Skip to content

Commit

Permalink
Update rustls-native-certs
Browse files Browse the repository at this point in the history
- Cache certs
  • Loading branch information
hatoo committed Sep 28, 2024
1 parent 86dc4ea commit 0d55345
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 8 deletions.
4 changes: 2 additions & 2 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ native-tls = { version = "0.2.12", features = ["alpn"], optional = true }
tokio-native-tls = { version = "0.3.1", optional = true }

rustls = { version = "0.23.11", optional = true }
rustls-native-certs = { version = "0.7.1", optional = true }
rustls-native-certs = { version = "0.8.0", optional = true }
tokio-rustls = { version = "0.26.0", optional = true }
rustls-pki-types = { version = "1.7.0", optional = true }

Expand Down
8 changes: 3 additions & 5 deletions src/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,8 @@ pub struct Client {
pub unix_socket: Option<std::path::PathBuf>,
#[cfg(feature = "vsock")]
pub vsock_addr: Option<tokio_vsock::VsockAddr>,
#[cfg(feature = "rustls")]
pub root_cert_store: Arc<rustls::RootCertStore>,
}

struct ClientStateHttp1 {
Expand Down Expand Up @@ -411,12 +413,8 @@ impl Client {
let stream = tokio::net::TcpStream::connect(addr).await?;
stream.set_nodelay(true)?;

let mut root_cert_store = rustls::RootCertStore::empty();
for cert in rustls_native_certs::load_native_certs()? {
root_cert_store.add(cert).ok(); // ignore error
}
let mut config = rustls::ClientConfig::builder()
.with_root_certificates(root_cert_store)
.with_root_certificates(self.root_cert_store.clone())
.with_no_client_auth();
if self.insecure {
config
Expand Down
11 changes: 11 additions & 0 deletions src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -469,6 +469,17 @@ async fn main() -> anyhow::Result<()> {
unix_socket: opts.unix_socket,
#[cfg(feature = "vsock")]
vsock_addr: opts.vsock_addr.map(|v| v.0),
#[cfg(feature = "rustls")]
// Cache rustls_native_certs::load_native_certs() because it's expensive.
root_cert_store: {
let mut root_cert_store = rustls::RootCertStore::empty();
for cert in
rustls_native_certs::load_native_certs().expect("could not load platform certs")
{
root_cert_store.add(cert).unwrap();
}
std::sync::Arc::new(root_cert_store)
},
};

if !opts.no_pre_lookup {
Expand Down

0 comments on commit 0d55345

Please sign in to comment.