Skip to content

Commit

Permalink
rustls: use WebPKI roots on Android & iOS
Browse files Browse the repository at this point in the history
Signed-off-by: Elias Wilken <[email protected]>
  • Loading branch information
ewilken committed Oct 24, 2023
1 parent c3fbe25 commit 43733bd
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
2 changes: 1 addition & 1 deletion kube-client/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ kube-core = { path = "../kube-core", version = "=0.86.0" }
jsonpath_lib = { version = "0.3.0", optional = true }
tokio-util = { version = "0.7.0", optional = true, features = ["io", "codec"] }
hyper = { version = "0.14.13", optional = true, features = ["client", "http1", "stream", "tcp"] }
hyper-rustls = { version = "0.24.0", optional = true }
hyper-rustls = { version = "0.24.0", optional = true, features = ["webpki-roots"] }
tokio-tungstenite = { version = "0.20.0", optional = true }
tower = { version = "0.4.13", optional = true, features = ["buffer", "filter", "util"] }
tower-http = { version = "0.4.0", optional = true, features = ["auth", "map-response-body", "trace"] }
Expand Down
6 changes: 5 additions & 1 deletion kube-client/src/client/tls.rs
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,11 @@ pub mod rustls_tls {
.with_safe_defaults()
.with_root_certificates(root_store(certs)?)
} else {
ClientConfig::builder().with_safe_defaults().with_native_roots()
if cfg!(target_os = "android") || cfg!(target_os = "ios") {
ClientConfig::builder().with_safe_defaults().with_webpki_roots()

Check warning on line 52 in kube-client/src/client/tls.rs

View check run for this annotation

Codecov / codecov/patch

kube-client/src/client/tls.rs#L51-L52

Added lines #L51 - L52 were not covered by tests
} else {
ClientConfig::builder().with_safe_defaults().with_native_roots()

Check warning on line 54 in kube-client/src/client/tls.rs

View check run for this annotation

Codecov / codecov/patch

kube-client/src/client/tls.rs#L54

Added line #L54 was not covered by tests
}
};

let mut client_config = if let Some((chain, pkey)) = identity_pem.map(client_auth).transpose()? {
Expand Down

0 comments on commit 43733bd

Please sign in to comment.