Upgrade to rustls 0.20

Cargo.toml

@@ -31,7 +31,7 @@ futures-util = { version = "0.3", default-features = false, features = ["sink",
 tokio = { version = "1.0.0", default-features = false, features = ["io-util"] }
 
 [dependencies.tungstenite]
-version = "0.15.0"
+version = "0.16.0"
 default-features = false
 
 [dependencies.native-tls-crate]
@@ -41,27 +41,27 @@ version = "0.2.7"
 
 [dependencies.rustls]
 optional = true
-version = "0.19.0"
+version = "0.20.0"
 
 [dependencies.rustls-native-certs]
 optional = true
-version = "0.5.0"
+version = "0.6.1"
 
 [dependencies.tokio-native-tls]
 optional = true
 version = "0.3.0"
 
 [dependencies.tokio-rustls]
 optional = true
-version = "0.22.0"
+version = "0.23.0"
 
 [dependencies.webpki]
 optional = true
-version = "0.21.4"
+version = "0.22.0"
 
 [dependencies.webpki-roots]
 optional = true
-version = "0.21.0"
+version = "0.22.1"
 
 [dev-dependencies]
 futures-channel = "0.3"

src/lib.rs

@@ -226,7 +226,7 @@ impl<S> WebSocketStream<S> {
     {
         trace!("{}:{} WebSocketStream.with_context", file!(), line!());
         if let Some((kind, ctx)) = ctx {
-            self.inner.get_mut().set_waker(kind, &ctx.waker());
+            self.inner.get_mut().set_waker(kind, ctx.waker());
         }
         f(&mut self.inner)
     }
@@ -236,7 +236,7 @@ impl<S> WebSocketStream<S> {
     where
         S: AsyncRead + AsyncWrite + Unpin,
     {
-        &self.inner.get_ref().get_ref()
+        self.inner.get_ref().get_ref()
     }
 
     /// Returns a mutable reference to the inner stream.

src/tls.rs

@@ -64,9 +64,10 @@ mod encryption {
     #[cfg(feature = "__rustls-tls")]
     pub mod rustls {
         pub use rustls::ClientConfig;
-        use tokio_rustls::{webpki::DNSNameRef, TlsConnector as TokioTlsConnector};
+        use rustls::{RootCertStore, ServerName};
+        use tokio_rustls::TlsConnector as TokioTlsConnector;
 
-        use std::sync::Arc;
+        use std::{convert::TryFrom, sync::Arc};
         use tokio::io::{AsyncRead, AsyncWrite};
 
         use tungstenite::{error::TlsError, stream::Mode, Error};
@@ -89,23 +90,38 @@ mod encryption {
                         Some(config) => config,
                         None => {
                             #[allow(unused_mut)]
-                            let mut config = ClientConfig::new();
+                            let mut root_store = RootCertStore::empty();
                             #[cfg(feature = "rustls-tls-native-roots")]
                             {
-                                config.root_store = rustls_native_certs::load_native_certs()
-                                    .map_err(|(_, err)| err)?;
+                                for cert in rustls_native_certs::load_native_certs()? {
+                                    root_store
+                                        .add(&rustls::Certificate(cert.0))
+                                        .map_err(TlsError::Webpki)?;
+                                }
                             }
                             #[cfg(feature = "rustls-tls-webpki-roots")]
                             {
-                                config
-                                    .root_store
-                                    .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
+                                root_store.add_server_trust_anchors(
+                                    webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
+                                        rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
+                                            ta.subject,
+                                            ta.spki,
+                                            ta.name_constraints,
+                                        )
+                                    })
+                                );
                             }
 
-                            Arc::new(config)
+                            Arc::new(
+                                ClientConfig::builder()
+                                    .with_safe_defaults()
+                                    .with_root_certificates(root_store)
+                                    .with_no_client_auth(),
+                            )
                         }
                     };
-                    let domain = DNSNameRef::try_from_ascii_str(&domain).map_err(TlsError::Dns)?;
+                    let domain = ServerName::try_from(domain.as_str())
+                        .map_err(|_| TlsError::InvalidDnsName)?;
                     let stream = TokioTlsConnector::from(config);
                     let connected = stream.connect(domain, socket).await;
 
@@ -177,7 +193,7 @@ where
     let domain = crate::domain(&request)?;
 
     // Make sure we check domain and mode first. URL must be valid.
-    let mode = uri_mode(&request.uri())?;
+    let mode = uri_mode(request.uri())?;
 
     let stream = match connector {
         Some(conn) => match conn {