Skip to content

Commit

Permalink
remove rustls-native-certs
Browse files Browse the repository at this point in the history
  • Loading branch information
@f1shl3gs
f1shl3gs committed Jul 14, 2024
1 parent d594013 commit 7abcedd
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 37 deletions.
1 change: 0 additions & 1 deletion Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions lib/framework/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ http = { version = "1.1.0", default-features = false }
http-body-util = { version = "0.1.2", default-features = false }
hyper = { version = "1.4.1", default-features = false, features = ["full"] }
hyper-rustls = { version = "0.27.2", default-features = false }
hyper-util = { version = "0.1.6", default-features = false, features = ["client"] }
hyper-util = { version = "0.1.6", default-features = false, features = ["client", "http1", "http2"] }
indexmap = { version = "2.2.6", default-features = false, features = ["serde"] }
inventory = { version = "0.3.15", default-features = false }
ipnet = { version = "2.9.0", default-features = false, features = ["std"] }
Expand All @@ -66,7 +66,6 @@ pin-project-lite = { version = "0.2.14", default-features = false }
pkcs8 = { version = "0.10.2", default-features = false, features = ["pkcs5", "std", "encryption"] }
regex = { version = "1.10.5", default-features = false }
rustls = { version = "0.23.11", default-features = false }
rustls-native-certs = { version = "0.7.1", default-features = false }
smallvec = { version = "1.13.2", default-features = false }
serde = { version = "1.0.204", default-features = false, features = ["derive", "std"] }
serde_json = { version = "1.0.120", default-features = false }
Expand Down
20 changes: 6 additions & 14 deletions lib/framework/src/http/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,13 @@ use http::header::{
use http::{header::HeaderValue, request::Builder, uri::InvalidUri, HeaderMap, Request};
use http_body_util::Full;
use hyper::body::{Body, Incoming};
use hyper_rustls::HttpsConnector;
use hyper_rustls::{ConfigBuilderExt, HttpsConnector};
use hyper_util::client::legacy::connect::HttpConnector;
use hyper_util::client::legacy::Client;
use hyper_util::rt::TokioExecutor;
use metrics::{exponential_buckets, Attributes};
use proxy::ProxyConnector;
use rustls::{ClientConfig, RootCertStore};
use rustls::ClientConfig;
use serde::{Deserialize, Serialize};
use thiserror::Error;
use tracing_futures::Instrument;
Expand Down Expand Up @@ -99,18 +99,10 @@ where

let config = match tls_config {
Some(config) => config.client_config()?,
None => {
let certs =
rustls_native_certs::load_native_certs().map_err(TlsError::NativeCerts)?;
let mut store = RootCertStore::empty();
for cert in certs {
store.add(cert).map_err(TlsError::AddCertToStore)?;
}

ClientConfig::builder()
.with_root_certificates(store)
.with_no_client_auth()
}
None => ClientConfig::builder()
.with_native_roots()
.map_err(TlsError::NativeCerts)?
.with_no_client_auth(),
};

let https = hyper_rustls::HttpsConnector::from((http, config));
Expand Down
14 changes: 3 additions & 11 deletions lib/framework/src/http/proxy/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,11 @@ use configurable::{Configurable, GenerateError};
use futures_util::TryFutureExt;
use http::{HeaderMap, Uri};
use hyper::rt::{Read, Write};
use hyper_rustls::ConfigBuilderExt;
use hyper_util::rt::TokioIo;
use ipnet::IpNet;
use rustls::pki_types::ServerName;
use rustls::{ClientConfig, RootCertStore};
use rustls::ClientConfig;
use serde::de::{SeqAccess, Visitor};
use serde::ser::SerializeSeq;
use serde::{Deserialize, Deserializer, Serialize, Serializer};
Expand Down Expand Up @@ -336,17 +337,8 @@ pub struct ProxyConnector<C> {
impl<C> ProxyConnector<C> {
/// Create a new secured Proxies
pub fn new(connector: C) -> Result<Self, Error> {
let certs = rustls_native_certs::load_native_certs()
.map_err(|err| Error::new(ErrorKind::InvalidData, err))?;
let mut store = RootCertStore::empty();
for cert in certs {
store
.add(cert)
.map_err(|err| Error::new(ErrorKind::InvalidData, err))?;
}

let config = ClientConfig::builder()
.with_root_certificates(store)
.with_native_roots()?
.with_no_client_auth();

Ok(ProxyConnector {
Expand Down
18 changes: 9 additions & 9 deletions lib/framework/src/tls/settings.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ use std::sync::Arc;
use std::{fs, io};

use configurable::Configurable;
use hyper_rustls::ConfigBuilderExt;
use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime};
use rustls::server::WebPkiClientVerifier;
Expand Down Expand Up @@ -85,20 +86,19 @@ impl TlsConfig {
}

pub fn client_config(&self) -> Result<ClientConfig, TlsError> {
let mut root_store = RootCertStore::empty();
let certs = rustls_native_certs::load_native_certs().map_err(TlsError::NativeCerts)?;
for cert in certs {
root_store.add(cert).map_err(TlsError::AddCertToStore)?;
}

if let Some(ca_file) = &self.ca {
let builder = if let Some(ca_file) = &self.ca {
let mut root_store = RootCertStore::empty();
let certs = load_certs(ca_file)?;
for cert in certs {
root_store.add(cert).map_err(TlsError::AddCertToStore)?;
}
}

let builder = ClientConfig::builder().with_root_certificates(root_store);
ClientConfig::builder().with_root_certificates(root_store)
} else {
ClientConfig::builder()
.with_native_roots()
.map_err(TlsError::NativeCerts)?
};

let mut config = match (&self.cert, &self.key) {
(Some(cert_file), Some(key_file)) => {
Expand Down

0 comments on commit 7abcedd

Please sign in to comment.