From 101f2c20e388a4ff5cf0db1a484bf47ca6cb3702 Mon Sep 17 00:00:00 2001 From: Constantin Nickel Date: Thu, 7 Dec 2023 08:17:44 +0100 Subject: [PATCH 1/3] Update `tungstenite` to 0.21 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 103dea3..f3fe692 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -41,7 +41,7 @@ futures-io = { version = "0.3", default-features = false, features = ["std"] } pin-project-lite = "0.2" [dependencies.tungstenite] -version = "0.20" +version = "0.21" default-features = false [dependencies.async-std] From f154bdadec0a8223bb6900d54626c19080d80d02 Mon Sep 17 00:00:00 2001 From: Constantin Nickel Date: Thu, 7 Dec 2023 08:18:36 +0100 Subject: [PATCH 2/3] Update `webpki-roots` to 0.26 --- Cargo.toml | 2 +- src/tokio/rustls.rs | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index f3fe692..3c0cfec 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -93,7 +93,7 @@ version = "0.6" [dependencies.webpki-roots] optional = true -version = "0.25" +version = "0.26" [dependencies.gio] optional = true diff --git a/src/tokio/rustls.rs b/src/tokio/rustls.rs index 25ea323..788ff91 100644 --- a/src/tokio/rustls.rs +++ b/src/tokio/rustls.rs @@ -66,9 +66,9 @@ where root_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map( |ta| { OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject, - ta.spki, - ta.name_constraints, + ta.subject.as_ref(), + ta.subject_public_key_info.as_ref(), + ta.name_constraints.as_deref(), ) }, )); From 6bba7b5892354c541f3bd0b315781390f5f0d8fa Mon Sep 17 00:00:00 2001 From: Constantin Nickel Date: Thu, 7 Dec 2023 08:27:24 +0100 Subject: [PATCH 3/3] Update `tokio-rustls` to 0.25 and `rustls-native-certs` to 0.7 --- Cargo.toml | 10 +++++++--- src/tokio/rustls.rs | 24 ++++++------------------ 2 files changed, 13 insertions(+), 21 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 3c0cfec..976077b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -29,7 +29,7 @@ tokio-rustls-native-certs = ["__rustls-tls", "rustls-native-certs"] tokio-openssl = ["tokio-runtime", "real-tokio-openssl", "openssl"] verbose-logging = [] -__rustls-tls = ["tokio-runtime", "real-tokio-rustls", "tungstenite/__rustls-tls"] +__rustls-tls = ["tokio-runtime", "real-tokio-rustls", "rustls-pki-types", "tungstenite/__rustls-tls"] [package.metadata.docs.rs] features = ["async-std-runtime", "tokio-runtime", "gio-runtime", "async-tls", "async-native-tls", "tokio-native-tls"] @@ -84,12 +84,16 @@ package = "tokio-native-tls" [dependencies.real-tokio-rustls] optional = true -version = "0.24" +version = "0.25" package = "tokio-rustls" +[dependencies.rustls-pki-types] +optional = true +version = "1.0.1" + [dependencies.rustls-native-certs] optional = true -version = "0.6" +version = "0.7" [dependencies.webpki-roots] optional = true diff --git a/src/tokio/rustls.rs b/src/tokio/rustls.rs index 788ff91..ada70cb 100644 --- a/src/tokio/rustls.rs +++ b/src/tokio/rustls.rs @@ -1,5 +1,6 @@ -use real_tokio_rustls::rustls::{ClientConfig, RootCertStore, ServerName}; +use real_tokio_rustls::rustls::{ClientConfig, RootCertStore}; use real_tokio_rustls::{client::TlsStream, TlsConnector}; +use rustls_pki_types::ServerName; use tungstenite::client::{uri_mode, IntoClientRequest}; use tungstenite::error::TlsError; @@ -48,11 +49,9 @@ where #[cfg(feature = "tokio-rustls-native-certs")] { let native_certs = rustls_native_certs::load_native_certs()?; - let der_certs: Vec> = - native_certs.into_iter().map(|cert| cert.0).collect(); - let total_number = der_certs.len(); + let total_number = native_certs.len(); let (number_added, number_ignored) = - root_store.add_parsable_certificates(&der_certs); + root_store.add_parsable_certificates(native_certs); log::debug!("Added {number_added}/{total_number} native root certificates (ignored {number_ignored})"); } #[cfg(all( @@ -61,26 +60,15 @@ where not(feature = "tokio-rustls-manual-roots") ))] { - use real_tokio_rustls::rustls::OwnedTrustAnchor; - - root_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map( - |ta| { - OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject.as_ref(), - ta.subject_public_key_info.as_ref(), - ta.name_constraints.as_deref(), - ) - }, - )); + root_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned()); } TlsConnector::from(std::sync::Arc::new( ClientConfig::builder() - .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(), )) }; - let domain = ServerName::try_from(domain.as_str()) + let domain = ServerName::try_from(domain) .map_err(|_| Error::Tls(TlsError::InvalidDnsName))?; connector.connect(domain, socket).await? };