Use rustls-native-certs as the root store

This commit is contained in:
Dirkjan Ochtman 2023-07-31 16:44:03 +02:00
parent 1eff89bd32
commit 454e879d08
2 changed files with 10 additions and 10 deletions

View File

@ -9,18 +9,18 @@ repository = "https://github.com/InstantDomain/instant-epp"
[features] [features]
default = ["rustls"] default = ["rustls"]
rustls = ["tokio-rustls"] rustls = ["tokio-rustls", "rustls-native-certs"]
[dependencies] [dependencies]
async-trait = "0.1.52" async-trait = "0.1.52"
celes = "2.1" celes = "2.1"
chrono = { version = "0.4.23", features = ["serde"] } chrono = { version = "0.4.23", features = ["serde"] }
instant-xml = { version = "0.3", features = ["chrono"] } instant-xml = { version = "0.3", features = ["chrono"] }
rustls-native-certs = { version = "0.6.3", optional = true }
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }
tokio = { version = "1.0", features = ["io-util", "net", "time"] } tokio = { version = "1.0", features = ["io-util", "net", "time"] }
tokio-rustls = { version = "0.24", optional = true } tokio-rustls = { version = "0.24", optional = true }
tracing = "0.1.29" tracing = "0.1.29"
webpki-roots = "0.24"
[dev-dependencies] [dev-dependencies]
regex = "1.5" regex = "1.5"

View File

@ -221,7 +221,7 @@ mod rustls_connector {
use tokio::net::lookup_host; use tokio::net::lookup_host;
use tokio::net::TcpStream; use tokio::net::TcpStream;
use tokio_rustls::client::TlsStream; use tokio_rustls::client::TlsStream;
use tokio_rustls::rustls::{ClientConfig, OwnedTrustAnchor, RootCertStore, ServerName}; use tokio_rustls::rustls::{ClientConfig, RootCertStore, ServerName};
use tokio_rustls::TlsConnector; use tokio_rustls::TlsConnector;
use tracing::info; use tracing::info;
@ -241,13 +241,13 @@ mod rustls_connector {
identity: Option<(Vec<Certificate>, PrivateKey)>, identity: Option<(Vec<Certificate>, PrivateKey)>,
) -> Result<Self, Error> { ) -> Result<Self, Error> {
let mut roots = RootCertStore::empty(); let mut roots = RootCertStore::empty();
roots.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| { for cert in rustls_native_certs::load_native_certs()? {
OwnedTrustAnchor::from_subject_spki_name_constraints( roots
ta.subject, .add(&tokio_rustls::rustls::Certificate(cert.0))
ta.spki, .map_err(|err| {
ta.name_constraints, Box::new(err) as Box<dyn std::error::Error + Send + Sync + 'static>
) })?;
})); }
let builder = ClientConfig::builder() let builder = ClientConfig::builder()
.with_safe_defaults() .with_safe_defaults()