From d78252c2caffb5d454b81b7f64cb137dd048b557 Mon Sep 17 00:00:00 2001
From: Tomasz Pietrek <tomasz@nats.io>
Date: Mon, 10 Jul 2023 22:09:37 +0200
Subject: [PATCH] Depend directly on rustls

Until now, we did depend on tokio-rustls re-export
of rustls.
Re-export is ^0.21.0, so patch releases are allowed.

However, as rustls released 0.21.4, it introduced
a breaking change in patch release, breaking the async-nats
client build.

To avoid that in the future, we do not use re-export, but bind
directly to rustls explicit version.

When rustls reaches 1.0.0, we can reconsider binding to ^1.0.0.

Signed-off-by: Tomasz Pietrek <tomasz@nats.io>
---
 async-nats/Cargo.toml | 1 +
 async-nats/src/tls.rs | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/async-nats/Cargo.toml b/async-nats/Cargo.toml
index c3715ade3..3cc3f8bca 100644
--- a/async-nats/Cargo.toml
+++ b/async-nats/Cargo.toml
@@ -28,6 +28,7 @@ tokio = { version = "1.25.0", features = ["macros", "rt", "fs", "net", "sync", "
 itoa = "1"
 url = { version = "2"}
 tokio-rustls = "0.24"
+rustls = "0.21.5"
 rustls-pemfile = "1.0.2"
 nuid = "0.3.2"
 serde_nanos = "0.1.3"
diff --git a/async-nats/src/tls.rs b/async-nats/src/tls.rs
index 6ada7dfd2..b73a7d255 100644
--- a/async-nats/src/tls.rs
+++ b/async-nats/src/tls.rs
@@ -13,10 +13,10 @@
 
 use crate::connector::ConnectorOptions;
 use crate::tls;
+use rustls::{self, Certificate, OwnedTrustAnchor, PrivateKey};
 use std::fs::File;
 use std::io::{self, BufReader, ErrorKind};
 use std::path::PathBuf;
-use tokio_rustls::rustls::{self, Certificate, OwnedTrustAnchor, PrivateKey};
 use webpki::TrustAnchor;
 
 /// Loads client certificates from a `.pem` file.
@@ -63,7 +63,7 @@ pub(crate) async fn load_key(path: PathBuf) -> io::Result<PrivateKey> {
 }
 
 pub(crate) async fn config_tls(options: &ConnectorOptions) -> io::Result<rustls::ClientConfig> {
-    let mut root_store = tokio_rustls::rustls::RootCertStore::empty();
+    let mut root_store = rustls::RootCertStore::empty();
     // load native system certs only if user did not specify them.
     if options.tls_client_config.is_some() || options.certificates.is_empty() {
         root_store.add_parsable_certificates(