Upgrade to rustls 0.20 / tungstenite 0.16

Based on tokio-tungstenite PR:
  https://github.com/snapview/tokio-tungstenite/pull/198

Co-authored-by: Sebastian Dröge <sebastian@centricular.com>
pull/100/head
Dominik Nakamura 3 years ago committed by Sebastian Dröge
parent 2cc6125411
commit 64f60d8d33
  1. 10
      Cargo.toml
  2. 44
      src/tokio/rustls.rs

@ -8,7 +8,7 @@ license = "MIT"
homepage = "https://github.com/sdroege/async-tungstenite" homepage = "https://github.com/sdroege/async-tungstenite"
repository = "https://github.com/sdroege/async-tungstenite" repository = "https://github.com/sdroege/async-tungstenite"
documentation = "https://docs.rs/async-tungstenite" documentation = "https://docs.rs/async-tungstenite"
version = "0.15.0" version = "0.16.0"
edition = "2018" edition = "2018"
readme = "README.md" readme = "README.md"
include = ["examples/**/*", "src/**/*", "LICENSE", "README.md", "CHANGELOG.md"] include = ["examples/**/*", "src/**/*", "LICENSE", "README.md", "CHANGELOG.md"]
@ -36,7 +36,7 @@ futures-io = { version = "0.3", default-features = false, features = ["std"] }
pin-project-lite = "0.2" pin-project-lite = "0.2"
[dependencies.tungstenite] [dependencies.tungstenite]
version = "0.15.0" version = "0.16.0"
default-features = false default-features = false
[dependencies.async-std] [dependencies.async-std]
@ -79,16 +79,16 @@ package = "tokio-native-tls"
[dependencies.real-tokio-rustls] [dependencies.real-tokio-rustls]
optional = true optional = true
version = "^0.22" version = "0.23"
package = "tokio-rustls" package = "tokio-rustls"
[dependencies.rustls-native-certs] [dependencies.rustls-native-certs]
optional = true optional = true
version = "0.5" version = "0.6"
[dependencies.webpki-roots] [dependencies.webpki-roots]
optional = true optional = true
version = "0.21" version = "0.22"
[dependencies.gio] [dependencies.gio]
optional = true optional = true

@ -1,12 +1,14 @@
use real_tokio_rustls::rustls::ClientConfig; use real_tokio_rustls::rustls::{ClientConfig, RootCertStore, ServerName};
use real_tokio_rustls::webpki::DNSNameRef;
use real_tokio_rustls::{client::TlsStream, TlsConnector}; use real_tokio_rustls::{client::TlsStream, TlsConnector};
use tungstenite::client::{uri_mode, IntoClientRequest}; use tungstenite::client::{uri_mode, IntoClientRequest};
use tungstenite::error::TlsError;
use tungstenite::handshake::client::Request; use tungstenite::handshake::client::Request;
use tungstenite::stream::Mode; use tungstenite::stream::Mode;
use tungstenite::Error; use tungstenite::Error;
use std::convert::TryFrom;
use crate::stream::Stream as StreamSwitcher; use crate::stream::Stream as StreamSwitcher;
use crate::{client_async_with_config, domain, Response, WebSocketConfig, WebSocketStream}; use crate::{client_async_with_config, domain, Response, WebSocketConfig, WebSocketStream};
@ -35,23 +37,43 @@ where
let connector = if let Some(connector) = connector { let connector = if let Some(connector) = connector {
connector connector
} else { } else {
let mut config = ClientConfig::new(); let mut root_store = RootCertStore::empty();
#[cfg(feature = "tokio-rustls-native-certs")] #[cfg(feature = "tokio-rustls-native-certs")]
{ {
config.root_store = use real_tokio_rustls::rustls::Certificate;
rustls_native_certs::load_native_certs().map_err(|(_, err)| err)?;
for cert in rustls_native_certs::load_native_certs()? {
root_store
.add(&Certificate(cert.0))
.map_err(TlsError::Webpki)?;
}
} }
#[cfg(all( #[cfg(all(
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
not(feature = "tokio-rustls-native-certs") not(feature = "tokio-rustls-native-certs")
))] ))]
config {
.root_store use real_tokio_rustls::rustls::OwnedTrustAnchor;
.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
TlsConnector::from(std::sync::Arc::new(config)) root_store.add_server_trust_anchors(
webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
OwnedTrustAnchor::from_subject_spki_name_constraints(
ta.subject,
ta.spki,
ta.name_constraints,
)
}),
);
}
TlsConnector::from(std::sync::Arc::new(
ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(root_store)
.with_no_client_auth(),
))
}; };
let domain = DNSNameRef::try_from_ascii_str(&domain) let domain = ServerName::try_from(domain.as_str())
.map_err(|err| Error::Tls(err.into()))?; .map_err(|_| Error::Tls(TlsError::InvalidDnsName))?;
connector.connect(domain, socket).await? connector.connect(domain, socket).await?
}; };
Ok(StreamSwitcher::Tls(TokioAdapter::new(stream))) Ok(StreamSwitcher::Tls(TokioAdapter::new(stream)))

Loading…
Cancel
Save