Use rustls-native-certs as the root store
This commit is contained in:
parent
1eff89bd32
commit
454e879d08
|
@ -9,18 +9,18 @@ repository = "https://github.com/InstantDomain/instant-epp"
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = ["rustls"]
|
default = ["rustls"]
|
||||||
rustls = ["tokio-rustls"]
|
rustls = ["tokio-rustls", "rustls-native-certs"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
async-trait = "0.1.52"
|
async-trait = "0.1.52"
|
||||||
celes = "2.1"
|
celes = "2.1"
|
||||||
chrono = { version = "0.4.23", features = ["serde"] }
|
chrono = { version = "0.4.23", features = ["serde"] }
|
||||||
instant-xml = { version = "0.3", features = ["chrono"] }
|
instant-xml = { version = "0.3", features = ["chrono"] }
|
||||||
|
rustls-native-certs = { version = "0.6.3", optional = true }
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
serde = { version = "1.0", features = ["derive"] }
|
||||||
tokio = { version = "1.0", features = ["io-util", "net", "time"] }
|
tokio = { version = "1.0", features = ["io-util", "net", "time"] }
|
||||||
tokio-rustls = { version = "0.24", optional = true }
|
tokio-rustls = { version = "0.24", optional = true }
|
||||||
tracing = "0.1.29"
|
tracing = "0.1.29"
|
||||||
webpki-roots = "0.24"
|
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
regex = "1.5"
|
regex = "1.5"
|
||||||
|
|
|
@ -221,7 +221,7 @@ mod rustls_connector {
|
||||||
use tokio::net::lookup_host;
|
use tokio::net::lookup_host;
|
||||||
use tokio::net::TcpStream;
|
use tokio::net::TcpStream;
|
||||||
use tokio_rustls::client::TlsStream;
|
use tokio_rustls::client::TlsStream;
|
||||||
use tokio_rustls::rustls::{ClientConfig, OwnedTrustAnchor, RootCertStore, ServerName};
|
use tokio_rustls::rustls::{ClientConfig, RootCertStore, ServerName};
|
||||||
use tokio_rustls::TlsConnector;
|
use tokio_rustls::TlsConnector;
|
||||||
use tracing::info;
|
use tracing::info;
|
||||||
|
|
||||||
|
@ -241,13 +241,13 @@ mod rustls_connector {
|
||||||
identity: Option<(Vec<Certificate>, PrivateKey)>,
|
identity: Option<(Vec<Certificate>, PrivateKey)>,
|
||||||
) -> Result<Self, Error> {
|
) -> Result<Self, Error> {
|
||||||
let mut roots = RootCertStore::empty();
|
let mut roots = RootCertStore::empty();
|
||||||
roots.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
|
for cert in rustls_native_certs::load_native_certs()? {
|
||||||
OwnedTrustAnchor::from_subject_spki_name_constraints(
|
roots
|
||||||
ta.subject,
|
.add(&tokio_rustls::rustls::Certificate(cert.0))
|
||||||
ta.spki,
|
.map_err(|err| {
|
||||||
ta.name_constraints,
|
Box::new(err) as Box<dyn std::error::Error + Send + Sync + 'static>
|
||||||
)
|
})?;
|
||||||
}));
|
}
|
||||||
|
|
||||||
let builder = ClientConfig::builder()
|
let builder = ClientConfig::builder()
|
||||||
.with_safe_defaults()
|
.with_safe_defaults()
|
||||||
|
|
Loading…
Reference in New Issue