From 7b2cf20a101c834513d1b2345de2afc48b28ec8d Mon Sep 17 00:00:00 2001 From: Constantin Nickel Date: Tue, 5 Dec 2023 12:09:37 +0100 Subject: [PATCH] Update `rustls` to 0.22 and `tokio-rustls` to 0.25 --- Cargo.toml | 12 ++++++++---- src/tls.rs | 23 +++++++---------------- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 7f06fe3..f9c592f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,7 +24,7 @@ native-tls = ["native-tls-crate", "tokio-native-tls", "stream", "tungstenite/nat native-tls-vendored = ["native-tls", "native-tls-crate/vendored", "tungstenite/native-tls-vendored"] rustls-tls-native-roots = ["__rustls-tls", "rustls-native-certs"] rustls-tls-webpki-roots = ["__rustls-tls", "webpki-roots"] -__rustls-tls = ["rustls", "tokio-rustls", "stream", "tungstenite/__rustls-tls", "handshake"] +__rustls-tls = ["rustls", "rustls-pki-types", "tokio-rustls", "stream", "tungstenite/__rustls-tls", "handshake"] stream = [] [dependencies] @@ -43,11 +43,15 @@ version = "0.2.11" [dependencies.rustls] optional = true -version = "0.21.6" +version = "0.22.0" + +[dependencies.rustls-pki-types] +optional = true +version = "1.0" [dependencies.rustls-native-certs] optional = true -version = "0.6.2" +version = "0.7.0" [dependencies.tokio-native-tls] optional = true @@ -55,7 +59,7 @@ version = "0.3.1" [dependencies.tokio-rustls] optional = true -version = "0.24.1" +version = "0.25.0" [dependencies.webpki-roots] optional = true diff --git a/src/tls.rs b/src/tls.rs index 5609e6e..7fe7329 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -65,7 +65,8 @@ mod encryption { #[cfg(feature = "__rustls-tls")] pub mod rustls { pub use rustls::ClientConfig; - use rustls::{RootCertStore, ServerName}; + use rustls::RootCertStore; + use rustls_pki_types::ServerName; use tokio_rustls::TlsConnector as TokioTlsConnector; use std::{convert::TryFrom, sync::Arc}; @@ -95,36 +96,26 @@ mod encryption { #[cfg(feature = "rustls-tls-native-roots")] { let native_certs = rustls_native_certs::load_native_certs()?; - let der_certs: Vec> = - native_certs.into_iter().map(|cert| cert.0).collect(); - let total_number = der_certs.len(); + let total_number = native_certs.len(); let (number_added, number_ignored) = - root_store.add_parsable_certificates(&der_certs); + root_store.add_parsable_certificates(native_certs); log::debug!("Added {number_added}/{total_number} native root certificates (ignored {number_ignored})"); } #[cfg(feature = "rustls-tls-webpki-roots")] { - root_store.add_trust_anchors( - webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| { - rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject.as_ref(), - ta.subject_public_key_info.as_ref(), - ta.name_constraints.as_deref(), - ) - }) - ); + root_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned()); } Arc::new( ClientConfig::builder() - .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(), ) } }; let domain = ServerName::try_from(domain.as_str()) - .map_err(|_| TlsError::InvalidDnsName)?; + .map_err(|_| TlsError::InvalidDnsName)? + .to_owned(); let stream = TokioTlsConnector::from(config); let connected = stream.connect(domain, socket).await;