
Some(conn) => match conn {
Expand Down

0 comments on commit 7a520c2

Please sign in to comment.