instant-labs
/
instant-epp
mirror of https://github.com/instant-labs/instant-epp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use rustls-platform-verifier instead of rustls-native-certs

This commit is contained in:
Dirkjan Ochtman 2024-10-25 10:11:29 +02:00
parent 492ac1c808
commit 25cc0a7c1a
3 changed files with 9 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Cargo.toml
View File

@ -9,8 +9,8 @@ repository = "https://github.com/instant-labs/instant-epp"
[features]
default = ["rustls-aws-lc-rs"]
rustls-aws-lc-rs = ["dep:tokio-rustls", "tokio-rustls/aws-lc-rs", "dep:rustls-native-certs"]
rustls-ring = ["dep:tokio-rustls", "tokio-rustls/ring", "dep:rustls-native-certs"]
rustls-aws-lc-rs = ["dep:tokio-rustls", "tokio-rustls/aws-lc-rs", "dep:rustls-platform-verifier"]
rustls-ring = ["dep:tokio-rustls", "tokio-rustls/ring", "dep:rustls-platform-verifier"]
__rustls = []
[dependencies]
@ -18,7 +18,7 @@ async-trait = "0.1.52"
celes = "2.1"
chrono = { version = "0.4.23", features = ["serde"] }
instant-xml = { version = "0.5", features = ["chrono"] }
rustls-native-certs = { version = "0.8", optional = true }
rustls-platform-verifier = { version = "0.3", optional = true }
serde = { version = "1.0", features = ["derive"] }
tokio = { version = "1.0", features = ["io-util", "net", "time"] }
tokio-rustls = { version = "0.26", optional = true, default-features = false, features = ["logging", "tls12"] }

1
deny.toml
View File

@ -4,6 +4,7 @@ allow = [
"BSD-3-Clause",
"ISC",
"MIT",
"MPL-2.0",
"OpenSSL",
"Unicode-DFS-2016",
]

19
src/client.rs
View File

@ -215,12 +215,12 @@ mod rustls_connector {
use std::time::Duration;
use async_trait::async_trait;
use rustls_native_certs::CertificateResult;
use rustls_platform_verifier::Verifier;
use tokio::net::lookup_host;
use tokio::net::TcpStream;
use tokio_rustls::client::TlsStream;
use tokio_rustls::rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName};
use tokio_rustls::rustls::{ClientConfig, RootCertStore};
use tokio_rustls::rustls::ClientConfig;
use tokio_rustls::TlsConnector;
use tracing::info;
@ -238,19 +238,10 @@ mod rustls_connector {
server: (String, u16),
identity: Option<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>)>,
) -> Result<Self, Error> {
let mut roots = RootCertStore::empty();
let CertificateResult {
certs, mut errors, ..
} = rustls_native_certs::load_native_certs();
if let Some(err) = errors.pop() {
return Err(Error::Other(err.into()));
}
let builder = ClientConfig::builder()
.dangerous()
.with_custom_certificate_verifier(Arc::new(Verifier::new()));
for cert in certs {
roots.add(cert).map_err(|err| Error::Other(err.into()))?;
}
let builder = ClientConfig::builder().with_root_certificates(roots);
let config = match identity {
Some((certs, key)) => builder
.with_client_auth_cert(certs, key)