diff --git a/Cargo.toml b/Cargo.toml index ec5961e..1e30ee5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,7 +31,7 @@ futures-util = { version = "0.3", default-features = false, features = ["sink", tokio = { version = "1.0.0", default-features = false, features = ["io-util"] } [dependencies.tungstenite] -version = "0.15.0" +version = "0.16.0" default-features = false [dependencies.native-tls-crate] @@ -41,11 +41,11 @@ version = "0.2.7" [dependencies.rustls] optional = true -version = "0.19.0" +version = "0.20.0" [dependencies.rustls-native-certs] optional = true -version = "0.5.0" +version = "0.6.1" [dependencies.tokio-native-tls] optional = true @@ -53,15 +53,15 @@ version = "0.3.0" [dependencies.tokio-rustls] optional = true -version = "0.22.0" +version = "0.23.0" [dependencies.webpki] optional = true -version = "0.21.4" +version = "0.22.0" [dependencies.webpki-roots] optional = true -version = "0.21.0" +version = "0.22.1" [dev-dependencies] futures-channel = "0.3" diff --git a/src/lib.rs b/src/lib.rs index 2110383..35d4777 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -226,7 +226,7 @@ impl WebSocketStream { { trace!("{}:{} WebSocketStream.with_context", file!(), line!()); if let Some((kind, ctx)) = ctx { - self.inner.get_mut().set_waker(kind, &ctx.waker()); + self.inner.get_mut().set_waker(kind, ctx.waker()); } f(&mut self.inner) } @@ -236,7 +236,7 @@ impl WebSocketStream { where S: AsyncRead + AsyncWrite + Unpin, { - &self.inner.get_ref().get_ref() + self.inner.get_ref().get_ref() } /// Returns a mutable reference to the inner stream. diff --git a/src/tls.rs b/src/tls.rs index 50436d3..41f3cb4 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -64,9 +64,10 @@ mod encryption { #[cfg(feature = "__rustls-tls")] pub mod rustls { pub use rustls::ClientConfig; - use tokio_rustls::{webpki::DNSNameRef, TlsConnector as TokioTlsConnector}; + use rustls::{RootCertStore, ServerName}; + use tokio_rustls::TlsConnector as TokioTlsConnector; - use std::sync::Arc; + use std::{convert::TryFrom, sync::Arc}; use tokio::io::{AsyncRead, AsyncWrite}; use tungstenite::{error::TlsError, stream::Mode, Error}; @@ -89,23 +90,38 @@ mod encryption { Some(config) => config, None => { #[allow(unused_mut)] - let mut config = ClientConfig::new(); + let mut root_store = RootCertStore::empty(); #[cfg(feature = "rustls-tls-native-roots")] { - config.root_store = rustls_native_certs::load_native_certs() - .map_err(|(_, err)| err)?; + for cert in rustls_native_certs::load_native_certs()? { + root_store + .add(&rustls::Certificate(cert.0)) + .map_err(TlsError::Webpki)?; + } } #[cfg(feature = "rustls-tls-webpki-roots")] { - config - .root_store - .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + root_store.add_server_trust_anchors( + webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| { + rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( + ta.subject, + ta.spki, + ta.name_constraints, + ) + }) + ); } - Arc::new(config) + Arc::new( + ClientConfig::builder() + .with_safe_defaults() + .with_root_certificates(root_store) + .with_no_client_auth(), + ) } }; - let domain = DNSNameRef::try_from_ascii_str(&domain).map_err(TlsError::Dns)?; + let domain = ServerName::try_from(domain.as_str()) + .map_err(|_| TlsError::InvalidDnsName)?; let stream = TokioTlsConnector::from(config); let connected = stream.connect(domain, socket).await; @@ -177,7 +193,7 @@ where let domain = crate::domain(&request)?; // Make sure we check domain and mode first. URL must be valid. - let mode = uri_mode(&request.uri())?; + let mode = uri_mode(request.uri())?; let stream = match connector { Some(conn) => match conn {