Update `tokio-rustls` to 0.25 and `rustls-native-certs` to 0.7

2023-12-07 08:27:24 +01:00 · 2023-12-07 08:27:24 +01:00 · 2b1fa55927
parent b55f84ac18
commit 2b1fa55927
2 changed files with 13 additions and 21 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -29,7 +29,7 @@ tokio-rustls-native-certs = ["__rustls-tls", "rustls-native-certs"]
 tokio-openssl = ["tokio-runtime", "real-tokio-openssl", "openssl"]
 verbose-logging = []

-__rustls-tls = ["tokio-runtime", "real-tokio-rustls", "tungstenite/__rustls-tls"]
+__rustls-tls = ["tokio-runtime", "real-tokio-rustls", "rustls-pki-types", "tungstenite/__rustls-tls"]

 [package.metadata.docs.rs]
 features = ["async-std-runtime", "tokio-runtime", "gio-runtime", "async-tls", "async-native-tls", "tokio-native-tls"]
@ -84,12 +84,16 @@ package = "tokio-native-tls"

 [dependencies.real-tokio-rustls]
 optional = true
-version = "0.24"
+version = "0.25"
 package = "tokio-rustls"

+[dependencies.rustls-pki-types]
+optional = true
+version = "1.0.1"
+
 [dependencies.rustls-native-certs]
 optional = true
-version = "0.6"
+version = "0.7"

 [dependencies.webpki-roots]
 optional = true
--- a/src/tokio/rustls.rs
+++ b/src/tokio/rustls.rs
@ -1,5 +1,6 @@
-use real_tokio_rustls::rustls::{ClientConfig, RootCertStore, ServerName};
+use real_tokio_rustls::rustls::{ClientConfig, RootCertStore};
 use real_tokio_rustls::{client::TlsStream, TlsConnector};
+use rustls_pki_types::ServerName;

 use tungstenite::client::{uri_mode, IntoClientRequest};
 use tungstenite::error::TlsError;
@ -48,11 +49,9 @@ where
                    #[cfg(feature = "tokio-rustls-native-certs")]
                    {
                        let native_certs = rustls_native_certs::load_native_certs()?;
-                        let der_certs: Vec<Vec<u8>> =
-                            native_certs.into_iter().map(|cert| cert.0).collect();
-                        let total_number = der_certs.len();
+                        let total_number = native_certs.len();
                        let (number_added, number_ignored) =
-                            root_store.add_parsable_certificates(&der_certs);
+                            root_store.add_parsable_certificates(native_certs);
                        log::debug!("Added {number_added}/{total_number} native root certificates (ignored {number_ignored})");
                    }
                    #[cfg(all(
@ -61,26 +60,15 @@ where
                        not(feature = "tokio-rustls-manual-roots")
                    ))]
                    {
-                        use real_tokio_rustls::rustls::OwnedTrustAnchor;
-
-                        root_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(
-                            |ta| {
-                                OwnedTrustAnchor::from_subject_spki_name_constraints(
-                                    ta.subject.as_ref(),
-                                    ta.subject_public_key_info.as_ref(),
-                                    ta.name_constraints.as_deref(),
-                                )
-                            },
-                        ));
+                        root_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
                    }
                    TlsConnector::from(std::sync::Arc::new(
                        ClientConfig::builder()
-                            .with_safe_defaults()
                            .with_root_certificates(root_store)
                            .with_no_client_auth(),
                    ))
                };
-                let domain = ServerName::try_from(domain.as_str())
+                let domain = ServerName::try_from(domain)
                    .map_err(|_| Error::Tls(TlsError::InvalidDnsName))?;
                connector.connect(domain, socket).await?
            };