Update `rustls` to 0.22
This commit is contained in:
parent
9f0af2a2e3
commit
bcd7f85e65
10
Cargo.toml
10
Cargo.toml
|
@ -24,7 +24,7 @@ native-tls = ["native-tls-crate"]
|
|||
native-tls-vendored = ["native-tls", "native-tls-crate/vendored"]
|
||||
rustls-tls-native-roots = ["__rustls-tls", "rustls-native-certs"]
|
||||
rustls-tls-webpki-roots = ["__rustls-tls", "webpki-roots"]
|
||||
__rustls-tls = ["rustls"]
|
||||
__rustls-tls = ["rustls", "rustls-pki-types"]
|
||||
|
||||
[dependencies]
|
||||
data-encoding = { version = "2", optional = true }
|
||||
|
@ -46,11 +46,15 @@ version = "0.2.3"
|
|||
|
||||
[dependencies.rustls]
|
||||
optional = true
|
||||
version = "0.21.6"
|
||||
version = "0.22.0"
|
||||
|
||||
[dependencies.rustls-pki-types]
|
||||
optional = true
|
||||
version = "1.0"
|
||||
|
||||
[dependencies.rustls-native-certs]
|
||||
optional = true
|
||||
version = "0.6.0"
|
||||
version = "0.7.0"
|
||||
|
||||
[dependencies.webpki-roots]
|
||||
optional = true
|
||||
|
|
25
src/tls.rs
25
src/tls.rs
|
@ -70,7 +70,8 @@ mod encryption {
|
|||
|
||||
#[cfg(feature = "__rustls-tls")]
|
||||
pub mod rustls {
|
||||
use rustls::{ClientConfig, ClientConnection, RootCertStore, ServerName, StreamOwned};
|
||||
use rustls::{ClientConfig, ClientConnection, RootCertStore, StreamOwned};
|
||||
use rustls_pki_types::ServerName;
|
||||
|
||||
use std::{
|
||||
convert::TryFrom,
|
||||
|
@ -105,36 +106,26 @@ mod encryption {
|
|||
#[cfg(feature = "rustls-tls-native-roots")]
|
||||
{
|
||||
let native_certs = rustls_native_certs::load_native_certs()?;
|
||||
let der_certs: Vec<Vec<u8>> =
|
||||
native_certs.into_iter().map(|cert| cert.0).collect();
|
||||
let total_number = der_certs.len();
|
||||
let total_number = native_certs.len();
|
||||
let (number_added, number_ignored) =
|
||||
root_store.add_parsable_certificates(&der_certs);
|
||||
root_store.add_parsable_certificates(native_certs);
|
||||
log::debug!("Added {number_added}/{total_number} native root certificates (ignored {number_ignored})");
|
||||
}
|
||||
#[cfg(feature = "rustls-tls-webpki-roots")]
|
||||
{
|
||||
root_store.add_trust_anchors(
|
||||
webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
|
||||
rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
|
||||
ta.subject.as_ref(),
|
||||
ta.subject_public_key_info.as_ref(),
|
||||
ta.name_constraints.as_deref(),
|
||||
)
|
||||
})
|
||||
);
|
||||
root_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
|
||||
}
|
||||
|
||||
Arc::new(
|
||||
ClientConfig::builder()
|
||||
.with_safe_defaults()
|
||||
.with_root_certificates(root_store)
|
||||
.with_no_client_auth(),
|
||||
)
|
||||
}
|
||||
};
|
||||
let domain =
|
||||
ServerName::try_from(domain).map_err(|_| TlsError::InvalidDnsName)?;
|
||||
let domain = ServerName::try_from(domain)
|
||||
.map_err(|_| TlsError::InvalidDnsName)?
|
||||
.to_owned();
|
||||
let client = ClientConnection::new(config, domain).map_err(TlsError::Rustls)?;
|
||||
let stream = StreamOwned::new(client, socket);
|
||||
|
||||
|
|
Loading…
Reference in New Issue